Provision of app.telemetry Information on G7 Appliances via SNMPv3

Operations

Copyright ©

Mindbreeze GmbH, A-4020 Linz, 2018.

All rights reserved. All hardware and software names used are brand names and/or trademarks of their respective manufacturers.

These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes, or any other protected rights. The dissemination, publication, or reproduction hereof is prohibited.

For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.

IntroductionPermanent link for this heading

App.telemetry status information via SNMPv3 is only available on G7 appliances.

For security reasons, SNMP v2c or v1 is only available locally on the appliance.

In addition, SNMPv3 is only allowed with defined users.

Firewall activationPermanent link for this heading

The SNMP port is not enabled by default in the firewall.

The following lines have to be entered into /var/data/iptables.sh in lines 3 and 4 of the host:

iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -s <trusted source> -p tcp -m tcp --dport 161 -j DOCKER

iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -s <trusted source> -p udp -m udp --dport 161 -j DOCKER

Restart the appliance to apply the rules.

The firewall rules must be adjusted again after an update. In this case, the Update Service automatically creates a backup.

Creating SNMPv3 usersPermanent link for this heading

To create SNMPv3 users, the following commands must be executed within the inspire container:

systemctl stop snmpd

echo createUser <username> <hash_algo> "<auth_password>" <encryption_algo> "<encryption_pass>" >> /var/lib/net-snmp/snmpd.conf

echo "rouser <username>" >> /config/snmpd/snmpusers.conf

systemctl start snmpd

Parameters:

username: User name

hash_algo: MD5 or SHA

auth_password: Password for authentication

encryption_algo: DES or AES

encryption_pass: Encryption password

Example:

systemctl stop snmpd

echo createUser v3user SHA "mindbreeze" AES mindbreeze >> /var/lib/net-snmp/snmpd.conf

echo "rouser v3user" >> /config/snmpd/snmpusers.conf

systemctl start snmpd

The changes are persistent even across updates.

Querying app.telemetry informationPermanent link for this heading

The app.telemetry information is available under the following OID:

iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) fabasoft(17100) apptelemetry(2)

TestPermanent link for this heading

To test the setup, all SNMP values can be queried via snmpwalk:

snmpwalk -v3 -a SHA -A mindbreeze -x AES -X mindbreeze -u v3user -l authPriv inspireappliance.domain .1.3.6.1.4.1.17100.2

Attachment: MIBsPermanent link for this heading

Fabasoft app.telemetry base MIBPermanent link for this heading

--==========================================================================

--  Copyright (c) Fabasoft R&D GmbH, A-4020 Linz, 1988-2018.

--

-- The user of the computer program acknowledges that the above copyright notice

-- within the meaning as defined by the World Copyright Convention

-- shall remain affixed in the location in the computer program's operation as

-- determined by the author in order to sufficiently reflect

-- the claim of copyright. This copyright notice may not be removed, changed,

-- or relocated by the customer, user, and/or third parties.

--==========================================================================

FABASOFT-MAIN-MIB DEFINITIONS ::=

BEGIN

  IMPORTS

    MODULE-IDENTITY,

    enterprises         FROM SNMPv2-SMI;

  fabasoft MODULE-IDENTITY

    LAST-UPDATED "200706211000Z"

    ORGANIZATION "Fabasoft R&D GmbH"

    CONTACT-INFO

      "Fabasoft R&D GmbH

       Postal: Honauerstrasse 4

               4020 Linz

               AUSTRIA

       Tel: +43 732 606162

       Fax: +43 732 606162 609

       E-mail: support@fabasoft.com"

     DESCRIPTION

       "The structure of management information for the Fabasoft enterprise."

     ::= { enterprises 17100 }

    -- assigned by IANA (1.3.6.1.4.1.17100)

    -- enterprise number 17100 (so whole number is 1.3.6.1.4.1.17100)

    -- iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) fabasoft(17100)

    components OBJECT IDENTIFIER ::= { fabasoft 1 }

    server OBJECT IDENTIFIER ::= { components 1 }

END

Fabasoft app.telemery MIBPermanent link for this heading

-- =========================================================================

-- Copyright (c) Fabasoft R&D GmbH, A-4020 Linz, 1988-2018.

--

-- All rights reserved. All hardware and software names used are

-- brand names and/or trademarks of their respective manufacturers.

--

-- The user of the computer program acknowledges that the above copyright notice

-- within the meaning as defined by the World Copyright Convention

-- shall remain affixed in the location in the computer program's operation as

-- determined by the author in order to sufficiently reflect

-- the claim of copyright. This copyright notice may not be removed, changed,

-- or relocated by the customer, user, and/or third parties.

-- =========================================================================

FABASOFT-APPTELEMETRY-MIB DEFINITIONS ::=

BEGIN

  IMPORTS

    fabasoft                              FROM FABASOFT-MAIN-MIB

    OBJECT-TYPE, Integer32,

      MODULE-IDENTITY                     FROM SNMPv2-SMI

    TEXTUAL-CONVENTION, DisplayString     FROM SNMPv2-TC;

  apptelemetry MODULE-IDENTITY

    LAST-UPDATED "201602011000Z"

    ORGANIZATION "Fabasoft R&D GmbH"

    CONTACT-INFO

      "Fabasoft R&D GmbH

       Postal: Honauerstrasse 4

               4020 Linz

               AUSTRIA

       Tel: +43 732 606162

       Fax: +43 732 606162 609

       E-mail: support@fabasoft.com"

     DESCRIPTION

       "The structure of management information for the Fabasoft app.telemetry."

     ::= { fabasoft 2 }

    -- iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) fabasoft(17100) apptelemetry(2)

    -- <https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers>

  apmServer OBJECT IDENTIFIER ::= { apptelemetry 1 }

  apmStatus OBJECT IDENTIFIER ::= { apmServer 1 }

  

  apmStatusAgentTable OBJECT-TYPE

    SYNTAX      SEQUENCE OF ApmStatusAgentEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "This table contains status information for current app.telemetry agent connections."

    ::= { apmStatus 1 }

  apmStatusAgentEntry OBJECT-TYPE

    SYNTAX      ApmStatusAgentEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "A row describing a given agent."

    INDEX   { apmAgentId }

    ::= {apmStatusAgentTable 1 }

  ApmStatusAgentEntry ::= SEQUENCE {

    apmAgentId            Integer32,  

    apmAgentName          DisplayString,

    apmAgentStatus        ApmStatusAgentStatus

  }

ApmStatusAgentStatus ::= TEXTUAL-CONVENTION

    STATUS       current

    DESCRIPTION

            "Represents an app.telemetry agent status."

    SYNTAX       INTEGER { ok(0), warning(1), critical(2), unknown(3) }

apmAgentId OBJECT-TYPE

    SYNTAX      Integer32

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "Id of the agent configuration object."

    ::= { apmStatusAgentEntry 1 }

apmAgentName OBJECT-TYPE

    SYNTAX      DisplayString (SIZE (0..255))

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Name of the agent object."

    ::= { apmStatusAgentEntry 2 }

apmAgentStatus OBJECT-TYPE

    SYNTAX      ApmStatusAgentStatus

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Current status of the agent connection."

    ::= { apmStatusAgentEntry 3 }

-- ServiceGroup

apmStatusServiceGroupTable OBJECT-TYPE

    SYNTAX      SEQUENCE OF ApmStatusServiceGroupEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "This table contains status information for current service group status."

    ::= { apmStatus 2 }

apmStatusServiceGroupEntry OBJECT-TYPE

    SYNTAX      ApmStatusServiceGroupEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "A row describing a given agent."

    INDEX   { apmServiceGroupId }

    ::= {apmStatusServiceGroupTable 1 }

ApmStatusServiceGroupEntry ::= SEQUENCE {

    apmServiceGroupId            Integer32,

    apmServiceGroupName          DisplayString,

    apmServiceGroupStatus        ApmStatusServiceGroupStatus,

    apmServiceGroupParentId      Integer32

  }

ApmStatusServiceGroupStatus ::= TEXTUAL-CONVENTION

    STATUS       current

    DESCRIPTION

            "Represents an app.telemetry agent status."

    SYNTAX       INTEGER { ok(0), warning(1), critical(2), unknown(3) }

apmServiceGroupId OBJECT-TYPE

    SYNTAX      Integer32

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Id of the agent configuration object."

    ::= { apmStatusServiceGroupEntry 1 }

apmServiceGroupName OBJECT-TYPE

    SYNTAX      DisplayString (SIZE (0..255))

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Name of the agent object."

    ::= { apmStatusServiceGroupEntry 2 }

apmServiceGroupStatus OBJECT-TYPE

    SYNTAX      ApmStatusServiceGroupStatus

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Current status of the agent connection."

    ::= { apmStatusServiceGroupEntry 3 }

apmServiceGroupParentId OBJECT-TYPE

    SYNTAX      Integer32

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Id of the parent service group."

    ::= { apmStatusServiceGroupEntry 4 }

-- Service

apmStatusServiceTable OBJECT-TYPE

    SYNTAX      SEQUENCE OF ApmStatusServiceEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "This table contains status information for current service status."

    ::= { apmStatus 3 }

apmStatusServiceEntry OBJECT-TYPE

    SYNTAX      ApmStatusServiceEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "A row describing a given agent."

    INDEX   { apmServiceId }

    ::= {apmStatusServiceTable 1 }

ApmStatusServiceEntry ::= SEQUENCE {

    apmServiceId            Integer32,

    apmServiceName          DisplayString,

    apmServiceStatus        ApmStatusServiceStatus,

    apmServiceParentId      Integer32

  }

ApmStatusServiceStatus ::= TEXTUAL-CONVENTION

    STATUS       current

    DESCRIPTION

            "Represents an app.telemetry agent status."

    SYNTAX       INTEGER { ok(0), warning(1), critical(2), unknown(3) }

apmServiceId OBJECT-TYPE

    SYNTAX      Integer32

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Id of the agent configuration object."

    ::= { apmStatusServiceEntry 1 }

apmServiceName OBJECT-TYPE

    SYNTAX      DisplayString (SIZE (0..255))

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Name of the agent object."

    ::= { apmStatusServiceEntry 2 }

apmServiceStatus OBJECT-TYPE

    SYNTAX      ApmStatusServiceStatus

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Current status of the agent connection."

    ::= { apmStatusServiceEntry 3 }

apmServiceParentId OBJECT-TYPE

    SYNTAX      Integer32

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Id of the parent service group."

    ::= { apmStatusServiceEntry 4 }

-- ServiceCheck

apmStatusServiceCheckTable OBJECT-TYPE

    SYNTAX      SEQUENCE OF ApmStatusServiceCheckEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "This table contains status information for current service check status."

    ::= { apmStatus 4 }

apmStatusServiceCheckEntry OBJECT-TYPE

    SYNTAX      ApmStatusServiceCheckEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "A row describing a given agent."

    INDEX   { apmServiceCheckId }

    ::= {apmStatusServiceCheckTable 1 }

ApmStatusServiceCheckEntry ::= SEQUENCE {

    apmServiceCheckId            Integer32,

    apmServiceCheckName          DisplayString,

    apmServiceCheckStatus        ApmStatusServiceCheckStatus,

    apmServiceCheckParentId      Integer32

  }

ApmStatusServiceCheckStatus ::= TEXTUAL-CONVENTION

    STATUS       current

    DESCRIPTION

            "Represents an app.telemetry service check status."

    SYNTAX       INTEGER { ok(0), warning(1), critical(2), unknown(3) }

apmServiceCheckId OBJECT-TYPE

    SYNTAX      Integer32

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Id of the agent configuration object."

    ::= { apmStatusServiceCheckEntry 1 }

apmServiceCheckName OBJECT-TYPE

    SYNTAX      DisplayString (SIZE (0..255))

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Name of the agent object."

    ::= { apmStatusServiceCheckEntry 2 }

apmServiceCheckStatus OBJECT-TYPE

    SYNTAX      ApmStatusServiceCheckStatus

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Current status of the agent connection."

    ::= { apmStatusServiceCheckEntry 3 }

apmServiceCheckParentId OBJECT-TYPE

    SYNTAX      Integer32

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "Id of the parent service."

    ::= { apmStatusServiceCheckEntry 4 }

END