Supporting SNMP In Supporting SNMP In MOM and WMI MOM and WMI using hands-on examples using hands-on examples
Mar 28, 2015
Supporting SNMP InSupporting SNMP InMOM and WMIMOM and WMI
using hands-on examplesusing hands-on examples
ObjectivesObjectives
This purpose of this presentation is to introduce the This purpose of this presentation is to introduce the Simple Network Management Protocol (SNMP) features Simple Network Management Protocol (SNMP) features of Microsoft Operations Manager (MOM) and Windows of Microsoft Operations Manager (MOM) and Windows Management Instrumentation (WMI).Management Instrumentation (WMI).
This presentation does not get bogged down with long This presentation does not get bogged down with long definitions and architectural overviews. It also does definitions and architectural overviews. It also does notnot assume that you are an SNMP expert. assume that you are an SNMP expert.
If you need more details on a particular topic you can If you need more details on a particular topic you can refer to MSDN and the MOM and WMI documentation.refer to MSDN and the MOM and WMI documentation.
OverviewOverview
During this presentation…During this presentation…
– We will configure the Windows SNMP service.We will configure the Windows SNMP service.– Test the SNMP service using SNMPUTIL and WMI.Test the SNMP service using SNMPUTIL and WMI.– Capture SNMP Traps with WMI.Capture SNMP Traps with WMI.– Generate and capture SNMP Traps with MOM.Generate and capture SNMP Traps with MOM.
Test EnvironmentTest Environment
The simple test environment represented below is used The simple test environment represented below is used throughout this presentation.throughout this presentation.
• MOM Agent
• IP = 65.53.11.104
• MOM Server
• IP = 65.53.11.103
Windows SNMP ServiceWindows SNMP Service
The first step is to make sure that the SNMP Service is installed The first step is to make sure that the SNMP Service is installed on both systems (Server and Agent).on both systems (Server and Agent).
1. From “Add/Remove Programs” click on “Add/Remove Windows Components”.
2. Select “Management and Monitoring Tools” and click on “Details”.
3. Select “Simple Network Management Protocol” and click OK.
4. Click “Next” to Configure Components.
WMI SNMP ProviderWMI SNMP Provider
Next, install the WMI SNMP Provider (WMISNMP.exe) on both Next, install the WMI SNMP Provider (WMISNMP.exe) on both systems.systems.
Configuring SNMP ServiceConfiguring SNMP Service
Now that the components are installed we need to configure the Now that the components are installed we need to configure the SNMP service on SNMP service on bothboth systems. systems.
1. Right click on “My Computer” and select “Manage”.
2. Locate the “SNMP Service”, right click on it, and select “Properties”.
(continued on next slide…)
Configuring SNMP ServiceConfiguring SNMP Service
We will set up a single SNMP community called “public”.We will set up a single SNMP community called “public”.
1. Select the “Security” tab.
2. Configure the “public” community with READ and CREATE rights.
Note: Community names are case sensitive!
(continued on next slide…)
Configuring SNMP ServiceConfiguring SNMP Service
We will send We will send allall SNMP traps to our MOM Agent. SNMP traps to our MOM Agent.
1. Select the “Traps” tab.
2. Configure the SNMP “Trap Destination” for the “public” community to the IP address of the MOM Agent (65.53.11.104).
3. Click OK.
Testing SNMP ServiceTesting SNMP Service
To test the SNMP service we will first use “SNMPUTIL” To test the SNMP service we will first use “SNMPUTIL” to listen for SNMP traps. This utility can be found in the to listen for SNMP traps. This utility can be found in the Windows Resource Kit.Windows Resource Kit.
On the MOM Agent, open a console window and On the MOM Agent, open a console window and execute “snmputil trap”. execute “snmputil trap”.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\>snmputil trapsnmputil: listening for traps...
Testing SNMP ServiceTesting SNMP Service
Next, we will generate an SNMP Trap by stopping and Next, we will generate an SNMP Trap by stopping and restarting the SNMP Service on the MOM Server. The restarting the SNMP Service on the MOM Server. The easiest way to do this is to use the “net stop” and “net easiest way to do this is to use the “net stop” and “net start” commands from a console window.start” commands from a console window.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\>net stop snmpThe SNMP Service service is stopping.The SNMP Service service was stopped successfully.
C:\>net start snmpThe SNMP Service service is starting.The SNMP Service service was started successfully.
Testing SNMP ServiceTesting SNMP Service
After the SNMP service is restarted on the MOM Server After the SNMP service is restarted on the MOM Server you will see that SNMPUTIL (on the MOM Agent) caught you will see that SNMPUTIL (on the MOM Agent) caught several traps.several traps.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\>snmputil trapsnmputil: listening for traps...Incoming Trap: generic = 0 specific = 0 enterprise = ...software.systems.os.windowsNT.server agent = 65.53.11.103 source IP = 65.53.11.103 community = public...
Testing SNMP ServiceTesting SNMP Service
Most likely you will see two different types of traps when Most likely you will see two different types of traps when you restart the SNMP Service.you restart the SNMP Service. – The first will be generic type 0. This represents an SNMP The first will be generic type 0. This represents an SNMP
“coldStart” trap.“coldStart” trap.
– The second will be generic type 3. This represents an SNMP The second will be generic type 3. This represents an SNMP “linkUp” trap. You may see a couple of these traps when the “linkUp” trap. You may see a couple of these traps when the SNMP Service is restarted.SNMP Service is restarted.
Testing SNMP Service with WMITesting SNMP Service with WMI
You can also use WMI (via WBEMTEST) to capture and You can also use WMI (via WBEMTEST) to capture and display SNMP traps.display SNMP traps.
On the MOM Agent, start “wbemtest”.On the MOM Agent, start “wbemtest”.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\>wbemtest
Testing SNMP Service with WMITesting SNMP Service with WMI
Connect/Login to the “root\snmp\localhost” namespace.Connect/Login to the “root\snmp\localhost” namespace.
Testing SNMP Service with WMITesting SNMP Service with WMI
Click on “Notification Query”…Click on “Notification Query”…
Testing SNMP Service with WMITesting SNMP Service with WMI
Enter the query “select * from snmpnotification” Enter the query “select * from snmpnotification” and click “Apply”.and click “Apply”.
Testing SNMP Service with WMITesting SNMP Service with WMI
Next, generate an SNMP Trap by stopping and Next, generate an SNMP Trap by stopping and restarting the SNMP Service on the MOM restarting the SNMP Service on the MOM Server.Server.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\>net stop snmpThe SNMP Service service is stopping.The SNMP Service service was stopped successfully.
C:\>net start snmpThe SNMP Service service is starting.The SNMP Service service was started successfully.
Testing SNMP Service with WMITesting SNMP Service with WMI
After the SNMP service is restarted on the MOM Server After the SNMP service is restarted on the MOM Server you will see that WMI (on the MOM Agent) caught the you will see that WMI (on the MOM Agent) caught the same traps we saw earlier with SNMPUTIL.same traps we saw earlier with SNMPUTIL.
Management Information BaseManagement Information Base
SNMP management software needs access to the SNMP management software needs access to the Management Information Base (MIB) for each system Management Information Base (MIB) for each system (workstation, server, router, bridge, and so on) in the (workstation, server, router, bridge, and so on) in the network. The MIB reflects the status of the managed network. The MIB reflects the status of the managed resources at that system.resources at that system.
A MIB “file” is a text file that defines a hierarchical set of A MIB “file” is a text file that defines a hierarchical set of data variables, called objects, in which each variable data variables, called objects, in which each variable represents a manageable object.represents a manageable object. The SNMP objects/traps generated by MOM are defined The SNMP objects/traps generated by MOM are defined in “MissionCritical.mib”. This file can be found in the in “MissionCritical.mib”. This file can be found in the “OnePoint” program folder.“OnePoint” program folder.
Compiling MIBs into WMICompiling MIBs into WMI
In order to capture and display MOM generated SNMP In order to capture and display MOM generated SNMP traps with WMI you must first compile the traps with WMI you must first compile the “MissionCritical.mib” file using the “SMI2SMIR” MIB “MissionCritical.mib” file using the “SMI2SMIR” MIB compiler. compiler.
Copy the MIB file to a folder on the MOM Agent and Copy the MIB file to a folder on the MOM Agent and compile the MIB file using the “/sa” and “/t” options.compile the MIB file using the “/sa” and “/t” options.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\TEST>smi2smir /sa /t MissionCritical.mib
Compiling MIBs into WMICompiling MIBs into WMI
You can use the compiler’s “/l” option to list all of the You can use the compiler’s “/l” option to list all of the modules that have been compiled into WMI.modules that have been compiled into WMI.
At the very least you should see the “RFC1213_MIB” At the very least you should see the “RFC1213_MIB” and “MISSION_CRITICAL_MIB” modules.and “MISSION_CRITICAL_MIB” modules.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\TEST>smi2smir /l
smi2smir : Version 1.50.1085.0000
smi2smir : Modules in the SMIR :"RFC1213_MIB""MISSION_CRITICAL_MIB"
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
To generate an SNMP Trap in MOM we first create an To generate an SNMP Trap in MOM we first create an Event Processing Rule in the MOM “Agents, Event Processing Rule in the MOM “Agents, Consolidators or DAS” group.Consolidators or DAS” group.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
This new rule will look for events with the ID = 500.This new rule will look for events with the ID = 500.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
The rule will generate a Critical Error alert.The rule will generate a Critical Error alert.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
The rule will respond with a locally generated SNMP trap.The rule will respond with a locally generated SNMP trap.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
We will call this new rule “SNMP Trap Test”.We will call this new rule “SNMP Trap Test”.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
Commit the configuration changes and wait for the rule Commit the configuration changes and wait for the rule to be picked up by the agent on the MOM Server. to be picked up by the agent on the MOM Server.
You can speed up this process by stopping and You can speed up this process by stopping and restarting the OnePoint service on the MOM Server.restarting the OnePoint service on the MOM Server.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
Once again, we will use WMI (via WBEMTEST) to Once again, we will use WMI (via WBEMTEST) to capture and display SNMP traps. This time we will be capture and display SNMP traps. This time we will be capturing traps generated by the MOM Server.capturing traps generated by the MOM Server.
On the MOM Agent, start “wbemtest”.On the MOM Agent, start “wbemtest”.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\>wbemtest
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
Connect/Login to the “root\snmp\localhost” namespace.Connect/Login to the “root\snmp\localhost” namespace.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
Click on “Notification Query”…Click on “Notification Query”…
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
Enter the query “select * from snmpnotification” Enter the query “select * from snmpnotification” and click “Apply”.and click “Apply”.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
To test the “SNMP Trap Test” rule we need to generate To test the “SNMP Trap Test” rule we need to generate an NT Event with the ID = 500. To do this we will use an NT Event with the ID = 500. To do this we will use “logevent.exe”. This utility can be found in the Windows “logevent.exe”. This utility can be found in the Windows Resource Kit.Resource Kit.
Open a console windows on the MOM Server and Open a console windows on the MOM Server and generate an NT event using the logevent syntax shown generate an NT event using the logevent syntax shown below.below.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\tools\>logevent -e 500 "SNMP Test Event"
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
The “SNMP Trap Test” rule will see the NT Event we The “SNMP Trap Test” rule will see the NT Event we generated with logevent, and ultimately generate an generated with logevent, and ultimately generate an SNMP Trap in response. This SNMP Trap will be caught SNMP Trap in response. This SNMP Trap will be caught by WMI on our MOM Agent.by WMI on our MOM Agent.
Generating SNMP Traps with MOMGenerating SNMP Traps with MOM
To get additional information on the trap simply To get additional information on the trap simply double click on it.double click on it.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
OK, the last thing we are going to demonstrate in this OK, the last thing we are going to demonstrate in this presentation is how to “catch” SNMP traps in MOM.presentation is how to “catch” SNMP traps in MOM.
MOM employs WMI to enable SNMP management MOM employs WMI to enable SNMP management capability.capability.
The WMI SNMP Provider catches the actual SNMP The WMI SNMP Provider catches the actual SNMP Traps. WMI passes SNMP Trap information on to MOM Traps. WMI passes SNMP Trap information on to MOM as WMI events.as WMI events.
Although we will not use them in this presentation, MOM Although we will not use them in this presentation, MOM includes two predefined WMI Event Providers for includes two predefined WMI Event Providers for catching SNMP Traps.catching SNMP Traps.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
First, we need to create a new MOM provider. First, we need to create a new MOM provider.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Select “WMI Events” as the Data Provider Type. Select “WMI Events” as the Data Provider Type.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Set the Properties as follows, then click “Finish”Set the Properties as follows, then click “Finish”– Name:Name: WMI TRAP CATCHER WMI TRAP CATCHER– Namespace:Namespace: root\snmp\localhost root\snmp\localhost– Query:Query: select * from snmpnotification select * from snmpnotification
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Next, create a new Event Processing Rule in the MOM Next, create a new Event Processing Rule in the MOM “Agents, Consolidators or DAS” group. This rule will be “Agents, Consolidators or DAS” group. This rule will be used to catch SNMP Traps.used to catch SNMP Traps.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Select “WMI TRAP CATCHER” as the Provider. Select “WMI TRAP CATCHER” as the Provider.
Catching SNMP Traps with MOMCatching SNMP Traps with MOMLeave the “Criteria” and “Schedule” properties blank.Leave the “Criteria” and “Schedule” properties blank.
Configure the rule to generate a Critical Error alert.Configure the rule to generate a Critical Error alert.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Call the new rule “SNMP Trap Catch Test”. Call the new rule “SNMP Trap Catch Test”.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Commit the configuration changes and wait for the rule Commit the configuration changes and wait for the rule to be picked up by the MOM Agent. to be picked up by the MOM Agent.
You can speed up this process by stopping and You can speed up this process by stopping and restarting the OnePoint service on the MOM Agent.restarting the OnePoint service on the MOM Agent.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Next, generate an SNMP Trap by stopping and Next, generate an SNMP Trap by stopping and restarting the SNMP Service on the MOM restarting the SNMP Service on the MOM Server.Server.
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
C:\>net stop snmpThe SNMP Service service is stopping.The SNMP Service service was stopped successfully.
C:\>net start snmpThe SNMP Service service is starting.The SNMP Service service was started successfully.
Catching SNMP Traps with MOMCatching SNMP Traps with MOM
Watch the MOM Console and you will see the MOM Watch the MOM Console and you will see the MOM Agent catch the same SNMP Traps we saw earlier in this Agent catch the same SNMP Traps we saw earlier in this presentation.presentation.
We’re Done!We’re Done!
A lot of material was covered in this presentation. I hope A lot of material was covered in this presentation. I hope you found it useful.you found it useful.
For additional information on the topics we covered you For additional information on the topics we covered you can refer to the following documentation.can refer to the following documentation.
– MOM Installation GuideMOM Installation Guide– WMI SDK DocumentationWMI SDK Documentation– MSDN LibraryMSDN Library