[AGENT++] AgentX master/subagents: trap recipients? access controls?
Martin Janzen
janzen at pixelmetrix.com
Fri Sep 5 06:47:29 CEST 2003
I have a request from a customer who would like to have our SNMP agent
(Agent++ on Linux) provide additional system information on running
processes, disk usage, CPU performance, etc.; exactly the sort of thing
you find in HOST-RESOURCES-MIB. In order to accomplish this, I can see
several possibilities:
#1. Implement support for HOST-RESOURCES-MIB tables myself, using Agent++.
#2. Install a different master agent, probably NET-SNMP, which supports
HOST-RESOURCES-MIB, etc. already. Use AgentX to route requests for
proprietary managed objects to my current agent.
#3. Install NET-SNMP, and convert my agent to use NET-SNMP instead of
Agent++.
#4. Any other ideas? Anyone done HOST-RESOURCES-MIB in Agent++ already,
perhaps...? :)
The problem with #1 and #3, of course, is the substantial amount of time
and effort required.
#2 sounds good, except that it does introduce some extra overhead for
each query. Furthermore, I have a question about AgentX which I was
unable to answer by looking through documentation, list archives, etc.
As we all know, Agent++ uses the SNMP-NOTIFICATION-MIB and
SNMP-TARGET-MIB to specify trap recipients. Also, it provides
sophisticated access control through the SNMP-VIEW-BASED-ACM-MIB and
SNMP-USER-BASED-SM-MIB. Last time I looked, NET-SNMP does not; instead,
trap recipients are simply added to a configuration file, and I'm not
sure whether it supports access control at all.
This may not be a huge problem: I'm fairly certain that none of our
current users actually takes advantage of the more sophisticated
view/user-based features at all, since these are complicated topics and
we'd certainly have received at least one or two questions about it! :)
Same goes for trap recipients: a simple list of target IP
address/ports and v1/v2c flags is all that most people seem to care about.
Still, I'm wondering how this is handled under AgentX -- how a master
agent and subagent with different access control and trap handling
mechanisms interact. Does the subagent simply leave everything to the
master? Does view/user checking occur in both places? Etc. I'd very
much appreciate hearing from anyone who has implemented the
Agent++/NET-SNMP combination successfully. Of course, other suggestions
as to how to accomplish the same thing are welcome too!
Cheers; thanks in advance...
--
Martin Janzen
janzen at pixelmetrix dot com
More information about the AGENTPP
mailing list