[AGENT++] AgentX master/subagents: trap recipients? access controls?

Frank Fock fock at agentpp.com
Fri Sep 5 09:08:42 CEST 2003 

Henning Eggers wrote:

>>I have a request from a customer who would like to have our SNMP agent
>>(Agent++ on Linux) provide additional system information on running
>>processes, disk usage, CPU performance, etc.; exactly the sort of thing
>>you find in HOST-RESOURCES-MIB.
>>    
>>
>
>I have the same sort of request here, except that it is for Windows. Since
>we are already using AgentX, it would obviously be best to have a subagent
>that queries the API to get that sort of information. Has anyone done an
>Agent++-Agent for HOST-RESOURCES? It doesn't have to be an AgentX-subagent,
>because that could easily be converted.
>  
>
The team around Glenn Puchtel (http://www.gplicity.com) have implemented
the HOST-RESOURCES-MIB for Solaris, Linux, and Windows. I guess
he will reply on this too.

In addition to the 3 options, Martin listed, you could also run the NET-SNMP
agent (on Solaris/Linux only) as subagent of an AgentX++ master agent.

>  
>
>>Still, I'm wondering how this is handled under AgentX -- how a master
>>agent and subagent with different access control and trap handling
>>mechanisms interact.  Does the subagent simply leave everything to the
>>master?  Does view/user checking occur in both places?
>>    
>>
>
>The master is the master is the master ;-)
>>From my understanding the master does all the authentication, encryption,
>view checking etc. Subagents just register the region they are responsible
>for and answer any query that gets forwarded to them by the master. If a
>query can not authenticate itself or tries to make access outside its view,
>the master won't even forward it to the subagent. There is no authentication
>on the AgentX-Protocol, so the master should only listen on the loopback
>interface or use a unix socket to limit access to local processes only.
>Traps are simply forwared to the master which then uses TARGET-MIB etc. to
>determine where and how to send it out on the network. The subagent does not
>know anything about that.
>  
>
The bove is absolutely correct, the master agent does access control
and forwards traps received from subagents via AgentX according to
the settings in the SNMP application MIBs. On Unix systems, it is
recommended to use UNIX domain sockets as AgentX transport,
because it provides more access control than TCP.

Regards,
Frank Fock

More information about the AGENTPP mailing list