Highlighted
Absent Member.
Absent Member.
1025 views

Monitoring ConApp with SNMP

First the good stuff. I have successfully polled my ConApps using SNMP v2c and I have  uploaded a spreadsheet that shows specific OIDs for specific things that you would like to monitor. For instance, if you want to monitor the utilization on cpu3, then you would poll OID .1.3.6.1.4.1.11937.3.1.5.38.

Now, the parts that I still need help on:

- Rows 18-21 and 24-25 the name is Temp. What temp?

- Rows 29-30 are Status for the Type Power Supply. Is Row 29 Power Supply 0 and row 30 Power Supply 1?

- Rows 22,23 and 26 - Why are there 3 Ambient Temps? Are there 3 sensors on different parts of the appliance? And they vary by 10 degrees C, which is a pretty big spread.

- Rows 5-16 show Fan RPMs. It would be nice to know what a healthy range is.

More Importantly:

- I have not found a way to see Usage % for the Hard Drive. Kind of an important thing to monitor...

- I have not found any way to use SNMP to monitor the Process Status of the containers. This would be extremely useful!

Any assistance on this would be appreciated. Any questions on how I have done what I have so far I will answer.

Pete

0 Likes
Reply
11 Replies
Highlighted
Absent Member.
Absent Member.

Re: Monitoring ConApp with SNMP

Hi Pete - I have moved this thread to the space where the product question-and-answer activity takes place. The Site Feedback space is to report issues or requests regarding the Protect 724 community platform.

Here is the body of Pete's post (for folks who subscribe to the Interact space by email):

First the good stuff. I have  successfully polled my ConApps using SNMP v2c and I have  uploaded a  spreadsheet that shows specific OIDs for specific things that you would  like to monitor. For instance, if you want to monitor the utilization on  cpu3, then you would poll OID .1.3.6.1.4.1.11937.3.1.5.38.

Now, the parts that I still need help on:

- Rows 18-21 and 24-25 the name is Temp. What temp?

- Rows 29-30 are Status for the Type Power Supply. Is Row 29 Power Supply 0 and row 30 Power Supply 1?

-  Rows 22,23 and 26 - Why are there 3 Ambient Temps? Are there 3 sensors  on different parts of the appliance? And they vary by 10 degrees C,  which is a pretty big spread.

- Rows 5-16 show Fan RPMs. It would be nice to know what a healthy range is.

More Importantly:

- I have not found a way to see Usage % for the Hard Drive. Kind of an important thing to monitor...

- I have not found any way to use SNMP to monitor the Process Status of the containers. This would be extremely useful!

Any assistance on this would be appreciated. Any questions on how I have done what I have so far I will answer.

Pete

0 Likes
Reply
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Monitoring ConApp with SNMP

Pete,

I am assuming this also applies to the logger, I somehow have not been able to get from from my logger using snmp.

When I do a snmpwalk on it I only get the entreis below. I have also tried to imporet the MIBs provided by ArcSight to see if that would make any difference but no luck.

SNMPv2-SMI::mib-2.1.1.0 = STRING: "SNMP4J-Agent - Linux - amd64 - 2.6.9-67.0.7.plus.c4smp"
SNMPv2-SMI::mib-2.1.2.0 = OID: SNMPv2-SMI::enterprises.4976
SNMPv2-SMI::mib-2.1.3.0 = Timeticks: (8553574) 23:45:35.74
SNMPv2-SMI::mib-2.1.4.0 = ""
SNMPv2-SMI::mib-2.1.5.0 = ""
SNMPv2-SMI::mib-2.1.6.0 = ""
SNMPv2-SMI::mib-2.1.7.0 = INTEGER: 10
SNMPv2-SMI::mib-2.1.8.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::mib-2.11.1.0 = Counter32: 5732
SNMPv2-SMI::mib-2.11.3.0 = Counter32: 0
SNMPv2-SMI::mib-2.11.4.0 = Counter32: 0
SNMPv2-SMI::mib-2.11.5.0 = Counter32: 0
SNMPv2-SMI::mib-2.11.6.0 = Counter32: 0
SNMPv2-SMI::mib-2.11.30.0 = INTEGER: 1
SNMPv2-SMI::mib-2.11.31.0 = Counter32: 0
SNMPv2-SMI::mib-2.11.32.0 = Counter32: 0

Did you have to do anything special to get access to these valus?

Thanks

Vini

0 Likes
Reply
Absent Member.
Absent Member.

Re: Monitoring ConApp with SNMP

Vini,

Try

snmpwalk -Os -c [Your Community String] -v 2c [Your hostname or IP] .1.3.6.1.4.1.11937.3.1

Removing the bracketed values and replacing them with yours. This will start you within ArcSight's enterprise branch.

WARNING: You will have to walk each one of your ConApp and Logger appliances individually and manually code the OIDs for that one because ArcSight did NOT design their OIDs correctly. The OIDs can be different on appliances of the same model and version!!!! This violates best practices and I have opened up a feature request (CONAPP-3411) for it on the ConApps. (Even though I consider this a bug and not a feature.) Please add your name to this feature request so that they might fix this poorly designed SNMP implementation quicker.

0 Likes
Reply
Highlighted
New Member.

Re: Monitoring ConApp with SNMP

Hi pete,

Are you aware of any improvements with ArcSight's OID structure, or is this still the norm today?

0 Likes
Reply
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Monitoring ConApp with SNMP

I would say this is still the same way.

ArcSight uses some java based snmp implementation which does not provide the OIDs that the other standard SNMP implementation provides.

It would be good to hear what one of the ArcSight developers has to say.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Monitoring ConApp with SNMP

What happened to the link, described in the ConnApp admin guide where the appliance.mib could be downloaded?

It was https://<ConnApp_system_name_or_ip>/platformservice/appliance.mib

A customer recently notified me, that this link returns a "not found"...

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Monitoring ConApp with SNMP

 

You have a typo error.

https://<system_name_or_ip>/platform-service/appliance.mib

I validated that it works.

0 Likes
Reply
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Monitoring ConApp with SNMP

Hi Pete, have you got any news about the SNMP from HP/ArcSight?

HAKAN
0 Likes
Reply
Highlighted
Super Contributor.
Super Contributor.

Re: Monitoring ConApp with SNMP

Hi Guys,

Does this OID inconsistency still exist? There were Logger- and Connapp releases in the meanwhile but the release notes don't mention this as fixed.

Regards,

Andras

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Monitoring ConApp with SNMP

Hi Pete, i saw that you was searching for a solution to monitor ArcSight Devices via SNMP. I have now the same problem. I have a Arcsight Logger version 6x. and i need to monitor the interface traffic via snmp. Is there now a way how i can do that ? I tried a snmpwalk ( arcsight (11937) ) to the logger but i don't get any useful values. Only "Strings like CPU0 CPU1 FAN and so on ?!!? What's wrong here ? Can you help? And it's looks like that this is a java snmp implementation !?!? No standard linux !?!?

BR

Mauice

0 Likes
Reply
Highlighted
Super Contributor.
Super Contributor.

Re: Monitoring ConApp with SNMP

This(java implementation instead of standard linux) was the problem back in 2012-3 in earlier appliance versions. I am still interested in SNMP monitoring integration and assumed the newer versions ship better SNMP capabilities.

If the above is the case, nothing seems to be changed.

Does anyone else have any further experience/workaround with the snmp monitoring ?

Regards,

Andras

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.