Differenze tra le versioni di "AdminGuide:Service:SNMP/en"

Da Kalliope Wiki.
Jump to navigation Jump to search
(Pagina sostituita con '==Configuration==')
Etichetta: Ripristino manuale
 
(5 versioni intermedie di uno stesso utente non sono mostrate)
Riga 25: Riga 25:
The iReasoning MI Browser client was used for the configuration examples, it can make SNMP queries and shows the subtree organization.
The iReasoning MI Browser client was used for the configuration examples, it can make SNMP queries and shows the subtree organization.


<div class="mw-translate-fuzzy">
===System info===
===System settings===
[[File:Ireasoning.png|350px|destra]]
[[File:Ireasoning.png|350px|destra]
</div>


The following information is mandatory; if it is not entered, the SNMP service cannot start.
The following information is mandatory; if it is not entered, the SNMP service cannot start.
* '''sysName'''': is a particular OID under the system tree (which is the first child and is denoted as 1.3.1.2.1.1), sysName is the machine name and is 1.3.6.1.2.1.5.0 (the 0 at the bottom since it is scalar type).  
* '''sysName''': is a particular OID under the system tree (which is the first child and is denoted as 1.3.1.2.1.1), sysName is the machine name and is 1.3.6.1.2.1.5.0 (the 0 at the bottom since it is scalar type).  
* '''sysLocation''' : is the physical location, it acts as a kind of inventory
* '''sysLocation''' : is the physical location, it acts as a kind of inventory
* '''sysContact''' : email address of the contact person to contact if there is an anomaly in that particular node
* '''sysContact''' : email address of the contact person to contact if there is an anomaly in that particular node


Nelle impostazioni definite c’è l’albero delle MIB 2 e le host-resources (1.3.6.1.25) che sono i due che si espongono su Kalliope.
In the defined settings, MIB tree 2 and host-resources (1.3.6.1.25) are the two that are exposed on Kalliope.
Vengono anche esposte le MIB proprietarie e il software può leggere tutto l’albero poiché lo scansiona interamente ed è compito dell’agent restituire i valori.
Proprietary MIBs are also exposed and the software can read the whole tree since it scans it entirely, and it is the agent's job to return the values.
Il file delle MIB serve per permettere al software che fa monitoraggio di sapere la singola foglia che conosce solo per numero che cosa sia.
The MIBs file allows the software monitoring to know the single leaf that only knows by number what it is.


NETRESULTS-MIB DEFINITIONS ::= BEGIN
===SNMP Access Settings===
* '''Listening address''': e.g., by default 0.0.0.0 means it listens on all interfaces of the central unit. But, if we have a PBX with multiple network interfaces (some public and some private) and you want the SNMP service to be accessible from only one of these interfaces, you can put the IP address of the interface you want the service to be active. Then you can do a bind of the service on the IP entered; this must be one of the central unit's IPs (either one of its interfaces or that of the High Reliability in the case of a cluster). In the last case, in the case of HA, explicit monitoring should be done not pointing to the resource IP but the individual IPs of the two nodes.
IMPORTS
* '''Listen port''': 161 is the standard port since SNMP uses the UDP transport protocol.
enterprises, MODULE-IDENTITY
* '''Community v1/v2''': these are the basic versions of SNMP supported by monitoring systems, SNMP v3 support is not yet enabled. The default value that is used is "public"
FROM SNMPv2-SMI;
* '''ACL'''': Access Control List, is a restriction on which IP address the client must have for querying. If an SNMP request comes in outside the ACL, it is rejected.
netresults MODULE-IDENTITY
LAST-UPDATED "201801070200Z"
ORGANIZATION "NetResults Srl"
CONTACT-INFO
"NetResults Support
Email: support@netresults.it"
DESCRIPTION
"The NetResults private-enterprise MIB"
REVISION "201807010200Z"
DESCRIPTION
"Initial revision."
::= { enterprises 33732 }
kalliope OBJECT IDENTIFIER ::= { netresults 1 }
END
KALLIOPEPBX-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-TYPE, MODULE-IDENTITY, Integer32, Counter32, TimeTicks,
Unsigned32, Gauge32
FROM SNMPv2-SMI
netresults, kalliope
FROM NETRESULTS-MIB;
kalliopepbx MODULE-IDENTITY
LAST-UPDATED "201801240025Z"
ORGANIZATION "NetResults Srl"
CONTACT-INFO "NetResults Srl
support@netresults.it"
DESCRIPTION
"KalliopePBX.  This MIB defined
objects for managing KalliopepBX nodes."
REVISION "201801082025Z"
DESCRIPTION
"Initial published revision."
REVISION "201801240025Z"
DESCRIPTION
"Added kPbxNodeInfoServicesAsterisk subtree"
REVISION "201807250025Z"
DESCRIPTION
"Whole kalliopepbx sub-tree reorganization"
::= { kalliope  1 }
-- textual conventions
KBytes ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Storage size, expressed in units of 1024 bytes."
    SYNTAX Integer32 (0..2147483647)
kpbxNode            OBJECT IDENTIFIER ::= { kalliopepbx 1 }
kpbxNodeInfo        OBJECT IDENTIFIER ::= { kpbxNode 1 }
kpbxNodeServices    OBJECT IDENTIFIER ::= { kpbxNode 2 }
kpbxNodeSecurity    OBJECT IDENTIFIER ::= { kpbxNode 3 }
kpbxNodeTenants    OBJECT IDENTIFIER ::= { kpbxNode 4 }
kpbxNodeAccounts    OBJECT IDENTIFIER ::= { kpbxNode 5 }
kpbxNodeCalls      OBJECT IDENTIFIER ::= { kpbxNode 6 }
--
-- kpbxNodeInfo
--
kpbxNodeInfoSystem  OBJECT IDENTIFIER ::= { kpbxNodeInfo 1 }
kpbxNodeInfoVersion OBJECT IDENTIFIER ::= { kpbxNodeInfo 2 }
--
-- kpbxNodeInfoSystem
--
-- kpbxNodeInfoSysPartNumber
kpbxNodeInfoSysPartNumber OBJECT-TYPE
    SYNTAX    DisplayString
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "KalliopePBX part number."
      ::= { kpbxNodeInfoSystem 1 }
-- kpbxNodeInfoSysHWId
kpbxNodeInfoSysHWId OBJECT-TYPE
    SYNTAX    DisplayString
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "KalliopePBX hardware ID."
      ::= { kpbxNodeInfoSystem 2 }
-- kpbxNodeInfoSysSerialNumber
kpbxNodeInfoSysSerialNumber OBJECT-TYPE
    SYNTAX    DisplayString
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "KalliopePBX serial number."
      ::= { kpbxNodeInfoSystem 3 }
--
-- kpbxNodeInfoVersion
--
-- kpbxNodeInfoVersionPrimaryFirmware
kpbxNodeInfoVersionPrimaryFirmware OBJECT-TYPE
    SYNTAX    DisplayString
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "Version of the primary firmware."
      ::= { kpbxNodeInfoVersion 1 }
-- kpbxNodeInfoVersionSecondaryFirmware
kpbxNodeInfoVersionSecondaryFirmware OBJECT-TYPE
    SYNTAX    DisplayString
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "Version of the secondary firmware."
      ::= { kpbxNodeInfoVersion 2 }
-- kpbxNodeInfoVersionBootloader
kpbxNodeInfoVersionBootloader OBJECT-TYPE
    SYNTAX    DisplayString
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "Version of the bootloader."
      ::= { kpbxNodeInfoVersion 3 }
-- kpbxNodeInfoVersionRunning
kpbxNodeInfoVersionRunning OBJECT-TYPE
    SYNTAX    DisplayString
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "Version of the running firmware."
      ::= { kpbxNodeInfoVersion 4 }
--
-- kpbxNodeServices
--
kpbxNodeServicesAsterisk OBJECT IDENTIFIER ::= { kpbxNodeServices 1 }
--
-- kpbxNodeServicesAsterisk
--
-- kpbxNodeServicesAsteriskUpTime
kpbxNodeServicesAsteriskUpTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Time ticks since Asterisk was started."
::= { kpbxNodeServicesAsterisk 1 }
-- kpbxNodeServicesAsteriskReloadTime
kpbxNodeServicesAsteriskReloadTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Time ticks since Asterisk was last reloaded."
::= { kpbxNodeServicesAsterisk 2 }
-- kpbxNodeServicesAsteriskVMSize
kpbxNodeServicesAsteriskVMSize OBJECT-TYPE
    SYNTAX    KBytes
    UNITS      "KBytes"
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "Virtual memory size for Asterisk process."
      ::= { kpbxNodeServicesAsterisk 3 }
-- kpbxNodeServicesAsteriskVMRSS
kpbxNodeServicesAsteriskVMRSS OBJECT-TYPE
    SYNTAX    KBytes
    UNITS      "KBytes"
    MAX-ACCESS read-only
    STATUS    current
    DESCRIPTION
            "Resident set size for Asterisk process."
      ::= { kpbxNodeServicesAsterisk 4 }
--
-- kpbxNodeSecurity
--
kpbxNodeSecuritySip OBJECT IDENTIFIER ::= { kpbxNodeSecurity 1 }
--
-- kalliopePbxNodeSecuritySip
--
-- kpbxNodeSecuritySipTotalAuthFailed
kpbxNodeSecuritySipTotalAuthFailed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of autentication failed since last restart."
::= { kpbxNodeSecuritySip 1 }
-- kpbxNodeSecuritySipBadPasswordAuthFailed
kpbxNodeSecuritySipBadPasswordAuthFailed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of autentication failed due to incorrect password since last restart."
::= { kpbxNodeSecuritySip 2 }
-- kpbxNodeSecuritySipACLAuthFailed
kpbxNodeSecuritySipACLAuthFailed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of autentication failed due to source IP address violating ACL since last restart."
::= { kpbxNodeSecuritySip 3 }
--
-- kpbxNodeTenants
--
-- kpbxNodeNumTenants
kpbxNodeNumTenants OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of tenants currently defined."
::= { kpbxNodeTenants 1 }
--
-- kpbxNodeAccounts
--
-- kpbxNodeTotalAccountsConfigured
kpbxNodeTotalAccountsConfigured OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of configured accounts."
::= { kpbxNodeAccounts 1 }
-- kpbxNodeTotalAccountsReachable
kpbxNodeTotalAccountsReachable OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of accounts registered and reachable with RTT < 2000ms."
::= { kpbxNodeAccounts 2 }
-- kpbxNodeTotalAccountsUnreachable
kpbxNodeTotalAccountsUnreachable OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of accounts registered and unreachable."
::= { kpbxNodeAccounts 3 }
-- kpbxNodeTotalAccountsNotRegistered
kpbxNodeTotalAccountsNotRegistered OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of not registered accounts."
::= { kpbxNodeAccounts 4 }
-- kpbxNodeTotalAccountsLagged
kpbxNodeTotalAccountsLagged OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of accounts registered and reachable with RTT >= 2000ms."
::= { kpbxNodeAccounts 5 }
--
-- kpbxNodeCallsActive
--
kpbxNodeCallsActive            OBJECT IDENTIFIER ::= { kpbxNodeCalls 1 }
kpbxNodeCallsActiveAllTenants  OBJECT IDENTIFIER ::= { kpbxNodeCallsActive 1 }
-- kpbxNodeCurrentCallsAllTotal
kpbxNodeCurrentCallsAllTotal OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of current calls for all tenants."
::= { kpbxNodeCallsActiveAllTenants 1 }
-- kpbxNodeCurrentCallsAllIn
kpbxNodeCurrentCallsAllIn OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of current incoming calls for all tenants."
::= { kpbxNodeCallsActiveAllTenants 2 }
-- kpbxNodeCurrentCallsAllOut
kpbxNodeCurrentCallsAllOut OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of current outgoing calls for all tenants."
::= { kpbxNodeCallsActiveAllTenants 3 }
-- kpbxNodeCurrentCallsAllLocal
kpbxNodeCurrentCallsAllLocal OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of current local calls for all tenants."
::= { kpbxNodeCallsActiveAllTenants 4 }
--
-- kpbxNodeCallsProcessed
--
kpbxNodeCallsProcessed              OBJECT IDENTIFIER ::= { kpbxNodeCalls 2 }
kpbxNodeCallsProcessedAllTenants    OBJECT IDENTIFIER ::= { kpbxNodeCallsProcessed 1 }
-- kpbxNodeProcessedCallsAllTotal
kpbxNodeProcessedCallsAllTotal OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of processed calls for all tenants from last boot."
::= { kpbxNodeCallsProcessedAllTenants 1 }
END


'''ATTENZIONE:''' Non è consigliato ACL 0.0.0.0/0, è sempre bene restringere l’accesso solo agli IP autorizzati
'''CAUTION:''' ACL 0.0.0.0/0 is not recommended, it is always good to restrict access only to authorized IPs


Return to [[AdminGuide:Service/en|AdminGuide:Service]]
===TRAP settings===
Traps are a reactive-type mechanism that SNMP agents have for notifying the occurrence of events.
Kalliope has not added specifications to the system, and basic ones are present:


* 0: ColdStart
* 0: ColdStart
Riga 400: Riga 57:
* 6: enterpreseSpecific
* 6: enterpreseSpecific


Indicazioni sulla configurazione delle TRAP:
Directions on the configuration of TRAPs:


* '''Metodo di invio delle TRAP''': specificare se si vuole mandare la trap in versione 1 o 2
* '''TRAP send mode''': specify whether you want to send the trap in version 1 or 2
* '''Indirizzo IP di destinazione delle TRAP''': indicare indirizzo IP del server di monitoraggio a cui inviare le TRAP
* '''TRAP destination address''': indicate IP address of the monitoring server to send TRAPs to
* '''Porta di destinazione delle TRAP''': es. 162 è la standard
* '''TRAP destination port''': e.g. 162 is the standard one


Sulla dashboard viene indicata l’esecuzione del servizio SNMP tramite il pallino verde e lo stato “Attivo”.
On the dashboard, the execution of the SNMP service is indicated by the green dot and the "Active" status.
[[File:Monitoraggio attivo.png|500px|centro]]
[[File:Monitoraggio attivo.png|500px|centro]]
<br>
<br>


È possibile fare un’interrogazione dell’agent su Kalliope tramite un qualunque client SNMP (in questo caso si utilizza il già sopracitato iReasoning MIB Browser).
You can do an agent query on Kalliope via any SNMP client (in this case you can use the iReasoning MIB Browser).
Bisogna indicare l’indirizzo IP a cui collegarsi e poi impostare
You need to indicate the IP address to connect to and then set up
* '''Agent NSMP Version''': i valori di default con cui fare la richiesta, ovvero si può scegliere se farla in versione 1 o 2
* '''Agent NSMP Version''': the default values with which to make the request, i.e. you can choose whether to make it in version 1 or 2  
* '''Agent Read Community''': qual è la community di lettura per poter avere accesso ai dati
* '''Agent Read Community''': what is the read community in order to get access to the data
* '''Agent Port''': si può indicare la porta standard, 161
* '''Agent Port''': you can indicate the standard port, 161
* '''Agent Write Community''': non è abilitata la possibilità di fare scrittura tramite SNMP
* '''Agent Write Community'''': the ability to do write via SNMP is not enabled


[[File:Impostazioni client.png|400px]]
[[File:Impostazioni client.png|400px]]


Dopo aver effettuato l'interrogazione è possibile leggere il contenuto dell’albero che è presente su Kalliope.  
After making the query, it is possible to read the contents of the tree that is present on Kalliope.  
La lettura può essere fatta oggetto per oggetto:
The reading can be done on an object-by-object basis:
Il sottoalbero '''system''' presente le seguenti informazioni tra cui il sysContact, il sysName e il sysLocation.
The subtree '''system''' present the following information including the sysContact, sysName and sysLocation.


[[File:System.png|800px]]
[[File:System.png|800px]]


Il pannello '''interfaces''' restituisce le varie interfacce presenti e per ciascuna indica lo stato operativa e i byte scambiati in ingresso e uscita, questo permette ai sistemi di monitoraggio di far vedere il grafico dell’occupazione:
The '''interfaces''' panel returns the various interfaces present and for each indicates the operational status and bytes exchanged in and out, this allows monitoring systems to show the occupancy graph:


[[File:Interfaces.png|800px]]
[[File:Interfaces.png|800px]]


Esempio del kpbxNode:
kpbxNode example:


[[File:KpbxNode.png|800px]]
[[File:KpbxNode.png|800px]]


'''N.B.''' Il contatore delle autenticazioni fallite (evidenziato in blu) è un dato importante poiché nel momento in cui dovesse arrivare un burst di autenticazioni fallite, probabilmente si tratterebbe di un attacco proveniente dall’esterno.
'''N.B.'' The counter of failed authentications (highlighted in blue) is essential data because if a burst of failed authentications comes in, it is likely to be an attack from outside.




KalliopePBX espone delle MIB che consentono il monitoraggio del funzionamento dell’apparato tramite il protocollo di comunicazione standard SNMP. <br>
KalliopePBX implements MIBs that allow you to monitor the functioning of the equipment through the SNMP standard communication protocol. <br>


Le MIB SNMP consultabili su Kalliope sono:
The MIBs that can be consulted are:
*MIB-II standard (RFC 1213) – Questa MIB definisce gli oggetti per la gestione e il monitoraggio di un apparato in una rete TCP/IP, in particolare su Kalliope sono implementati i seguenti sottoalberi: system, interfaces, at, ip, icmp, tcp, udp, transmission, snmp  OID: 1.3.6.1.2.1.1/2/3/4/5/6/7/10/11
*RFC1213-MIB - This MIB defines objects for managing and monitoring an entity in a TCP/IP network. On KalliopePBX the following subtrees are implemented: system, interfaces, at, ip, icmp, tcp, udp, transmission, snmp  OID: 1.3.6.1.2.1.1/2/3/4/5/6/7/10/11
https://datatracker.ietf.org/doc/rfc1213/
https://datatracker.ietf.org/doc/rfc1213/


*Host Resource MIB (RFC 2790) - Questa MIB definisce un insieme di oggetti contenenti la configurazione di host (server/computer) collegati ad una rete TCP/IP indipendentemente dal sistema operativo, dai servizi di rete e dalle applicazioni software installate. OID: 1.3.6.1.2.1.25
*RFC 2790 Host Resources MIB - This MIB defines a set of objects containing the configuration of hosts (servers/computers) connected to a TCP/IP network independently of the operating system, the network services, and the installed software. OID: 1.3.6.1.2.1.25
https://datatracker.ietf.org/doc/rfc2790/
https://datatracker.ietf.org/doc/rfc2790/


*UCD-SNMP-MIB – Questa MIB definisce gli oggetti per il monitoraggio delle performance di un host (ad es. CPU /RAM / occupazione dischi). OID: 1.3.6.1.4.1.2021  
*UCD-SNMP-MIB - This MIB defines objects for monitoring the performance of a host (e.g. CPU /RAM / disk occupation). OID: 1.3.6.1.4.1.2021  
http://www.net-snmp.org/mibs/UCD-SNMP-MIB.txt
http://www.net-snmp.org/mibs/UCD-SNMP-MIB.txt


*Kalliope MIB: questa MIB proprietaria fornisce informazioni aggiuntive sulla configurazione e il funzionamento dei servizi implementati sul nodo Kalliope come ad es. numero di account configurati o registrati, chiamate contemporanee, numero totale di chiamate. OID:1.3.6.1.4.1.33732
*Kalliope MIB - This proprietary MIB provides information on the configuration and the functioning of the services implemented on the Kalliope node, such as number of configured or registered accounts, simultaneous calls, total number of calls. OID:1.3.6.1.4.1.33732


Scarica i file di definizioni delle MIB:
Download the MIB definitions files:


[[Media:Definizioni MIB.zip]]
[[Media:Definizioni MIB.zip]]

Versione attuale delle 06:57, 28 giu 2022

Altre lingue:

Return to AdminGuide:Service

Description

Protocol Operation

SNMP is the standard for network management and monitoring. Thus, it is a protocol used to monitor the state of a machine, specifically, to acquire from a monitoring server external to Kalliope status parameters related to CPU load, memory occupancy, disk space, and concurrent calls. It is a standard protocol available on Kalliope; OIDs (monitored objects) are made available on the central. Those defined in the standard MIB 2 are used, where object identifiers are made available through the agent. The server is the monitoring system that queries, while the SNMP agent is the service used to expose the data to a client that requests it. SNMP involves the client requesting the agent to find out the value of the OID, and the agent returns the value.

The data within the agent is organized in the form of a tree. The data indicate, for example, the version of the primary and secondary firmware, information regarding telephone services, the size of virtual memory occupied by the process, and the total number of failed authentication attempts by SIP clients.

Objects are defined as an index of a leaf under a parent: a tree structure allows you to access by specifying the path address between the subtrees to the leaf, which is the object you want to monitor. SNMP provides:

  • Manager
  • Agent
  • Protocol

The representation of an OIP is done as a sequence of numbers, e.g., 1.3.6.1.2.1.4.6 is the path within the tree, and each point in the path has its textual correspondence.

Configuration

Impostazioni di sistema, SNMP.png

To enable NSMP support, go to "System Settings > SNMP Settings" and hit the "Enabled" checkmark.

The iReasoning MI Browser client was used for the configuration examples, it can make SNMP queries and shows the subtree organization.

System info

Ireasoning.png

The following information is mandatory; if it is not entered, the SNMP service cannot start.

  • sysName: is a particular OID under the system tree (which is the first child and is denoted as 1.3.1.2.1.1), sysName is the machine name and is 1.3.6.1.2.1.5.0 (the 0 at the bottom since it is scalar type).
  • sysLocation : is the physical location, it acts as a kind of inventory
  • sysContact : email address of the contact person to contact if there is an anomaly in that particular node

In the defined settings, MIB tree 2 and host-resources (1.3.6.1.25) are the two that are exposed on Kalliope. Proprietary MIBs are also exposed and the software can read the whole tree since it scans it entirely, and it is the agent's job to return the values. The MIBs file allows the software monitoring to know the single leaf that only knows by number what it is.

SNMP Access Settings

  • Listening address: e.g., by default 0.0.0.0 means it listens on all interfaces of the central unit. But, if we have a PBX with multiple network interfaces (some public and some private) and you want the SNMP service to be accessible from only one of these interfaces, you can put the IP address of the interface you want the service to be active. Then you can do a bind of the service on the IP entered; this must be one of the central unit's IPs (either one of its interfaces or that of the High Reliability in the case of a cluster). In the last case, in the case of HA, explicit monitoring should be done not pointing to the resource IP but the individual IPs of the two nodes.
  • Listen port: 161 is the standard port since SNMP uses the UDP transport protocol.
  • Community v1/v2: these are the basic versions of SNMP supported by monitoring systems, SNMP v3 support is not yet enabled. The default value that is used is "public"
  • ACL': Access Control List, is a restriction on which IP address the client must have for querying. If an SNMP request comes in outside the ACL, it is rejected.

CAUTION: ACL 0.0.0.0/0 is not recommended, it is always good to restrict access only to authorized IPs

TRAP settings

Traps are a reactive-type mechanism that SNMP agents have for notifying the occurrence of events. Kalliope has not added specifications to the system, and basic ones are present:

  • 0: ColdStart
  • 1: WarmStart
  • 2: linkDOwn
  • 3: linkUp
  • 4: authenticationFailure
  • 5: egpNeighbortLoss
  • 6: enterpreseSpecific

Directions on the configuration of TRAPs:

  • TRAP send mode: specify whether you want to send the trap in version 1 or 2
  • TRAP destination address: indicate IP address of the monitoring server to send TRAPs to
  • TRAP destination port: e.g. 162 is the standard one

On the dashboard, the execution of the SNMP service is indicated by the green dot and the "Active" status.

Monitoraggio attivo.png


You can do an agent query on Kalliope via any SNMP client (in this case you can use the iReasoning MIB Browser). You need to indicate the IP address to connect to and then set up

  • Agent NSMP Version: the default values with which to make the request, i.e. you can choose whether to make it in version 1 or 2
  • Agent Read Community: what is the read community in order to get access to the data
  • Agent Port: you can indicate the standard port, 161
  • Agent Write Community': the ability to do write via SNMP is not enabled

Impostazioni client.png

After making the query, it is possible to read the contents of the tree that is present on Kalliope. The reading can be done on an object-by-object basis: The subtree system present the following information including the sysContact, sysName and sysLocation.

System.png

The interfaces panel returns the various interfaces present and for each indicates the operational status and bytes exchanged in and out, this allows monitoring systems to show the occupancy graph:

Interfaces.png

kpbxNode example:

KpbxNode.png

'N.B. The counter of failed authentications (highlighted in blue) is essential data because if a burst of failed authentications comes in, it is likely to be an attack from outside.


KalliopePBX implements MIBs that allow you to monitor the functioning of the equipment through the SNMP standard communication protocol.

The MIBs that can be consulted are:

  • RFC1213-MIB - This MIB defines objects for managing and monitoring an entity in a TCP/IP network. On KalliopePBX the following subtrees are implemented: system, interfaces, at, ip, icmp, tcp, udp, transmission, snmp OID: 1.3.6.1.2.1.1/2/3/4/5/6/7/10/11

https://datatracker.ietf.org/doc/rfc1213/

  • RFC 2790 Host Resources MIB - This MIB defines a set of objects containing the configuration of hosts (servers/computers) connected to a TCP/IP network independently of the operating system, the network services, and the installed software. OID: 1.3.6.1.2.1.25

https://datatracker.ietf.org/doc/rfc2790/

  • UCD-SNMP-MIB - This MIB defines objects for monitoring the performance of a host (e.g. CPU /RAM / disk occupation). OID: 1.3.6.1.4.1.2021

http://www.net-snmp.org/mibs/UCD-SNMP-MIB.txt

  • Kalliope MIB - This proprietary MIB provides information on the configuration and the functioning of the services implemented on the Kalliope node, such as number of configured or registered accounts, simultaneous calls, total number of calls. OID:1.3.6.1.4.1.33732

Download the MIB definitions files:

Media:Definizioni MIB.zip

Estratto da "https://www.kalliope.com/wiki/index.php?title=AdminGuide:Service:SNMP/en&oldid=17035"