[AGENT++] AgentX master/subagents: trap recipients? access controls?

Glenn Puchtel gpuchtel at gplicity.com
Fri Sep 5 13:52:02 CEST 2003 

Thanks Frank for the acknowledgment and yes, we can provide this type of
functionality on Windows, Linux and Solaris.  In addition to the
HOST-RESOURCES-MIB our agents support the following RFC's (MIB's):

	RFC 2011 - IP-MIB
	RFC 2012 - TCP-MIB
	RFC 2013 - UDP-MIB
	RFC 2863 - IF-MIB
	RFC 2790 - HOST-RESOURCES-MIB

Our master agent is built on the Agent++ libraries so you can take
advantage of all the functionality it provides (SNMPv1, v2c and v3
including access control).  

Moreover, the MIB support has been implemented as AgentX subagents, so
if want to use your own master agent you can simply load one or more of
the MIB DLL's.

Let us know if and how we can be of help.

Regards,
Glenn Puchtel
Gplicity LLC
gpuchtel at gplicity.com

-----Original Message-----
From: agentpp-admin at agentpp.org [mailto:agentpp-admin at agentpp.org] On
Behalf Of Frank Fock
Sent: Friday, September 05, 2003 3:09 AM
To: Henning Eggers
Cc: Martin Janzen; agentpp at agentpp.org
Subject: Re: [AGENT++] AgentX master/subagents: trap recipients? access
controls?

Henning Eggers wrote:

>>I have a request from a customer who would like to have our SNMP agent
>>(Agent++ on Linux) provide additional system information on running
>>processes, disk usage, CPU performance, etc.; exactly the sort of
thing
>>you find in HOST-RESOURCES-MIB.
>>    
>>
>
>I have the same sort of request here, except that it is for Windows.
Since
>we are already using AgentX, it would obviously be best to have a
subagent
>that queries the API to get that sort of information. Has anyone done
an
>Agent++-Agent for HOST-RESOURCES? It doesn't have to be an
AgentX-subagent,
>because that could easily be converted.
>  
>
The team around Glenn Puchtel (http://www.gplicity.com) have implemented
the HOST-RESOURCES-MIB for Solaris, Linux, and Windows. I guess
he will reply on this too.

In addition to the 3 options, Martin listed, you could also run the
NET-SNMP
agent (on Solaris/Linux only) as subagent of an AgentX++ master agent.

>  
>
>>Still, I'm wondering how this is handled under AgentX -- how a master
>>agent and subagent with different access control and trap handling
>>mechanisms interact.  Does the subagent simply leave everything to the
>>master?  Does view/user checking occur in both places?
>>    
>>
>
>The master is the master is the master ;-)
>>From my understanding the master does all the authentication,
encryption,
>view checking etc. Subagents just register the region they are
responsible
>for and answer any query that gets forwarded to them by the master. If
a
>query can not authenticate itself or tries to make access outside its
view,
>the master won't even forward it to the subagent. There is no
authentication
>on the AgentX-Protocol, so the master should only listen on the
loopback
>interface or use a unix socket to limit access to local processes only.
>Traps are simply forwared to the master which then uses TARGET-MIB etc.
to
>determine where and how to send it out on the network. The subagent
does not
>know anything about that.
>  
>
The bove is absolutely correct, the master agent does access control
and forwards traps received from subagents via AgentX according to
the settings in the SNMP application MIBs. On Unix systems, it is
recommended to use UNIX domain sockets as AgentX transport,
because it provides more access control than TCP.

Regards,
Frank Fock


_______________________________________________
AGENTPP mailing list
AGENTPP at agentpp.org
http://agentpp.org/mailman/listinfo/agentpp

More information about the AGENTPP mailing list