Reference: https://docs.oracle.com/en/database/oracle/key-vault/21.9/okvag/monitoring.html#GUID-95FA7828-A008-4CD4-89F9-20F8C01CE1E1
Monitoring OKV is important, even if your in multimaster with geographically distributed 16 node cluster etc..
SNMP allows OKV to be monitored by a remote monitrong server without any additional tools or software installed in the OKV appliance
OKV uses snmp version 3 for the monitoring configuration
version 3 bring itself with encryption for the authentication and communication with monitoring server, so no intruder knows what is beinng exchanged
Remote monitoring server: Vagrant box with grafana and prometheus
Mandatory appliance: OKV
You have 2 choices, configure snmp for the local node or for the cluster
snmp access is granted to all the IPs or restricted only to list of IPs [we say all]
Enter snmp user
Enter snmp password
Click save
a. Ensure you login to the remote monitoring host
b. Ensure UCD-SNMP-MIB is installed on the remote host
root@ubuntu-bionic:~# ls -altr /usr/share/snmp/mibs
total 320
-rw-r--r-- 1 root root 49561 Dec 8 2014 UCD-SNMP-MIB.txt
Other directories to inspect:
/root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
c. Query the object ID for an Oracle Key Vault-supported SNMP Management Information Base (MIB) variable.
For example, suppose you wanted to track the number of processes running for the SNMP host.
You can use a third-party SNMP client utility to query the status of the KMIP MIB whose object ID is 1.3.6.1.4.1.2021.2, as follows:
third_party_snmp_client_command -v 3 OKV_IP_address -u SNMP_user -a SHA -A SNMP_password -x AES -X SNMP_password -l authPriv iso.3.6.1.4.1.2021.2.1.2
Actual:
snmpwalk -v 3 192.168.194.122 -u snmpuser -a SHA -A "User_Snmp_54321" -x AES -X "User_Snmp_54321" -l authPriv iso.3.6.1.4.1.2021.2.1.2
Result:
root@ubuntu-bionic:~# snmpwalk -v 3 192.168.194.122 -u snmpuser -a SHA -A "User_Snmp_54321" -x AES -X "User_Snmp_54321" -l authPriv 1.3.6.1.2.1.2.2.1.7
snmpwalk: Authentication failure (incorrect password, community or key)
Step 1) Go to https://myaccount.google.com/apppasswords
and then generate a new app password. No need to store this at all as per gmail. In case needed you can regenerate.
This is a OTP kind of password, to let google know the incoming connection was kicked off by you.
Step 2) Login to OKV console as sysadmin
Goto System -> Settings -> Email
Step 3) Enter the requested details
here for example I used gmail to cofigure mail setup.
SMTP server: smtp.gmail.com
SMTP port: 25, 465, 587 [we will use ssl, so 465]
Name: OKVNode1
From Address: oracledbaplanner@gmail.com
Require Secure Connection: select
Require Credentials: Select
Enter the username as gmail: oracledbaplanner@gmail.com
Enter the password you generated in step 1: .....wbzkukyobqziu
Send Test email: Select TEST
Step 4) Now go to reports and see if the email was successfully sent
Goto Reports -> System Report -> Notification reports -> you should see the test message result
