[AGENT++] AgentX master/subagents: trap recipients? access controls?

Martin Janzen janzen at pixelmetrix.com
Fri Sep 5 06:47:29 CEST 2003 

I have a request from a customer who would like to have our SNMP agent 
(Agent++ on Linux) provide additional system information on running 
processes, disk usage, CPU performance, etc.; exactly the sort of thing 
you find in HOST-RESOURCES-MIB.  In order to accomplish this, I can see 
several possibilities:

#1. Implement support for HOST-RESOURCES-MIB tables myself, using Agent++.

#2. Install a different master agent, probably NET-SNMP, which supports 
HOST-RESOURCES-MIB, etc. already.  Use AgentX to route requests for 
proprietary managed objects to my current agent.

#3. Install NET-SNMP, and convert my agent to use NET-SNMP instead of 
Agent++.

#4. Any other ideas?  Anyone done HOST-RESOURCES-MIB in Agent++ already, 
perhaps...?  :)


The problem with #1 and #3, of course, is the substantial amount of time 
and effort required.

#2 sounds good, except that it does introduce some extra overhead for 
each query.  Furthermore, I have a question about AgentX which I was 
unable to answer by looking through documentation, list archives, etc.

As we all know, Agent++ uses the SNMP-NOTIFICATION-MIB and 
SNMP-TARGET-MIB to specify trap recipients.  Also, it provides 
sophisticated access control through the SNMP-VIEW-BASED-ACM-MIB and 
SNMP-USER-BASED-SM-MIB.  Last time I looked, NET-SNMP does not; instead, 
trap recipients are simply added to a configuration file, and I'm not 
sure whether it supports access control at all.

This may not be a huge problem:  I'm fairly certain that none of our 
current users actually takes advantage of the more sophisticated 
view/user-based features at all, since these are complicated topics and 
we'd certainly have received at least one or two questions about it! :) 
  Same goes for trap recipients: a simple list of target IP 
address/ports and v1/v2c flags is all that most people seem to care about.

Still, I'm wondering how this is handled under AgentX -- how a master 
agent and subagent with different access control and trap handling 
mechanisms interact.  Does the subagent simply leave everything to the 
master?  Does view/user checking occur in both places?  Etc.  I'd very 
much appreciate hearing from anyone who has implemented the 
Agent++/NET-SNMP combination successfully.  Of course, other suggestions 
as to how to accomplish the same thing are welcome too!

Cheers; thanks in advance...

-- 
Martin Janzen
janzen at pixelmetrix dot com

More information about the AGENTPP mailing list