Layer7 Privileged Access Management

Tech Tip - CA Privileged Access Manager: How to get information about the system state by using SNMP

By Miquel Gilibert i Sunye posted 05-10-2017 11:19 AM

  

CA Privileged Access Manager Tech Tip by Miquel Gilibert, Principal Support Engineer for 10th May 2017

 

Introduction

 

CA PAM allows for SNMP to be configured in order to monitor internal system parameters, as well as, if need be, the Xceedium specific ones.

 

This can be used to obtain data from the appliances from a Linux or Windows terminal in real time using the appropriate polling utility. This allows us to verify the status of an appliance when necessary without having to use a third party monitoring software.

 

The CA PAM appliances are actually standard Linux servers with the SNMPD package and MIBs installed. As such they will respond to snmp calls requesting information for the standard MIBs installed on any Linux

 

Procedure

We need to ensure, first of all, that the snmpd is started and ready to respond to polling requests. This is done by accessing the Config tab in the CA PAM GUI and going to SNMP, then starting the poll server.

 

By default, the read only community name is xcdgkpub. After starting the poll server the appliance is ready to respond to snmp queries.

 

So from any Linux, Unix, Cygwin or custom utility (there are freeware versions of most of the snmp command line tools), you determine the PAM system status. There are many data you can obtain through the installed MIBs. Hereby we will be using the v2c version of the MIB which does not require security for the default read only community.

 

The following ones may be of use:

 

  • To retrieve the system statistics

snmpwalk -v 2c -c xcdgkpub <IPof appliance> UCD-SNMP-MIB::systemStats 

 

  • To obtain data about memory usage

snmpwalk -v 2c -c xcdgkpub <IPof appliance> UCD-SNMP-MIB::memory 

 

  • A table with storage and memory allocation

snmptable -Cb -v 2c -c xcdgkpub <IPof appliance> HOST-RESOURCES-MIB::hrStorageTable

 

  • The specific processor table allocation

snmptable -Cb -v 2c -c xcdgkpub <IPof appliance> HOST-RESOURCES-MIB::hrProcessorTable 

 

Every parameter we monitor in a system where SNMP is installed corresponds to an OID number. Therefore the snmpget may be used in a similar way to retrieve the status of the different system parameters.

 

There are lists of what each OID corresponds to. For instance

 

http://www.debianadmin.com/linux-snmp-oids-for-cpumemory-and-disk-statistics.html

 

From this link, we determine that the OID to retrieve the 1 minute CPU data would be 

 

 

snmpget -v 2c -c xcdgkpub <IPof appliance> 1.3.6.1.4.1.2021.10.1.3.1 

UCD-SNMP-MIB::laLoad.1 = STRING: 0.06 

1 comment
1 view

Permalink

Comments

05-10-2017 12:02 PM