Layer7 API Management

  • Private Community
 View Only

  • 1.  Is it needed for the SSG service to be running, to get SNMP working ?

    Broadcom Employee
    Posted Jan 17, 2016 12:59 AM

    Hello there,

     

    At a customer, we have the Gateway DB (MySQL) on a separate Gateway VM. And, we did not configure Gateway node on that machines, as it is supposed to be the Gateway DB. Now, we would like to monitor basic parameters like CPU, RAM and Disk etc., thru SNMP on that machine. After configuring the SNMP, it doesn't give any response.

     

    Whereas, when I try the same thing on another machine where the Gateway is configured, also the SNMP is configured, it works fine. If I stop the ssg service, and try the snmp command it doesn't work.

     

    So, is it mandatory that the SSG service running, to configure SNMP ? If so, how do we monitor the Gateway DB machines ?

     

    SSG Service Running, and SNMP gives response.

    SSG Service stopped, and SNMP doesn't respond

     

    Any inputs would be appreciated!

     

    Thanks,

    Vaseem



  • 2.  Re: Is it needed for the SSG service to be running, to get SNMP working ?

    Posted Jan 17, 2016 06:15 PM

    Hi Vaseem,

     

    For the default OS SNMP response you just have to make sure the SNMP service is running at the OS level and the firewall allows port 161 for incoming UDP traffic. This should be enough to monitor a non-ssg node. When your configure an ssg-node for SNMP according to CA instructions, it will add policy statistics information through SNMP based on a call to an internal call to the statistics info in the gateway so in that case a running ssg is required.

     

    Hope that helps...

     

    Regards,

    Michiel



  • 3.  Re: Is it needed for the SSG service to be running, to get SNMP working ?

    Broadcom Employee
    Posted Jan 17, 2016 09:30 PM

    Hello Michiel,

     

    Thanks for the response.

     

    The standard instructions on the ssg node to configure SNMP involves adding a Firewall Rule (Manage Listening Ports -> Manage Firewall Rules -> Add UDP 161). But, what is the standard process for enabling this on a non-ssg node ?

     

    I have already tried to enable it from iptables, without a success. However, on 8.4 Gateway, the documentation says, no need to modify the iptables.

     

    Thanks,

    Vaseem



  • 4.  Re: Is it needed for the SSG service to be running, to get SNMP working ?
    Best Answer

    Broadcom Employee
    Posted Aug 26, 2016 12:30 AM

    Vaseem,

     

    Michel's response for the standard method of inserting iptable rules is correct. For non SSG nodes you will need to add it directly into the iptables file and restart the iptables service (service iptable restart). The rule in an existing iptables file from a Gateway appliance has the following lines that need to be commentted out.

    # SNMP Rules
    # [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 161 -j ACCEPT
    # [0:0] -A INPUT -i eth0 -p udp -m udp --dport 161 -j ACCEPT

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 5.  Re: Is it needed for the SSG service to be running, to get SNMP working ?

    Posted Jun 08, 2016 07:45 PM

    Hi vasmu03. SNMP requires traffic going through port UDP161 (read) on the monitoring server, and UDP 162 (trap) on the nodes being monitored.

     

    Regards

    Arash Eftekhari

    Support Engineer, Global Customer Success

    Email: CATechnicalSupport@ca.com

    Phone: +1 800 225 5224

    Outside of North America - ca.com/us/worldwide.aspx

    CA API Management Community: ca.com/talkapi