CA Privileged Access Manager Tech Tip by Miquel Gilibert, Principal Support Engineer for 10th May 2017
CA PAM allows for SNMP to be configured in order to monitor internal system parameters, as well as, if need be, the Xceedium specific ones.
This can be used to obtain data from the appliances from a Linux or Windows terminal in real time using the appropriate polling utility. This allows us to verify the status of an appliance when necessary without having to use a third party monitoring software.
The CA PAM appliances are actually standard Linux servers with the SNMPD package and MIBs installed. As such they will respond to snmp calls requesting information for the standard MIBs installed on any Linux
We need to ensure, first of all, that the snmpd is started and ready to respond to polling requests. This is done by accessing the Config tab in the CA PAM GUI and going to SNMP, then starting the poll server.
By default, the read only community name is xcdgkpub. After starting the poll server the appliance is ready to respond to snmp queries.
So from any Linux, Unix, Cygwin or custom utility (there are freeware versions of most of the snmp command line tools), you determine the PAM system status. There are many data you can obtain through the installed MIBs. Hereby we will be using the v2c version of the MIB which does not require security for the default read only community.
The following ones may be of use:
- To retrieve the system statistics
snmpwalk -v 2c -c xcdgkpub <IPof appliance> UCD-SNMP-MIB::systemStats
- To obtain data about memory usage
snmpwalk -v 2c -c xcdgkpub <IPof appliance> UCD-SNMP-MIB::memory
- A table with storage and memory allocation
snmptable -Cb -v 2c -c xcdgkpub <IPof appliance> HOST-RESOURCES-MIB::hrStorageTable
- The specific processor table allocation
snmptable -Cb -v 2c -c xcdgkpub <IPof appliance> HOST-RESOURCES-MIB::hrProcessorTable
Every parameter we monitor in a system where SNMP is installed corresponds to an OID number. Therefore the snmpget may be used in a similar way to retrieve the status of the different system parameters.
There are lists of what each OID corresponds to. For instance
From this link, we determine that the OID to retrieve the 1 minute CPU data would be
snmpget -v 2c -c xcdgkpub <IPof appliance> 188.8.131.52.4.1.2021.10.1.3.1
UCD-SNMP-MIB::laLoad.1 = STRING: 0.06