Saturday, December 28, 2024

Configure SNMP based remote monitoring on Oracle Key Vault appliance 21.9

 

Objective: Oracle Key Vault SNMP Monitoring Setup Routine


Reference: https://docs.oracle.com/en/database/oracle/key-vault/21.9/okvag/monitoring.html#GUID-95FA7828-A008-4CD4-89F9-20F8C01CE1E1



YouTube Video:







Monitoring OKV is important, even if your in multimaster with geographically distributed 16 node cluster etc..


SNMP allows OKV to be monitored by a remote monitrong server without any additional tools or software installed in the OKV appliance

OKV uses snmp version 3 for the monitoring configuration

version 3 bring itself with encryption for the authentication and communication with monitoring server, so no intruder knows what is beinng exchanged


Setup needs or prereqs:

Remote monitoring server: Vagrant box with grafana and prometheus

Mandatory appliance: OKV


Step 1) Goto OKV console and login using sysadmin credentials


Step 2) Goto system tab -> settings -> snmp


Step 3) Enter the details requested


You have 2 choices, configure snmp for the local node or for the cluster


snmp access is granted to all the IPs or restricted only to list of IPs [we say all]

Enter snmp user

Enter snmp password

Click save


Step 4) Perform snmpwalk or snmpget from the remote monitoring server


a. Ensure you login to the remote monitoring host

b. Ensure UCD-SNMP-MIB is installed on the remote host


root@ubuntu-bionic:~# ls -altr /usr/share/snmp/mibs

total 320

-rw-r--r-- 1 root root 49561 Dec  8  2014 UCD-SNMP-MIB.txt



Other directories to inspect:

/root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp




c. Query the object ID for an Oracle Key Vault-supported SNMP Management Information Base (MIB) variable.

For example, suppose you wanted to track the number of processes running for the SNMP host. 

You can use a third-party SNMP client utility to query the status of the KMIP MIB whose object ID is 1.3.6.1.4.1.2021.2, as follows:


third_party_snmp_client_command -v 3 OKV_IP_address -u SNMP_user -a SHA -A SNMP_password -x AES -X SNMP_password -l authPriv iso.3.6.1.4.1.2021.2.1.2 


Actual:

snmpwalk -v 3 192.168.194.122 -u snmpuser -a SHA -A "User_Snmp_54321" -x AES -X "User_Snmp_54321" -l authPriv iso.3.6.1.4.1.2021.2.1.2


Result:

root@ubuntu-bionic:~# snmpwalk -v 3 192.168.194.122 -u snmpuser -a SHA -A "User_Snmp_54321" -x AES -X "User_Snmp_54321" -l authPriv 1.3.6.1.2.1.2.2.1.7

snmpwalk: Authentication failure (incorrect password, community or key)
at
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Troubleshooting the “Cannot Generate SSPI Context” Error After SQL Server Migration

  Introduction After a recent  SQL Server migration from 2012 to 2022 , our team encountered a classic authentication issue: The target prin...