In the short tutorial below, we will set up a SNMP monitor to gather TCP connections data. We could use those to keep statistics on TCP activity and/or control TCP connections as well. Click on the pictures provided below to see their full version.
Starting SNMP services on the host
|Detailed explanation how to set up, configure and start SNMP services on the host machine we are about to monitor processor load on is outside the scope of this tutorial.
You should look for documentation on software packages such as net-snmp and/or firewall settings to have SNMP services be set up correctly and securely. Further on this tutorial we assume you have set up the SNMP services and the computer where IPHost Netwrk Monitor runs is allowed to connect to those services.
Creating SNMP monitor
Setting up monitoring parameters
|Launch the MIB browser (see above how to do that) to proceed. If you haven’t loaded proper MIB file (RFC1213-MIB should do), the browser will not show you much useful information. Download the mentioned MIB file, click on “MIBs” button (lower left corner of the MIB browser) and look whether the required MIB is loaded already.|
|If RFC1213-MIB is already on the list, skip this step safely. Otherwise, make sure the downloaded MIB file is placed into %ProgramData%\IPHost Network Monitor\mibs and click “Import” button. Select the required MIB file and click “Open”.|
|Now refresh MIB browser window by clicking “Refresh” button. To find OIDs related to TCP connections state, type word “tcpConnState” to the right of “Find” label. The browser will only show those entries with the entered word found in elements names.
Note: the TCP connections individual entries are encoded in this manner: the branch OID identifier is concatenated with destination IP address, port, followed by source IP address and source port. Thus, we can monitor individual connections (check for their presence). In this tutorial we will monitor SMTP local services, thus the OID tail will look like 0.0.0.0.18.104.22.168.0.0. For more complex monitoring, such as listing of all active TCP connection to the given port, you could choose making a custom script calculating such values and using another type of monitor to watch the corresponding value.
You can also add custom SNMP entries (refer to SNMP server documentation for details) and continue using SNMP monitor to watch the resulting value. Choose whatever way is optimal for you.
Select the mentioned entry and click “OK” to return to monitor properties editor.
|Now we will create a monitor so that it raised an alarm wherever the watched item isn’t in ‘listen’ state.
Scroll down the properties editor until you reach “Performance Monitoring” section.
Note there are two levels of alarm available. Warning, when the monitored parameter isn’t acceptable, but the situation isn’t critical, and Down when it requires instant attention.
Please use your specific situation into account when setting the thresholds. In our sample, we use value of 2 to trigger a severe problem.
To learn further how to set up alerts, read Alerting and Actions section of our quick start guide.
What to do next?
IPHost Network Monitor 5.3 build 14217 of May 17, 2022. File size: 69MB