🏡

Search

SearchSearch

Monitoring

Aug 11, 2024

SNMP

  • Simple Network Management Protocol
  • Object Identifier (OID)
    • Numerical, separated by dots
  • Management Information Base (MIB)
    • Translate numerical OID into string
  • Pooling
    • Port 161
    • Ask the device for information
  • Notifying
    • Port 162
    • Devices provide information
    • Messages, traps, notifications, informs
  • Version 1, 2c, 3
    • Version 1, 2c have no username, only uses community string; no encryption
    • Version 3 uses username and password; encryption

Briefing

  • Outline
    • TrueSight, U-Center
    • Log file monitoring
    • ADC syslog monitoring
    • Logstash
  • Minutes
    • Intro by Kelvin
      • log file monitoring (my part, sample case)
      • logstash
        • input, filter, output
        • installed non prod already
      • july to oct migrate monitoring rules for logstasha
      • 3 cat, syslog, log file, SNMP
      • I do no.6? SNMP more complilcated
      • truesight, event adpater to monitor log file, propogate event, remote cell handle the logic
      • for u center, “file beat” replace “remote cell”, propogate to logstash
      • for logstash, have input filter output, logstash language to handle rules
      • kafka for event streaming to ucenter
      • u center have collector, periodically pull from kafka
      • truesight, can remote cell or admin console to create rules
      • CDC2 SUSE glassfish log monitoring information
      • handle MINOR and MAJOR keyword
      • Project Code handle email ePRID
    • Logstash intro by Kathy
      • don’t directly pass string to ucenter/elasticsearch (garbage)
      • parse log (called filtering) into structured data
      • can also add information (e.g. ip mapping to hostname, add email address)
    • GROK pattern by Kathy
      • Turn unstrucuted into strucutred
      • STRING:%{REGEX:FIELD} (e.g. usr:ericwong, usr:%{USERNAME:user.name})
      • Debugger provided in ELK
      • can truncated float to integer

SNMP Meeting

  • TrueSight
    • SNMP adapters
    • Fields
    • BMC tool to compile MIB file TrueSight can use
  • Cloudera MIB example
  • Logstash
    • MIB DIC
    • Output to Kafaka
  • How to do verification?
    • From actual server
    • Linux command simulation
    • MIB browser
  • SCOM
    • Reverse engineering of MIB file
    • Discussed with Edmond for migrating alert message
      • Denied due to unknown impact

ELK

Backlinks