Proof of Concept
Instead of using canned SSH-based probes for UNIX, we are researching the possibility of using SNMP against unix boxes (and possibly windows). In theory we can do this by simply replacing the SSH probes with equivalent SNMP probes which SNMP GET information from extended MIB objects which we apply to all machines we plan to instrument.
Since we have to touch all boxes anyway (even in "agentless" SSH probe mode), there is little or no opportunity cost to picking SNMP aside from the need to port the probes. But that cost is balanced by certain advantages:
- SNMP doesn't require us to open up shell access to a broad population of machines
- SNMP is the same protocol used for net devices & printers (2 down, Windows potentially remains the odd man out)
Linux
On Linux/net-snmp 5 here's one way to do extensions (there are several).
- Use "exec" to add an extension to snmpd.conf
exec echotest /bin/cat /etc/motd
- Restart snmpd and do a GET against a view which can see the extended MIBs
snmpget -v2c localhost -c public 'NET-SNMP-EXTEND-MIB::nsExtendOutputFull."echotest"'
...we may want to use SNMPv3, but the general idea is clear... we can expose arbitrary configuration data through SNMP. Since there are only a few dozen probes (and maybe only a subset of actual interest to Yale) we should be able to leverage SNMP for UNIX discovery instrumentation.
Rewire Discovery
This is simple to do. There are two main objectives:
- make sure SSH discovery doesn't happen
- no credentials
- configure the behavior of the MID server to skip SSH
- Expand the stock Linux classifier for SNMP so that it runs additional Explore-phase probes
Write SNMP Hooks & Custom MIB
- scripts to call from net-snmp extend directives. Put logic in these as opposed to SN... hides information, gives the discovery targets maximum control over the process.
- custom MIB will aid in probe & sensor clarity
Probe Replacement
There are a couple of steps:
- create a probe that gets the desires SNMP object(s)
- add that probe to the "Triggers Probes" section of the Linux SNMP classifier
- write a replacement sensor (next section)
Sensor Replacement
- replace the sensor
You can probably do this with XML field mapping as well, but here is a very simple scripted sensor that works from an SNMP probe payload:/* * sensor for SNMP Distribution discovery (Yale SNMP Discovery) * * william.west@yale.edu */ new DiscoverySensor({ process: function() { // // XML should be in var payload (a global) var element = XMLUtil.getText(payload, '//unk_111'); var rows = element.split('\n'); //expecting multiple lines current.os = rows[0]; current.os_version = rows[1]; }, type: 'DiscoverySensor' }); - list the new sensor in the "Sensors" section of the appropriate probe record
Identifying Which Probes/Sensors to Replace
The most complete approach here is:
- narrow down the sensors to those that apply to our asset types
- look at which ci_ tables are being edited by those and combine sensors with the same function
- generate a list of probes from those sensors
- generate a list of data needed by SNMP
- find out what standard MIBs provide the data
- generate a list of needed extensions for data not covered above
Status
Name |
Description |
SNMP |
Probe |
Sensor |
CMDB Target Table.Field |
|---|---|---|---|---|---|
UNIX - Distribution |
Determines OS distribution & version |
|
|
|
cmdb_ci_XXX_server.os, os_version |
UNIX - Active Connections |
|
||||
UNIX - Active Processes |
|
||||
UNIX - CPU |
Determines CPU mfg, type, speed, count, cores |
|
|
|
XXX_ci.cpu_speed, cpu_type, cpu_count |
UNIX - Installed Software |
|||||
UNIX - Memory |
Determine total amount of RAM |
|
|
|
XXX_ci.ram |
UNIX - Memory Modules |
|
||||
UNIX - Network |
|
||||
UNIX - Disks |
|
||||
UNIX - Patches |
|
||||
UNIX - Hardware Info. |
|
||||
UNIX - OS Release |
|
||||
UNIX - Serial |
|
||||
UNIX - VMWare Information |
UNIX - Get VMWare Information |
||||
UNIX - OS Filesystems |
UNIX - OS Filesystems |
||||
UNIX - OS Uptime |
UNIX - OS Uptime |
||||
Solaris - Zones |
Determine the Solaris Zone Information |
||||
Mac OS X - Last User |
Gather log information from Macintosh machines. |
||||
Apache - Get Configuration |
Apache - Get Configuration |
||||
Apache - Version |
Apache - Version |
||||
JBoss - web.xml list |
Trigger probes to get JBoss web.xml |
||||
JBoss - jboss-service.xml |
Map contents of into JBoss web service |
||||
JBoss - Get web.xml |
Map jboss webapps detail |
||||
MySQL - Catalogs |
Creates and relates database catalogs |
||||
MySQL - Configuration |
MySQL - Configuration |
||||
MySQL - Version |
MySQL - Version |
||||
Oracle - Discover Pfiles |
Trigger Oracle pfile probe |
||||
Oracle - Fetch Pfile |
Parse the Oracle pfiles we've fetched |
||||
Oracle - Version |
Oracle - Version |
||||
Tomcat - Find web.xml list |
Trigger probes to get Tomcat web.xml |
||||
Tomcat - Get server.xml |
Map contents into application server attributes |
||||
Tomcat - Map Connectors |
Map contents into Connector attributes |
||||
Tomcat - Map Contexts |
Map contents into web application attributes |
||||
Tomcat - Get Version |
Get version |
||||
Tomcat - Get web.xml |
Map tomcat webapps detail |
||||
VMWare - Resource Pools |
Process resource pool information from ESX |
||||
VMWare - vCenter |
Populate the virt tables with info from vCenter |
