The Simple Network Management Protocol (SNMP) network management application, running on an external computer, queries the SNMP agent on the NetScaler. The agent searches the management information base (MIB) for data requested by the network management application and sends the data to the application.
SNMP monitoring uses traps messages and alarms. SNMP traps messages are asynchronous events that the agent generates to signal abnormal conditions, which are indicated by alarms. For example, if you want to be informed when CPU utilization is above 90 percent, you can set up an alarm for that condition. The following figure shows a network with a NetScaler that has SNMP enabled and configured.
The SNMP agent on a NetScaler supports SNMP version 1 (SNMPv1), SNMP version 2 (SNMPv2), and SNMP version 3 (SNMPv3). Because it operates in bilingual mode, the agent can handle SNMPv2 queries, such as Get-Bulk, and SNMPv1 queries. The SNMP agent also sends traps compliant with SNMPv2 and supports SNMPv2 data types, such as counter64. SNMPv1 managers (programs on other servers that request SNMP information from the NetScaler) use the NS-MIB-smiv1.mib file when processing SNMP queries. SNMPv2 managers use the NS-MIB-smiv2.mib file.
The NetScaler supports the following enterprise-specific MIBs:
To configure SNMP, you specify which managers can query the SNMP agent, add SNMP trap listeners that will receive the SNMP trap messages, and configure SNMP Alarms.
You can configure a workstation running a management application that complies with SNMP version 1, 2, or 3 to access an appliance. Such a workstation is called an SNMP manager. If you do not specify an SNMP manager on the appliance, the appliance accepts and responds to SNMP queries from all IP addresses on the network. If you configure one or more SNMP managers, the appliance accepts and responds to SNMP queries from only those specific IP addresses. When specifying the IP address of an SNMP manager, you can use the netmask parameter to grant access from entire subnets. You can add a maximum of 100 SNMP managers or networks.
At the command prompt, type the following commands to add an SNMP manager and verify the configuration:
> add snmp manager 10.102.29.5 -netmask 255.255.255.255 Done > show snmp manager 10.102.29.5 1) 10.102.29.5 255.255.255.255 Done >
After configuring the alarms, you need to specify the trap listener to which the appliance will send the trap messages. Apart from specifying parameters like IP address and the destination port of the trap listener, you can specify the type of trap (either generic or specific) and the SNMP version.
You can configure a maximum of 20 trap listeners for receiving either generic or specific traps.
At the command prompt, type the following command to add an SNMP trap and verify that it has been added:
> add snmp trap specific 10.102.29.3 Done > show snmp trap Type DestinationIP DestinationPort Version SourceIP Min-Severity Community ---- ------------- --------------- ------- -------- ------------ --------- generic 10.102.29.9 162 V2 NetScaler IP N/A public generic 10.102.29.5 162 V2 NetScaler IP N/A public generic 10.102.120.101 162 V2 NetScaler IP N/A public . . . specific 10.102.29.3 162 V2 NetScaler IP - public Done >
You configure alarms so that the appliance generates a trap message when an event corresponding to one of the alarms occurs. Configuring an alarm consists of enabling the alarm and setting the severity level at which a trap is generated. There are five severity levels: Critical, Major, Minor, Warning, and Informational. A trap is sent only when the severity of the alarm matches the severity specified for the trap.
Some alarms are enabled by default. If you disable an SNMP alarm, the appliance will not generate trap messages when corresponding events occur. For example, if you disable the Login-Failure SNMP alarm, the appliance will not generate a trap message when a login failure occurs.
At the command prompt, type the following commands to enable or disable an alarm and verify that it has been enabled or disabled:
> set snmp alarm LOGIN-FAILURE -state ENABLED Done > show snmp alarm LOGIN-FAILURE Alarm Alarm Threshold Normal Threshold Time State Severity Logging ----- --------------- ---------------- ---- -------- --------- -------- 1) LOGIN-FAILURE N/A N/A N/A ENABLED - ENABLED Done >
At the command prompt, type the following commands to set the severity of the alarm and verify that the severity has been set correctly:
> set snmp alarm LOGIN-FAILURE -severity Major Done > show snmp alarm LOGIN-FAILURE Alarm Alarm Threshold Normal Threshold Time State Severity Logging ----- --------------- ---------------- ---- -------- --------- -------- 1) LOGIN-FAILURE N/A N/A N/A ENABLED Major ENABLED Done >