AutoNOC 2.5 User Guide
Preface
Acknowledgements
System Requirements
Legal
Part 1 - Introduction
1.1 The Ideal Difference
1.2 Automated Operations
1.3 Services & Scaler
1.4 Acquisition Stacks
1.5 Portal Deployment
1.6 Discovery and Crawler
1.7 Monitoring Agents
1.8 Recoiling Database
1.9 Multiple Languages
1.10 Security
Part 2 - NOC Views
2.1 Investigate
2.2 Observe
2.3 Visualize
2.4 Alarms
2.5 Analyze
2.6 Design
2.7 Configure
Part 3 - Model Design
3.1 Object Model
3.2 Devices
3.3 Sets
3.4 Set Criteria
3.5 Probes
3.6 Logs & Events
3.7 Alarms
3.8 Actions
3.9 Reports
3.10 Users
3.11 Polling
3.12 Service Levels
3.13 Dependencies
3.14 Performance
Part 4 - Developer Features
4.1 Adding SNMP MIBs
4.2 Variables
4.3 OSP API
4.4 Probe Template
4.5 Log Template
4.6 Device Template
4.7 Interface Template
4.8 Rebranding
Part 5 - Troubleshooting
5.1 General Issues
5.2 Linux
5.3 Windows
Appendix
A.1 OSP API Functions
A.2 Variables
A.3 Object Reference
1.7 Monitoring Agents
We have focused on leveraging existing management APIs and agent capabilities. A lot of AutoNOC's capability comes from SNMP agents but we support other protocol agents and have probes to tie into other services as well.

The Microsoft and Linux SNMP agents are services that run on a host workstation or server and provide information related to the state of the machine to network management solutions like AutoNOC 2.

1.7.1 AutoNOC Agent for Windows NT 4.0 / 2000 / XP / 2003+
As a general rule, it is very important that the latest service pack for any Microsoft OS be installed after installing any new Microsoft application. The service packs will often update files only in the case that certain other files are available. In our experience, this has been shown to especially be the case when doing performance monitoring (and specifically when monitoring Microsoft SQL Server).

This is the collection of information we have found related to this topic:

For Windows NT 4.0 monitoring, you must first install the PDH SDK, which can done by downloading and running PDHINST.EXE (218kb) which is a Microsoft redistributable.

The AutoNOC Agent for Windows enhances Windows to support reliable production syslog and perfmon monitoring. The agent includes overflow protection, a built-in mini-firewall, as well as plain text password authentication. The agent can be used with SNMP or as a substitute for it. The syslog client includes full error diagnostics and event description resolution.

Follow these steps to install the AutoNOC Agent on a remote host to be monitored:

  1. Download and Save AutoNOC Agent in Client Folder
    AutoNOC's Agent is a self installing, single component, stand alone executable. Download and save it in a folder of your choosing. A good recommended folder would be C:\Program Files\AutoNOC Agent but the software will run in any folder or directory.
     
  2. Install and AutoNOC Agent Service
    The next step is to install the service and start the AutoNOC Agent service on the client. This is done by using the command prompt, switch to the folder containing the agent and enter the following command:
     
       anagent -install
     
    This action will be performed silently and the AutoNOC Agent will now be installed on the machine (and accessible within the Windows Services section of control panel).
     
  3. Start AutoNOC Agent Service
    Wait a few moments for the installer to enable the AutoNOC Agent as a service and then enter the command below:
     
       net start "AutoNOC Agent"
     
    This command will launch the AutoNOC Agent on the local machine. If the server reboots, the agent will automatically start-up.
     
  4. Logon to Agent
    The AutoNOC Agent is a remotely managed agent. Manual changes to the agent settings are done via the telnet application. Note that the AutoNOC agent will not echo back the characters you send, so some telnet applications will not show you what you are typing. To logon to the agent enter the following command:
     
       telnet localip 32
     
    Fill in localip with the IP address (such as 192.168.1.3) of the client that has the agent installed on it. The 32 tells the telnet client to telnet to port 32 which is the port the agent runs on. The agent will display a greeting message something like the following:
     
       
     
  5. Logon with Default Password
    You can get help from the agent by entering the command HELP followed by enter. The help command will show you all of the available commands. The default password to the agent is public. To logon to the agent using the default password enter the following command:
     
       logon(public)

    Assuming the default password is active, then the agent will let you know that the logon was successful.
     
  6. Configure Firewall, Password, and Syslog Server
    The AutoNOC Agent includes a redundant security model including a firewall and password protection to help insure that only authorized users can get access to the agent. When logged into the these settings can be changed.
     
    Use the show command to see the current settings for the agent as follows:
     
       show
     
    The command will display the current password, firewall, and syslog settings for the agent. The AutoNOC Agent includes an application specific IP firewall to block invalid users from accessing the agent. To enable the agent's firewall (by default it is disabled) then enter a command like the following:
     
       firewall(192.168.1.*)
     
    This command will allow any user with an IP address beginning with 192.168.1.* to access the agent. Standard AutoNOC firewall rules are in effect for this feature. Typically only the manager portal needs access to the agent so a one IP address firewall might be a good idea.
     
    The agent also provides for password protection. The password can be set with a command like the following:
     
       password(mypassword)
     
    Specify your own password for the agent in substitute for mypassword. Lastly, the agent includes a built-in syslog client which takes Windows security, application, and system events and sends them to a syslog server, like the AutoNOC portal. To enable the syslog client, specify a command like the following:

       syslog(myserverip)
     
    The agent will point the syslog client to the specified syslog server. Windows events will be converted to syslog events and AutoNOC will fire them off to the master portal for archiving. This is a very valuable feature in the event hackers invade a machine. They will commonly clear all the system, application, and security logs before leaving in order to prevent any trace of their entrance being there. If the events are forwarded to a remote management portal, then it is impossible for them to clear the logs unless they also have access to the management portal. They may also not even be aware that the events are being forwarded.

That is all there is to it! When you next discover this device within AutoNOC, so long as the agent password variable for the device is the same for the agent, then AutoNOC will now be able to see the agent probes.

The AutoNOC agent also includes the ability to define a pre-configured file called nocagent.cfg. This file is a standard text file and should be stored in the same folder as the anagent.exe file. The file is very straight forward defining the primary settings for the agent. The following is an example file:

   Syslog=192.168.1.251
   Password=ournocpw
   Firewall=192.168.1.*

Please note that the variable names are case-sensitive in the current shipping code.

1.7.2 Microsoft SNMP Agent on Windows NT / 2000
As a general rule of thumb, you should install the SNMP Service first, then install all of your applications and servers first, and then install the latest service pack. This is currently true for all versions of Microsoft Windows.

Follow these steps to install the SNMP agent on Windows NT 4.0:

  1. Install the SNMP Service First
    To add SNMP under Windows NT, open the control panel, and run Network. Select the Services tab and make sure SNMP Service is listed. If it isn't, click on the Add button to add SNMP Service. You may be prompted to insert a Windows NT CD during this process.
     
  2. Turn on all Desired SNMP Service Types, Specify Trap and Security Settings
    Go to Network Properties by either right clicking on Network Neighborhood and clicking on Properties or by bringing up the Control Panel and clicking on Network Properties. Click on Services and then SNMP Services. Finally, click on the Agent tab and then select the service types you want from the five choices (Physical, Applications, Datalink/Subnet, Internet and End-to-end). Typically, all service types would be checked. Click on Traps and enter desired settings and finally click on Security and enter desired settings.
     
  3. Install Microsoft Applications to be Monitored
    The next step is to install all of the Microsoft applications you wish to monitor. Microsoft applications will extend the SNMP agent, when it is present, to support the application. This is done so that the application being installed SNMP agent will configure itself for the provided applications.
     
  4. (Optional) Add More Performance Counters to SNMP Agent
    A free SNMP agent extension has been made available called SNMP4tPC. In our tests, this free agent has worked well in making a number of new probes available to AutoNOC users. You can download this agent and find installation instructions at http://www.snmp4tpc.com/. The free version of the agent extension can also be downloaded using this link SNMP4NT.ZIP.
     
  5. Apply the Latest Windows NT Service Pack
    The original, off the CD SNMP agent has a severe Microsoft acknowledged memory leak in it. This memory leak is fixed when the latest service pack is installed. It is important to re-install the service pack after any changes to Microsoft applications or to the SNMP agent to fix this memory leak. More information about this memory leak is available in 5.3 - Windows.

Follow these steps to install the SNMP agent on Windows 2000:

  1. Install the SNMP Service First
    To add SNMP under Windows 2000, open the control panel, and run Add/Remove Programs. Select Add/ Remove Windows Components and then make sure Managing and Monitoring Tools is selected and checked. Click on Details and make sure SNMP is checked. Select OK to exit. You may be prompted to insert the Windows 2000 CD during this process.
     
  2. Turn on all Desired SNMP Service Types, Specify Trap and Security Settings
    Bring up the Control Panel and click on Administrative Tools. Click on Computer Management. Click on Services and Applications and then Services. Find and then click on SNMP Services. Finally, click on the Agent tab and then select the service types you want from the five choices (Physical, Applications, Datalink/Subnet, Internet and End-to-end). Typically, all service types would be checked. Click on Traps and enter desired settings and finally click on Security and enter desired settings.
     
  3. Install Microsoft Applications to be Monitored
    The next step is to install all of the Microsoft applications you wish to monitor. Microsoft applications will extend the SNMP agent, when it is present, to support the application. This is done so that the application being installed SNMP agent will configure itself for the provided applications.
     
  4. (Optional) Add More Performance Counters to SNMP Agent
    A free SNMP agent extension has been made available called SNMP4tPC. In our tests, this free agent has worked well in making a number of new probes available to AutoNOC users. You can download this agent and find installation instructions at http://www.snmp4tpc.com/. The free version of the agent extension can also be downloaded using this link SNMP4W2K-STD.ZIP.
     
  5. Apply the Latest Windows 2000 Service Pack
    The original, off the CD, SNMP agent has a severe Microsoft acknowledged memory leak in it. This memory leak is fixed when the latest service pack is installed. It is important to re-install the service pack after any changes to Microsoft applications or to the SNMP agent to fix this memory leak. More information about this memory leak is available in 5.3 - Windows.

Williams Technology Consulting has been kind enough to package together the following files that make the necessary modifications to the SNMP Service when it is added after the Microsoft applications to be monitored have been installed.

Please do not forget to install the most recent service pack to insure that any Microsoft related updates and patches have been applied.

IIS-SNMP-MODS.ZIP Add SNMP support to IIS installations done before installing the SNMP service.
SQL-SNMP-MODS.ZIP Add SNMP support to SQL Server installations done before installing the SNMP service.
EX2K-SNMP-MODS.ZIP Add SNMP support to Exchange installations done before installing the SNMP service.

The above files are third party files. While we have used these files with some success, AutoNOC makes no warranty and expressly disclaims any liability related to the files.

1.7.3 NET-SNMP on Red Hat Linux 8.0, 9.0, + (and other distributions)
Follow these steps to install the SNMP agent on Red Hat Linux 8.0 and beyond:

  1. Install NET-SNMP
    On most systems, the SNMP agent, snmpd will already be installed by default. If snmpd is not installed, then you can follow the installation instructions on the NET-SNMP Home Page to install the latest release of SNMP. When you have a working snmpd on the linux box to be monitored then proceed to the next step.
     
  2. Create and Customize /etc/snmp/snmpd.conf File
    Because most users will not use the snmp agent immediately, the default snmpd.conf is setup in a locked down, secure manner, which will not return useful information to remote machines. As such, the configuration file needs to be updated. There are several ways you can edit the snmpd.conf. If you are familiar with SNMP and it's nuances, then you can use the configuration script by entering the following in the command line:

        snmpconf -g basic_setup

    If you are not familiar with SNMP and just want to customize a working example file, then you can use our example SNMP agent configuration file below as a starting point. This file should be copied over the existing /etc/snmp/snmpd.conf. The following are the contents of this file:

        rocommunity public
        syslocation Unknown
        sysservices 79
        syscontact root <root@localhost>
        authtrapenable 1
        trapcommunity public
        trapsink 192.168.1.249 public
        informsink 192.168.1.249 public
        trap2sink 192.168.1.249 public
        com2sec local 192.168.1.* public
        group MyROGroup any mynetwork
        view all included .1 80
        access MyROGroup "" any noauth 0 all none none
        access MyRWGroup "" any noauth 0 all all all

    You should change every instance of     public to an SNMP community name of your choosing. The SNMP community name is like a password that is used to access the SNMP agent. You should change every instance of 192.168.1.249 and replace it with the IP address of the AutoNOC portal that is responsible for managing this device. Lastly, 192.168.1.* should be changed to represent to represent the address space of the devices that can access the SNMP agent. If you will only access SNMP on the device with the AutoNOC 2 portal then you can list the IP address of the AutoNOC portal here.
     
  3. Restart the SNMP Agent
    After you modify and save the /etc/snmpd.conf configuration file then it is time to restart the agent. From the command line:

        /etc/init.d/snmpd restart

    After the agent has been restarted, the device can be added and discovered in your AutoNOC portal.
(C) 2007 - All Rights Reserved - AutoNOC LLC
       Call me!