Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Monitoring IBM Domino Server on Linux via SNMPv3

Thomas Hampel
 5 January 2015

Monitoring Domino servers via SNMP should be a simple task, if it would be documented properly.
There are quite a few blog posts out there on the internet such as
this nice article by Detev Schuemann which unfortunately is in German.. So I'd like to provide an english translation with a few updates which in my opinion are valuable.

Background

Simple Network Management Protocol (SNMP) is a protocol for monitoring network devices such as routers, switches, servers, printers and much much more.
Vendors of a device are providing a definition of values which can be read or modified in form of a
MIB (Management Information Base). Those values are called OIDs (object identifiers) and are ordered in a hierarchical structure.

MIB definitions for Domino can be found online
http://www.oidview.com/mibs/334/NOTES-MIB.html
A MIB file for IBM Domino can be found in the Domino program directory and is called "domino.mib"

On a Linux server the file can be found here /opt/ibm/domino/notes/latest/linux/domino.mib


Step-by-step Instructions

For each Domino server which you want to monitor, you need to enable SNMP support, the following is a step by step description of what you need to do for a Domino server on Linux.
Instructions for Windows are available here
Examples below are based on
CentOS which is using yum as package manager. For other Linux distributions commands are slightly different, also path references shown in the example below might not be the same for you.

Step 1 - SNMP Master Agent

Although Domino its own snmp master agent, I recommend not to use it because the version supplied with Domino is the rather dated version 5.0.7
.
Currently version 5.7.3 is the latest version available. Check the
net-snmp change log to see what has changed between versions.
Obviously you should prefer using the operating system snmp master agent which comes preinstalled for a number of Linux distributions.
If not already installed, you can install the package net-snmp with the following command.

# yum install net-snmp

The library net-snmp-utils provides some additional tools like snmpwalk, which we will need later on for testing functionality
# yum install net-snmp-utils

To check the version you are running...

$ snmpwalk --version

Image:Monitoring IBM Domino Server on Linux via SNMPv3
Note: Current releases of CentOS and Redhat provide net-snmp version 5.7.2 by default.


Option B - NET-SNMPD v5.0.7 provided by Domino

Domino provides net-snmpd in version 5.0.7  - again, I do not recommend using this version.

However, if really want to use it enter these commands to copy the required files to the /etc directory and make sure the service is started after a reboot.

# cp /opt/ibm/domino/notes/latest/linux/net-snmpd* /etc
# ln –f –s /etc/net-snmpd.sh /etc/init.d/net-snmpd

# chkconfig --add net-snmpd

# chkconfig net-snmpd on

Note that in this type of configuration your settings are stoed in the file  /etc/net-snmpd.conf

Step 2 - Update Configuration

Back up the original config file to a location of your choice

cp /etc/snmp/snmpd.conf /root

Edit the file /etc/snmp/snmpd.conf . Modifying this file is only required if you are using the master agent provided by your OS.

# nano /etc/snmp/snmpd.conf

1.) Search for sysLocation and update it according to your needs as shown here:
sysLocation    YourDataCenterLocation
sysContact     email@yourdomain.com


2.) define a username/password combination for SNMP v3 authentication
Of course the user name and password used in this example are to be changed to fit your needs

createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES


3.) At the end of the same file, add this line:
smuxpeer 1.3.6.1.4.1.334.72 NotesPasswd

Dont forget to save the file


Step 3 - SNMP Startup Script

Although you could add /usr/sbin/snmpd as a service directly, its probably more useful to use a startup script.

Domino already provides such a script - you just need to modify the configuration so that it can be used.


# cp /data/ibm/domino/notes/latest/linux/net-snmpd.sh /etc/init.d/net-snmpd

# nano /etc/init.d/net-snmpd


Update the configuration (starting in line 31) as follows:

INSTDIR=/usr/sbin
PROGNAME=snmpd

PROGPATH=$INSTDIR/$PROGNAME

CONFNAME=snmpd.conf

CONFPATH=/etc/snmp/$CONFNAME

LOGPATH=/var/log/snmpd.log

PROGARGS="-C -c $CONFPATH -l $LOGPATH"

Make sure the startup script runs at next boot

# chkconfig --add net-snmpd
# chkconfig net-snmpd on


Step 4 - Update Firewall Rules

SNMP requires UDP port 161 to be accessible, so you need to open this port on the local firewall.
Do not forget to open this port on any other firewall on your network which is between the monitoring server and your Domino server
# iptables -I INPUT -p udp --dport 161 -j ACCEPT


Step 3 - Testing basic functions

Test basic SNMP functionality
from the local host and also from a remote server.
# snmpwalk -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.2021.100.2.0

As a result you should get the version number of the SMTP master agent

Image:Monitoring IBM Domino Server on Linux via SNMPv3

Step 5 - Enable Domino SNMP Agent

Make sure LNSNMP will be started after a reboot. (Note: change the path to match your configuration!
)
# ln -f -s /opt/ibm/domino/notes/latest/linux/lnsnmp.sh /etc/rc.d/init.d/lnsnmp
# chkconfig --add lnsnmp

# chkconfig lnsnmp on
# service lnsnmp start

In case you get the error  "LOTUSDIR must be set in the environment or in this script." you need to update script so that it can find the path to your Domino server, e.g. LOTUSDIR=/opt/ibm/domino


if everything has worked out, starting the lnsnmp should provide the following output

New sub-agent on server is registering a sub-tree with branch ID:
1.3.6.1.4.1.334.72.3

Sending SNMP "Server Up" trap for server .

service lnsnmp startNew sub-agent on server is registering a sub-tree with branch ID:

1.3.6.1.4.1.334.72.1


Step 6 - Domino Tasks

Start the following tasks from the Domino server console

load quryset
load intrcpt
load collect

"quryset" is required to support SNMP queries

"intrcpt" is required to support SNMP traps for Domino events

"Collect" is required to support statistic threasold traps

Create a program document or add the tasks to the Notes.ini variable "ServerTasks=" so ensure they are started automatically after a server restart.

Step 7 - Testing Domino SNMP agent response

Now its time to test if we can access Domino objects via SNMP, e.g. by reading a single value.

$ snmpget -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.334.72.1.1.6.2.1.0

Should return the fully qualified Domino Server name as a string

Image:Monitoring IBM Domino Server on Linux via SNMPv3

Ok, you're done... the Domino SNMP Agent is configured and can be used.

However, there still is some work to be done on your SNMP management console e.g.
Nagios ,FAN , Cacti (or whatever you are using) in order to monitor Domino via SNMP (for example, server down).

Next Actions:

If you like this post, please let me know via Twitter
@ThomasHampel or by leaving a comment below. Please note that comments are moderated and wont show up before being approved.
Hint... configuring Nagios for Domino monitoring and configuring Cacti for trend analysis is subject of another blog post which I'm already working on.


Troublshooting
  • Check snmpd.log for errors
    # cat /var/log/snmpd.log
  • Error : refused smux peer: oid SNMPv2-SMI::enterprises.334.72, descr Lotus Notes Agent
    see
    IBM Technote 1313318
  • Error - Unknown User
    Either a typo in the user name or you forgot to add the user to the snmpd.conf file in step 1, search the config file for something like this:
    createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES
  • Error in packet. Reason: authorizationError (access denied to that object)
    The user exists and the password worked, but does not have access rights required. Check snmpd.conf to see if you have granted at least read only rights, search the file for a string like this:
    rouser SNMPv3UserName

Tools:

Take a look at
Paessler SMTP Tester (Freeware / Windows)
Image:Monitoring IBM Domino Server on Linux via SNMPv3

Further reading:
Comments [0]
Go ElsewhereSubscribe to RSSAboutStay ConnectedAnd More
Thomas Hampel, All rights reserved.