What is SNMP: Simple Network Management Protocol (SNMP) is a protocol that is used to configure and collect information about network devices such as servers, printers, routers and switches. In this article, we will use SNMP to collect important health data from Dell servers, Microsoft operating systems and Sonicwall routers. RAID degradation, Windows performance problems, low disk space, replication errors, account privilege changes and software installation notifications are just some of the events we are going to monitor using the techniques below.
SNMP TRAP – This the Software that will collect data from all the network devices, store it in an SQL database, and send you e-mail alerts for critical events. The Software, Dell OMSE, is free to install on a Dell server.
SNMP Agent – Software that collects data from the hardware it’s installed on and passes it on to the TRAP server.
Configuring the SNMP TRAP Server
The TRAP server is a server that will collect and store SNMP data from agents.
You will need a server to act as the TRAP server, it must have a static IP and SNMP Ports 161 & 162 (UDP) open to the internal LAN, since a variety of devices will send SNMP data to the TRAP server.
Afte you select a TRAP server, install the Windows SNMP Service on it..
From the command prompt, type services.msc to open the services console.
1. Open the SNMP Service
2. Locate the TRAP tab
3. Select a community name. Use a friendly, descriptive name with no spaces or special characters. This name will be used throughout the process of configuring the SNMP agents later on.
4. Add the Trap server’s own IP address to the trap destination field
Once finished, look for the security tab.
1. Click on the security tab
2. Uncheck the authentication trap
3. Add the community name as READ ONLY. Selecting read/write poses a security risk, since SNMP commands can then be sent to the server to modify its settings by anybody inside the network that knows the community name. For this reason, I recommend using READ ONLY settings for all SNMP enabled devices.
4. Add localhost to the accepted packets field.
Restart the SNMP service so that changes take effect.
Download Dell Open Manage Essentials
Prior to installation, disable UAC.
Extract and install Dell Open Manage Essentials. OMSE has several prerequisites (.net 3.5, silverlight, etc.) which need to be installed, but that is beyond the scope of this article. You can install them by clicking on their respective links prior to installing OMSE.
Once all of the pre-requisites have been installed, proceed with the installation.
Open the Dell OpenManage Essentials application. There will be a wizard that explains the process of installing SNMP agents. Click next as you read the instructions or just finish since we will discuss that here in detail.
Configure the device discovery by adding your network’s internal IP address range in the discovery scope. OMSE will use this to scan your network and inventory your devices.
The next step is to select the type of agents to monitor. Although OMSE can use monitoring agents such as WMI and WS-MAN, we are going to focus on SNMP.
Enter your community name in the GET community field.
OMSE will begin a network discovery process. If you want to monitor your workstations and other DHCP enabled devices, allow the network discovery to proceed. You may however, not want to do this! DELL OMSE will ping devices based on a pre-determined schedule and if your users turn off their desktops and printers at night, you will receive system down notifications. You can opt to disable alerts during specific hours but this is not a good option. If a server’s RAID subsystem becomes degraded in the night, you will probably want to know about it right away.
I prefer to monitor network and infrastructure devices such as servers, networked printers, switches and routers, which are usually outside of the DHCP scope. There are other ways to get around the above mentioned issues, but for the sake of making things simple, I am going to exclude my DHCP scope and monitor only devices with static IP addresses.
Right click on the discovery and select STOP!
Create an exclusion range as shown below and enter your DHCP scope.
Click on discover schedule and select a date/time for discovery to be performed. In the name resolution section, use NetBIOS resolution if you don’t mind having the extra traffic. NetBIOS will find more devices on your network since it’s a broadcast protocol.
When finished with the discovery schedule, select date/time for the inventory schedule.
Finally select status schedule and add a pre-defined time to poll the devices.
I like to configure polling to every 20 minutes, this means it will take up to 20 minutes for the system to detect a node down and send you an alert. You can increase or decrease the polling time interval to compensate for network traffic vs. alert speed.
Click on the ALERTS menu and select as shown below to create a new email alert.
Give your alert a friendly name.
In the next screen, you can customize your alert message.
Click on the email settings tab to configure an SMTP server.
Select the type of notifications you want to receive.
Select the categories…
and the device types.
From the discovery and inventory menu, select the LAN inventory scope, right click on it and perform a discovery and inventory.
When completed, your monitored devices will be shown as below.
Now it’s time to install the agents on the client devices.
Monitoring and Alerting Event Errors in Microsoft Windows Operating System and Software
Installing SNMP Agents
There are two types of SNMP agents we will install to monitor our network devices. These agents will poll their devices for health and report back to the TRAP server via SNMP.
Windows SNMP Agent Event Viewer
This agent will collect data about Windows operating system and installed application. You can select which alerts will be sent to you by choosing Windows EVENT ID’s, or by category.
To begin, log in to a server that you want to monitor and install the SNMP service.
In the trap tab, add the community name and the IP address of the SNMP TRAP server.
In the security tab, disable authentication trap, add the READ ONLY community name and accept SNMP from localhost.
When finished, restart the SNMP service so that the changes take effect.
Once this is done, you can add alerts two ways. One way is to manually add the alerts you want. To do this, open a command prompt and run the command evntwin.exe.
In the example below, we are going to add Windows Server backup alerts. When Windows server backup does not complete successfully, the event will trigger an SNMP alert, which will be sent to the TRAP server, logged and finally e-mailed to you.
Click custom, and locate Windows backup from the applications folder. Highlight the Windows Backup events that you want to monitor and click on the add button.
Categorize the events by severity, highlight them and click add to add critical events and warnings in one simple step.
Once you have finished adding your custom events, highlight them and select settings to throttle the events. This will prevent to many events from filling your inbox in a short period of time.
Another way (and a better way) is to download our custom events script and run the script based on the type of server that you have. The script will import the most important events for you with the single click of a button. There are tens of thousands of events, so having a quick script will save you lots of time and trouble.
Download the zip file and extract the contents to c:\snmp folder.
Find the batch file for the type of server you are installing:
AutoImportExch – Exchange 2013, 2016 servers
AutoImportDC – Windows server 2008, 2012 and 2016 Domain Controllers
AutoImportServer – Windows Server 2008, 2012 and 2016
AutoImportSharePoint- SharePoint Server 2013, 2016
To install, simply double click on the server script and select run as administrator.
The script will begin installing the event alerts with periodic pauses at different categories.
When the script is finished, it will restart the SNMP service and log you out of Windows.
Log back in and execute the command evntwin.exe and you will see that thousands of critical events have been imported in to the event trap translator. It may take a while to load as it parses through thousands of events.
Don’t forget to highlight ALL the events, select settings, then apply a throttle.
I suggest no more than 2 of the same events in an 8 hour period… for sanity’s sake.
Now follow the above steps for all your Windows servers and you will be alerted whenever a critical alert takes place within your server environment. Sometimes, the errors can be hard to understand due to the large amount of information that is passed on.
If you have trouble, look for the Error Event ID (see example above)and a quick Web search will tell you more about the problem.
Conclusion: Rather than spending boring hours sifting through monotonous Windows logs, specific Windows event errors will trigger SNMP events, OMSE then sends you email notifications which allow you can take immediate action. This will no doubt free up valuable time so that you can concentrate on more important tasks:
Monitoring Hardware Using OMSA Dell Servers
Dell Open Manage Administrator is a collector of Dell hardware specific events. It can monitor the status of your RAID array, temperature of the CPU as well as memory and power supply redundancy. It will take critical events and forward them to the TRAP server who will log the event and send you a notification.
Dell OMSA should be installed on bare metal systems. Do not install it on virtual machines because virtual machines do not have hardware to monitor. OMSA is for monitoring physical machines only.
To begin, download Dell Open Manage Administrator. Extract the contents and install the software using the setup program. Log in to the UI and select alert management –> alert actions as shown below.
Click on each system event and enable the broadcast message option. Enable the system events you want to monitor.
If the server has a RAID controller, you will find the RAID alerts at the bottom of the page. Be sure to enable ALL the RAID events.
Enable the platform filter events.
Make sure that the community string and trap destinations are configured…
and finally decide on the verbosity level you want for the alert conditions.
The OMSA will now send SNMP alerts to the trap server and you will receive email alerts whenever and important event is triggered.
Adding Other Devices to Monitor using SNMP
With SNMP, it’s not just Windows and Dell servers you can manage! You can manage printers, routers, switches, et. al.
All you need is to enable SNMP on the device, set the community string and tell the device where to send the SNMP events to (the TRAP server).
In the example below, see how easy it is to configure SNMP alerts on a Sonicwall router?
Voila!
All you need to enter is the community name and the IP address of the TRAP server! Then, go to Logs –> Categories and select the categories you want monitored.
Even if your devices do not support SNMP, you can still monitor whether or not they are on or off. Dell OMSE will send you an alert if a device fails to respond to a ping.