Supporting SNMP In MOM and WMI using hands-on examples.

Supporting SNMP InSupporting SNMP InMOM and WMIMOM and WMI

using hands-on examplesusing hands-on examples

ObjectivesObjectives

This purpose of this presentation is to introduce the This purpose of this presentation is to introduce the Simple Network Management Protocol (SNMP) features Simple Network Management Protocol (SNMP) features of Microsoft Operations Manager (MOM) and Windows of Microsoft Operations Manager (MOM) and Windows Management Instrumentation (WMI).Management Instrumentation (WMI).

This presentation does not get bogged down with long This presentation does not get bogged down with long definitions and architectural overviews. It also does definitions and architectural overviews. It also does notnot assume that you are an SNMP expert. assume that you are an SNMP expert.

If you need more details on a particular topic you can If you need more details on a particular topic you can refer to MSDN and the MOM and WMI documentation.refer to MSDN and the MOM and WMI documentation.

OverviewOverview

During this presentation…During this presentation…

– We will configure the Windows SNMP service.We will configure the Windows SNMP service.– Test the SNMP service using SNMPUTIL and WMI.Test the SNMP service using SNMPUTIL and WMI.– Capture SNMP Traps with WMI.Capture SNMP Traps with WMI.– Generate and capture SNMP Traps with MOM.Generate and capture SNMP Traps with MOM.

Test EnvironmentTest Environment

The simple test environment represented below is used The simple test environment represented below is used throughout this presentation.throughout this presentation.

• MOM Agent

• IP = 65.53.11.104

• MOM Server

• IP = 65.53.11.103

Windows SNMP ServiceWindows SNMP Service

The first step is to make sure that the SNMP Service is installed The first step is to make sure that the SNMP Service is installed on both systems (Server and Agent).on both systems (Server and Agent).

1. From “Add/Remove Programs” click on “Add/Remove Windows Components”.

2. Select “Management and Monitoring Tools” and click on “Details”.

3. Select “Simple Network Management Protocol” and click OK.

4. Click “Next” to Configure Components.

WMI SNMP ProviderWMI SNMP Provider

Next, install the WMI SNMP Provider (WMISNMP.exe) on both Next, install the WMI SNMP Provider (WMISNMP.exe) on both systems.systems.

Configuring SNMP ServiceConfiguring SNMP Service

Now that the components are installed we need to configure the Now that the components are installed we need to configure the SNMP service on SNMP service on bothboth systems. systems.

1. Right click on “My Computer” and select “Manage”.

2. Locate the “SNMP Service”, right click on it, and select “Properties”.

(continued on next slide…)


We will set up a single SNMP community called “public”.We will set up a single SNMP community called “public”.

1. Select the “Security” tab.

2. Configure the “public” community with READ and CREATE rights.

Note: Community names are case sensitive!

(continued on next slide…)


We will send We will send allall SNMP traps to our MOM Agent. SNMP traps to our MOM Agent.

1. Select the “Traps” tab.

2. Configure the SNMP “Trap Destination” for the “public” community to the IP address of the MOM Agent (65.53.11.104).

3. Click OK.

Testing SNMP ServiceTesting SNMP Service

To test the SNMP service we will first use “SNMPUTIL” To test the SNMP service we will first use “SNMPUTIL” to listen for SNMP traps. This utility can be found in the to listen for SNMP traps. This utility can be found in the Windows Resource Kit.Windows Resource Kit.

On the MOM Agent, open a console window and On the MOM Agent, open a console window and execute “snmputil trap”. execute “snmputil trap”.

Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.

C:\>snmputil trapsnmputil: listening for traps...


Next, we will generate an SNMP Trap by stopping and Next, we will generate an SNMP Trap by stopping and restarting the SNMP Service on the MOM Server. The restarting the SNMP Service on the MOM Server. The easiest way to do this is to use the “net stop” and “net easiest way to do this is to use the “net stop” and “net start” commands from a console window.start” commands from a console window.


C:\>net stop snmpThe SNMP Service service is stopping.The SNMP Service service was stopped successfully.

C:\>net start snmpThe SNMP Service service is starting.The SNMP Service service was started successfully.


After the SNMP service is restarted on the MOM Server After the SNMP service is restarted on the MOM Server you will see that SNMPUTIL (on the MOM Agent) caught you will see that SNMPUTIL (on the MOM Agent) caught several traps.several traps.


C:\>snmputil trapsnmputil: listening for traps...Incoming Trap: generic = 0 specific = 0 enterprise = ...software.systems.os.windowsNT.server agent = 65.53.11.103 source IP = 65.53.11.103 community = public...


Most likely you will see two different types of traps when Most likely you will see two different types of traps when you restart the SNMP Service.you restart the SNMP Service. – The first will be generic type 0. This represents an SNMP The first will be generic type 0. This represents an SNMP

“coldStart” trap.“coldStart” trap.

– The second will be generic type 3. This represents an SNMP The second will be generic type 3. This represents an SNMP “linkUp” trap. You may see a couple of these traps when the “linkUp” trap. You may see a couple of these traps when the SNMP Service is restarted.SNMP Service is restarted.

Testing SNMP Service with WMITesting SNMP Service with WMI

You can also use WMI (via WBEMTEST) to capture and You can also use WMI (via WBEMTEST) to capture and display SNMP traps.display SNMP traps.

On the MOM Agent, start “wbemtest”.On the MOM Agent, start “wbemtest”.


C:\>wbemtest


Connect/Login to the “root\snmp\localhost” namespace.Connect/Login to the “root\snmp\localhost” namespace.


Click on “Notification Query”…Click on “Notification Query”…


Enter the query “select * from snmpnotification” Enter the query “select * from snmpnotification” and click “Apply”.and click “Apply”.


Next, generate an SNMP Trap by stopping and Next, generate an SNMP Trap by stopping and restarting the SNMP Service on the MOM restarting the SNMP Service on the MOM Server.Server.





After the SNMP service is restarted on the MOM Server After the SNMP service is restarted on the MOM Server you will see that WMI (on the MOM Agent) caught the you will see that WMI (on the MOM Agent) caught the same traps we saw earlier with SNMPUTIL.same traps we saw earlier with SNMPUTIL.

Management Information BaseManagement Information Base

SNMP management software needs access to the SNMP management software needs access to the Management Information Base (MIB) for each system Management Information Base (MIB) for each system (workstation, server, router, bridge, and so on) in the (workstation, server, router, bridge, and so on) in the network. The MIB reflects the status of the managed network. The MIB reflects the status of the managed resources at that system.resources at that system.

A MIB “file” is a text file that defines a hierarchical set of A MIB “file” is a text file that defines a hierarchical set of data variables, called objects, in which each variable data variables, called objects, in which each variable represents a manageable object.represents a manageable object. The SNMP objects/traps generated by MOM are defined The SNMP objects/traps generated by MOM are defined in “MissionCritical.mib”. This file can be found in the in “MissionCritical.mib”. This file can be found in the “OnePoint” program folder.“OnePoint” program folder.

Compiling MIBs into WMICompiling MIBs into WMI

In order to capture and display MOM generated SNMP In order to capture and display MOM generated SNMP traps with WMI you must first compile the traps with WMI you must first compile the “MissionCritical.mib” file using the “SMI2SMIR” MIB “MissionCritical.mib” file using the “SMI2SMIR” MIB compiler. compiler.

Copy the MIB file to a folder on the MOM Agent and Copy the MIB file to a folder on the MOM Agent and compile the MIB file using the “/sa” and “/t” options.compile the MIB file using the “/sa” and “/t” options.


C:\TEST>smi2smir /sa /t MissionCritical.mib

Compiling MIBs into WMICompiling MIBs into WMI

You can use the compiler’s “/l” option to list all of the You can use the compiler’s “/l” option to list all of the modules that have been compiled into WMI.modules that have been compiled into WMI.

At the very least you should see the “RFC1213_MIB” At the very least you should see the “RFC1213_MIB” and “MISSION_CRITICAL_MIB” modules.and “MISSION_CRITICAL_MIB” modules.


C:\TEST>smi2smir /l

smi2smir : Version 1.50.1085.0000

smi2smir : Modules in the SMIR :"RFC1213_MIB""MISSION_CRITICAL_MIB"

Generating SNMP Traps with MOMGenerating SNMP Traps with MOM

To generate an SNMP Trap in MOM we first create an To generate an SNMP Trap in MOM we first create an Event Processing Rule in the MOM “Agents, Event Processing Rule in the MOM “Agents, Consolidators or DAS” group.Consolidators or DAS” group.


This new rule will look for events with the ID = 500.This new rule will look for events with the ID = 500.


The rule will generate a Critical Error alert.The rule will generate a Critical Error alert.


The rule will respond with a locally generated SNMP trap.The rule will respond with a locally generated SNMP trap.


We will call this new rule “SNMP Trap Test”.We will call this new rule “SNMP Trap Test”.


Commit the configuration changes and wait for the rule Commit the configuration changes and wait for the rule to be picked up by the agent on the MOM Server. to be picked up by the agent on the MOM Server.

You can speed up this process by stopping and You can speed up this process by stopping and restarting the OnePoint service on the MOM Server.restarting the OnePoint service on the MOM Server.


Once again, we will use WMI (via WBEMTEST) to Once again, we will use WMI (via WBEMTEST) to capture and display SNMP traps. This time we will be capture and display SNMP traps. This time we will be capturing traps generated by the MOM Server.capturing traps generated by the MOM Server.

On the MOM Agent, start “wbemtest”.On the MOM Agent, start “wbemtest”.


C:\>wbemtest


Connect/Login to the “root\snmp\localhost” namespace.Connect/Login to the “root\snmp\localhost” namespace.


Click on “Notification Query”…Click on “Notification Query”…


Enter the query “select * from snmpnotification” Enter the query “select * from snmpnotification” and click “Apply”.and click “Apply”.


To test the “SNMP Trap Test” rule we need to generate To test the “SNMP Trap Test” rule we need to generate an NT Event with the ID = 500. To do this we will use an NT Event with the ID = 500. To do this we will use “logevent.exe”. This utility can be found in the Windows “logevent.exe”. This utility can be found in the Windows Resource Kit.Resource Kit.

Open a console windows on the MOM Server and Open a console windows on the MOM Server and generate an NT event using the logevent syntax shown generate an NT event using the logevent syntax shown below.below.


C:\tools\>logevent -e 500 "SNMP Test Event"


The “SNMP Trap Test” rule will see the NT Event we The “SNMP Trap Test” rule will see the NT Event we generated with logevent, and ultimately generate an generated with logevent, and ultimately generate an SNMP Trap in response. This SNMP Trap will be caught SNMP Trap in response. This SNMP Trap will be caught by WMI on our MOM Agent.by WMI on our MOM Agent.


To get additional information on the trap simply To get additional information on the trap simply double click on it.double click on it.

Catching SNMP Traps with MOMCatching SNMP Traps with MOM

OK, the last thing we are going to demonstrate in this OK, the last thing we are going to demonstrate in this presentation is how to “catch” SNMP traps in MOM.presentation is how to “catch” SNMP traps in MOM.

MOM employs WMI to enable SNMP management MOM employs WMI to enable SNMP management capability.capability.

The WMI SNMP Provider catches the actual SNMP The WMI SNMP Provider catches the actual SNMP Traps. WMI passes SNMP Trap information on to MOM Traps. WMI passes SNMP Trap information on to MOM as WMI events.as WMI events.

Although we will not use them in this presentation, MOM Although we will not use them in this presentation, MOM includes two predefined WMI Event Providers for includes two predefined WMI Event Providers for catching SNMP Traps.catching SNMP Traps.


First, we need to create a new MOM provider. First, we need to create a new MOM provider.


Select “WMI Events” as the Data Provider Type. Select “WMI Events” as the Data Provider Type.


Set the Properties as follows, then click “Finish”Set the Properties as follows, then click “Finish”– Name:Name: WMI TRAP CATCHER WMI TRAP CATCHER– Namespace:Namespace: root\snmp\localhost root\snmp\localhost– Query:Query: select * from snmpnotification select * from snmpnotification


Next, create a new Event Processing Rule in the MOM Next, create a new Event Processing Rule in the MOM “Agents, Consolidators or DAS” group. This rule will be “Agents, Consolidators or DAS” group. This rule will be used to catch SNMP Traps.used to catch SNMP Traps.


Select “WMI TRAP CATCHER” as the Provider. Select “WMI TRAP CATCHER” as the Provider.

Catching SNMP Traps with MOMCatching SNMP Traps with MOMLeave the “Criteria” and “Schedule” properties blank.Leave the “Criteria” and “Schedule” properties blank.

Configure the rule to generate a Critical Error alert.Configure the rule to generate a Critical Error alert.


Call the new rule “SNMP Trap Catch Test”. Call the new rule “SNMP Trap Catch Test”.


Commit the configuration changes and wait for the rule Commit the configuration changes and wait for the rule to be picked up by the MOM Agent. to be picked up by the MOM Agent.

You can speed up this process by stopping and You can speed up this process by stopping and restarting the OnePoint service on the MOM Agent.restarting the OnePoint service on the MOM Agent.


Next, generate an SNMP Trap by stopping and Next, generate an SNMP Trap by stopping and restarting the SNMP Service on the MOM restarting the SNMP Service on the MOM Server.Server.





Watch the MOM Console and you will see the MOM Watch the MOM Console and you will see the MOM Agent catch the same SNMP Traps we saw earlier in this Agent catch the same SNMP Traps we saw earlier in this presentation.presentation.

We’re Done!We’re Done!

A lot of material was covered in this presentation. I hope A lot of material was covered in this presentation. I hope you found it useful.you found it useful.

For additional information on the topics we covered you For additional information on the topics we covered you can refer to the following documentation.can refer to the following documentation.

– MOM Installation GuideMOM Installation Guide– WMI SDK DocumentationWMI SDK Documentation– MSDN LibraryMSDN Library

Supporting SNMP In MOM and WMI using hands-on examples.

Documents

snmp service service

windows snmp service

testing snmp service

snmp expert

wmi snmp provider

capture snmp traps

slide slide

net start snmp