Monitoring IBM Domino Server on Linux via SNMPv3
Thomas Hampel
5 January 2015Monitoring Domino servers via SNMP should be a simple task, if it would be documented properly.
There are quite a few blog posts out there on the internet such as this nice article by Detev Schuemann which unfortunately is in German.. So I'd like to provide an english translation with a few updates which in my opinion are valuable.
Background
Simple Network Management Protocol (SNMP) is a protocol for monitoring network devices such as routers, switches, servers, printers and much much more.
Vendors of a device are providing a definition of values which can be read or modified in form of a MIB (Management Information Base). Those values are called OIDs (object identifiers) and are ordered in a hierarchical structure.
MIB definitions for Domino can be found online http://www.oidview.com/mibs/334/NOTES-MIB.html
A MIB file for IBM Domino can be found in the Domino program directory and is called "domino.mib"
On a Linux server the file can be found here /opt/ibm/domino/notes/latest/linux/domino.mib
Step-by-step Instructions
For each Domino server which you want to monitor, you need to enable SNMP support, the following is a step by step description of what you need to do for a Domino server on Linux. Instructions for Windows are available here
Examples below are based on CentOS which is using yum as package manager. For other Linux distributions commands are slightly different, also path references shown in the example below might not be the same for you.
Step 1 - SNMP Master Agent
Although Domino its own snmp master agent, I recommend not to use it because the version supplied with Domino is the rather dated version 5.0.7.
Currently version 5.7.3 is the latest version available. Check the net-snmp change log to see what has changed between versions.
Obviously you should prefer using the operating system snmp master agent which comes preinstalled for a number of Linux distributions.
If not already installed, you can install the package net-snmp with the following command.
# yum install net-snmp
The library net-snmp-utils provides some additional tools like snmpwalk, which we will need later on for testing functionality
# yum install net-snmp-utils
To check the version you are running...
$ snmpwalk --version
Note: Current releases of CentOS and Redhat provide net-snmp version 5.7.2 by default.
Option B - NET-SNMPD v5.0.7 provided by Domino
Domino provides net-snmpd in version 5.0.7 - again, I do not recommend using this version.
However, if really want to use it enter these commands to copy the required files to the /etc directory and make sure the service is started after a reboot.
# cp /opt/ibm/domino/notes/latest/linux/net-snmpd* /etc
# ln –f –s /etc/net-snmpd.sh /etc/init.d/net-snmpd
# chkconfig --add net-snmpd
# chkconfig net-snmpd on
# ln –f –s /etc/net-snmpd.sh /etc/init.d/net-snmpd
# chkconfig --add net-snmpd
# chkconfig net-snmpd on
Note that in this type of configuration your settings are stoed in the file /etc/net-snmpd.conf
Step 2 - Update Configuration
Back up the original config file to a location of your choice
cp /etc/snmp/snmpd.conf /root
Edit the file /etc/snmp/snmpd.conf . Modifying this file is only required if you are using the master agent provided by your OS.
# nano /etc/snmp/snmpd.conf
1.) Search for sysLocation and update it according to your needs as shown here:
sysLocation YourDataCenterLocation
sysContact email@yourdomain.com
sysContact email@yourdomain.com
2.) define a username/password combination for SNMP v3 authentication
Of course the user name and password used in this example are to be changed to fit your needs
createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES
3.) At the end of the same file, add this line:
smuxpeer 1.3.6.1.4.1.334.72 NotesPasswd
Dont forget to save the file
Step 3 - SNMP Startup Script
Although you could add /usr/sbin/snmpd as a service directly, its probably more useful to use a startup script.
Domino already provides such a script - you just need to modify the configuration so that it can be used.
# cp /data/ibm/domino/notes/latest/linux/net-snmpd.sh /etc/init.d/net-snmpd
# nano /etc/init.d/net-snmpd
Update the configuration (starting in line 31) as follows:
INSTDIR=/usr/sbin
PROGNAME=snmpd
PROGPATH=$INSTDIR/$PROGNAME
CONFNAME=snmpd.conf
CONFPATH=/etc/snmp/$CONFNAME
LOGPATH=/var/log/snmpd.log
PROGARGS="-C -c $CONFPATH -l $LOGPATH"
PROGNAME=snmpd
PROGPATH=$INSTDIR/$PROGNAME
CONFNAME=snmpd.conf
CONFPATH=/etc/snmp/$CONFNAME
LOGPATH=/var/log/snmpd.log
PROGARGS="-C -c $CONFPATH -l $LOGPATH"
Make sure the startup script runs at next boot
# chkconfig --add net-snmpd
# chkconfig net-snmpd on
# chkconfig net-snmpd on
Step 4 - Update Firewall Rules
SNMP requires UDP port 161 to be accessible, so you need to open this port on the local firewall.
Do not forget to open this port on any other firewall on your network which is between the monitoring server and your Domino server
# iptables -I INPUT -p udp --dport 161 -j ACCEPT
Step 3 - Testing basic functions
Test basic SNMP functionality from the local host and also from a remote server.
# snmpwalk -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.2021.100.2.0
As a result you should get the version number of the SMTP master agent
Step 5 - Enable Domino SNMP Agent
Make sure LNSNMP will be started after a reboot. (Note: change the path to match your configuration!)
# ln -f -s /opt/ibm/domino/notes/latest/linux/lnsnmp.sh /etc/rc.d/init.d/lnsnmp
# chkconfig --add lnsnmp
# chkconfig lnsnmp on
# service lnsnmp start
# chkconfig --add lnsnmp
# chkconfig lnsnmp on
# service lnsnmp start
In case you get the error "LOTUSDIR must be set in the environment or in this script." you need to update script so that it can find the path to your Domino server, e.g. LOTUSDIR=/opt/ibm/domino
if everything has worked out, starting the lnsnmp should provide the following output
New sub-agent on server is registering a sub-tree with branch ID:
1.3.6.1.4.1.334.72.3
Sending SNMP "Server Up" trap for server.
service lnsnmp startNew sub-agent on server is registering a sub-tree with branch ID:
1.3.6.1.4.1.334.72.1
1.3.6.1.4.1.334.72.3
Sending SNMP "Server Up" trap for server
service lnsnmp startNew sub-agent on server
1.3.6.1.4.1.334.72.1
Step 6 - Domino Tasks
Start the following tasks from the Domino server console
load quryset
load intrcpt
load collect
load intrcpt
load collect
"quryset" is required to support SNMP queries
"intrcpt" is required to support SNMP traps for Domino events
"Collect" is required to support statistic threasold traps
Create a program document or add the tasks to the Notes.ini variable "ServerTasks=" so ensure they are started automatically after a server restart.
Step 7 - Testing Domino SNMP agent response
Now its time to test if we can access Domino objects via SNMP, e.g. by reading a single value.
$ snmpget -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.334.72.1.1.6.2.1.0
Should return the fully qualified Domino Server name as a string
Ok, you're done... the Domino SNMP Agent is configured and can be used.
However, there still is some work to be done on your SNMP management console e.g. Nagios ,FAN , Cacti (or whatever you are using) in order to monitor Domino via SNMP (for example, server down).
Next Actions:
If you like this post, please let me know via Twitter @ThomasHampel or by leaving a comment below. Please note that comments are moderated and wont show up before being approved.
Hint... configuring Nagios for Domino monitoring and configuring Cacti for trend analysis is subject of another blog post which I'm already working on.
Troublshooting
- Check snmpd.log for errors
# cat /var/log/snmpd.log - Error : refused smux peer: oid SNMPv2-SMI::enterprises.334.72, descr Lotus Notes Agent
see IBM Technote 1313318 - Error - Unknown User
Either a typo in the user name or you forgot to add the user to the snmpd.conf file in step 1, search the config file for something like this:
createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES - Error in packet. Reason: authorizationError (access denied to that object)
The user exists and the password worked, but does not have access rights required. Check snmpd.conf to see if you have granted at least read only rights, search the file for a string like this:
rouser SNMPv3UserName
Tools:
Take a look at Paessler SMTP Tester (Freeware / Windows)
Further reading:
- How to set up Domino and SNMP in Windows
- IBM Domino MIB - Notes-MIB (v1) Tree