Adminster SNMP monitoring

Simple Network Management Protocol (SNMP) allows network administrators to query devices for various information. Access Gateway allows SNMP polling to gather information directly from the appliance. Third-party network monitoring tools, such as Solarwinds or Nagios, can use SNMP to monitor certain parameters. This section outlines how to enable this feature and describes the information that can be collected.

The following information can be polled from the appliance:

  • System

    • Description (.1.3.6.1.2.1.1.1.0)

    • Contact (.1.3.6.1.2.1.1.4.0)

    • Name (.1.3.6.1.2.1.1.5.0)

    • Location (.1.3.6.1.2.1.1.6.0)

  • System uptime (.1.3.6.1.2.1.25.1.1.0)

  • System load

    • 1 min average (.1.3.6.1.4.1.2021.10.1.3.1)

    • 5 min average (.1.3.6.1.4.1.2021.10.1.3.2)

    • 15 min average (.1.3.6.1.4.1.2021.10.1.3.3)

  • System disk

    • Disk path (/) (.1.3.6.1.4.1.2021.9.1.2)

    • Minimum percentage (.1.3.6.1.4.1.2021.9.1.5)

    • Total size (.1.3.6.1.4.1.2021.9.1.6)

    • Total available (.1.3.6.1.4.1.2021.9.1.7)

    • Percent used (.1.3.6.1.4.1.2021.9.1.9)

  • Swap memory

    • Total size (.1.3.6.1.4.1.2021.4.3.0)

    • Available (.1.3.6.1.4.1.2021.4.4.0)

  • Memory

    • Total installed (.1.3.6.1.4.1.2021.4.5.0)

    • Total used (.1.3.6.1.4.1.2021.4.6.0)

    • Total free (.1.3.6.1.4.1.2021.4.11.0)

    • Total shared (.1.3.6.1.4.1.2021.4.13.0)

    • Total buffered (.1.3.6.1.4.1.2021.4.14.0)

    • Total cached (.1.3.6.1.4.1.2021.4.15.0)

  • Network

    • Interface In (.1.3.6.1.2.1.31.1.1.1.6)

    • Interface Out (.1.3.6.1.2.1.31.1.1.1.10)

  • LogMatch

    • Session cache service connection (.1.3.6.1.4.1.2021.16.2.*.1)

    • Session cache service storing/update of session data (.1.3.6.1.4.1.2021.16.2.*.2)

    • Session cache service get/retrieval of session data (.1.3.6.1.4.1.2021.16.2.*.3)

  • Process Watch

    • Session cache service (.1.3.6.1.4.1.2021.2.*.1)

    • Web service (.1.3.6.1.4.1.2021.2.*.2)

    • Web preprocessor service (.1.3.6.1.4.1.2021.2.*.3)

    • Time service (.1.3.6.1.4.1.2021.2.*.4)

    • HA communication service (.1.3.6.1.4.1.2021.2.*.5)

    • Event log service (.1.3.6.1.4.1.2021.2.*.6)

    • Job scheduler service (.1.3.6.1.4.1.2021.2.*.7)

    • Event scheduler service (.1.3.6.1.4.1.2021.2.*.8)

Standard MIBs

Access Gateway appliances support OIDs located within the subset of the following MIBs:

These MIBs aren't proprietary and are available on most network monitoring systems.

Proprietary MIB

The Access Gateway appliance doesn't contain any proprietary MIBs.

Configuration

The Otka SNMP monitoring package isn't installed by default.

 

Info

Note

From version 2020.04.04 and later, SNMP is pre-installed.


To enable the SNMP monitoring:

  1. Use the SSH to connect to the Access Gateway Management console.

  2. Enter 5 to enter the System sub-menu.

  3. Enter 2 to enter the Install sub-menu.

  4. Enter package okta-monitoring-snmp.

  5. When prompted, enter y to install the package or N to abort the installation.

Testing

There are multiple tools for testing SNMP functionality on various operating systems. The following information outlines the popular operating systems.

Microsoft Windows

For a Windows-based operating systems, you can use an open-source tool called net-snmp. Follow these instructions to install net-snmp and test SNMP polling to the Access Gateway appliance:

  1. Download net-snmp and install.

  2. Copy and paste the sample snmpwalk command from one of the sample output commands into a command prompt and execute it.

Linux (Debian-based)

On a Linux-based operation system, you can install an SNMP package to achieve the same results. Follow these instructions for Debian systems:

  1. Install snmpd. For systems with apt-get:

    sudo apt-get install snmpd

  2. Copy and paste the example snmpwalk command from one of the sample output commands and place it in a terminal.

Sample commands and output

Testing SNMP to any Access Gateway is exactly the same process. Use snmpwalk for each individual appliance.

Important Note

Important

Access Gateway Community String
SNMP access requires what it typically known as a 'community' string and specified by the -c command line switch.
The actual community string value is not documented and is replaced in this page with AccessGatewayCommunityString.
The SNMP Community string is provided on request by Okta Access Gateway Support.

Poll all available objects

$ snmpwalk -O n -v2c -c Access Gateway Community String localhost:161 .1
.1.3.6.1.2.1.1.1.0 = STRING: Access Gateway Security Appliance
.1.3.6.1.2.1.1.4.0 = STRING: Access Gateway Support (support@Okta.com)
.1.3.6.1.2.1.1.5.0 = STRING: Access Gateway dev (Dev node0)
.1.3.6.1.2.1.1.6.0 = STRING: Client
.1.3.6.1.2.1.25.1.1.0 = Timeticks: (49995062) 5 days, 18:52:30.62
.1.3.6.1.2.1.31.1.1.1.6.1 = Counter64: 1892995
.1.3.6.1.2.1.31.1.1.1.6.2 = Counter64: 197893019
.1.3.6.1.2.1.31.1.1.1.6.3 = Counter64: 36135728
.1.3.6.1.2.1.31.1.1.1.10.1 = Counter64: 1892995
.1.3.6.1.2.1.31.1.1.1.10.2 = Counter64: 2156055
.1.3.6.1.2.1.31.1.1.1.10.3 = Counter64: 7473976
.1.3.6.1.4.1.2021.2.1.1.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.1.2 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.1.3 = INTEGER: 3
.1.3.6.1.4.1.2021.2.1.1.4 = INTEGER: 4
.1.3.6.1.4.1.2021.2.1.1.5 = INTEGER: 5
.1.3.6.1.4.1.2021.2.1.1.6 = INTEGER: 6
.1.3.6.1.4.1.2021.2.1.1.7 = INTEGER: 7
.1.3.6.1.4.1.2021.2.1.1.8 = INTEGER: 8
.1.3.6.1.4.1.2021.2.1.3.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.2 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.3.3 = INTEGER: 6
.1.3.6.1.4.1.2021.2.1.3.4 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.5 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.6 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.3.7 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.8 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.2 = INTEGER: 0
.1.3.6.1.4.1.2021.2.1.4.3 = INTEGER: 51
.1.3.6.1.4.1.2021.2.1.4.4 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.5 = INTEGER: 4
.1.3.6.1.4.1.2021.2.1.4.6 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.4.7 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.8 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.2 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.5.3 = INTEGER: 6
.1.3.6.1.4.1.2021.2.1.5.4 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.5 = INTEGER: 3
.1.3.6.1.4.1.2021.2.1.5.6 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.5.7 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.8 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.100.1 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.2 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.3 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.4 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.5 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.6 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.7 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.8 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.4.3.0 = INTEGER: 2064380 kB
.1.3.6.1.4.1.2021.4.4.0 = INTEGER: 2058428 kB
.1.3.6.1.4.1.2021.4.5.0 = INTEGER: 1020072 kB
.1.3.6.1.4.1.2021.4.6.0 = INTEGER: 81040 kB
.1.3.6.1.4.1.2021.4.11.0 = INTEGER: 2139468 kB
.1.3.6.1.4.1.2021.4.14.0 = INTEGER: 105504 kB
.1.3.6.1.4.1.2021.4.15.0 = INTEGER: 415860 kB
.1.3.6.1.4.1.2021.9.1.2.1 = STRING: /
.1.3.6.1.4.1.2021.9.1.5.1 = INTEGER: 10
.1.3.6.1.4.1.2021.9.1.6.1 = INTEGER: 38613644
.1.3.6.1.4.1.2021.9.1.7.1 = INTEGER: 35086828
.1.3.6.1.4.1.2021.9.1.9.1 = INTEGER: 4
.1.3.6.1.4.1.2021.10.1.3.1 = STRING: 0.10
.1.3.6.1.4.1.2021.10.1.3.2 = STRING: 0.04
.1.3.6.1.4.1.2021.10.1.3.3 = STRING: 0.05
.1.3.6.1.4.1.2021.16.2.1.1.1 = INTEGER: 1
.1.3.6.1.4.1.2021.16.2.1.1.2 = INTEGER: 2
.1.3.6.1.4.1.2021.16.2.1.1.3 = INTEGER: 3
.1.3.6.1.4.1.2021.16.2.1.2.1 = STRING: sessionDbConnection
.1.3.6.1.4.1.2021.16.2.1.2.2 = STRING: sessionDbStoring
.1.3.6.1.4.1.2021.16.2.1.2.3 = STRING: sessionDbGet
.1.3.6.1.4.1.2021.16.2.1.5.1 = Counter32: 4
.1.3.6.1.4.1.2021.16.2.1.5.2 = Counter32: 7
.1.3.6.1.4.1.2021.16.2.1.5.3 = Counter32: 8
.1.3.6.1.4.1.2021.16.2.1.7.1 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.7.2 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.7.3 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.9.1 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.9.2 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.9.3 = Counter32: 0

Poll system objects

$ snmpwalk -O n -v2c -c Access Gateway Community String localhost:161
.1.3.6.1.2.1.1.1.0 = STRING: Access Gateway Security Appliance
.1.3.6.1.2.1.1.4.0 = STRING: Access Gateway Support (support@okta.com)
.1.3.6.1.2.1.1.5.0 = STRING: Access Gateway dev (Dev node0)
.1.3.6.1.2.1.1.6.0 = STRING: Client
.1.3.6.1.2.1.25.1.1.0 = Timeticks: (50014182) 5 days, 18:55:41.82
.1.3.6.1.2.1.31.1.1.1.6.1 = Counter64: 1922676
.1.3.6.1.2.1.31.1.1.1.6.2 = Counter64: 197893169
.1.3.6.1.2.1.31.1.1.1.6.3 = Counter64: 36160598
.1.3.6.1.2.1.31.1.1.1.10.1 = Counter64: 1922676
.1.3.6.1.2.1.31.1.1.1.10.2 = Counter64: 2156205
.1.3.6.1.2.1.31.1.1.1.10.3 = Counter64: 7508828

Poll disk objects

$ snmpwalk -O n -v2c -c Access Gateway Community String localhost:161 .1.3.6.1.4.1.2021.9
.1.3.6.1.4.1.2021.9.1.2.1 = STRING: /
.1.3.6.1.4.1.2021.9.1.5.1 = INTEGER: 10
.1.3.6.1.4.1.2021.9.1.6.1 = INTEGER: 38613644
.1.3.6.1.4.1.2021.9.1.7.1 = INTEGER: 35086828
.1.3.6.1.4.1.2021.9.1.9.1 = INTEGER: 4

Poll network stats

$ snmpwalk -O n -v2c -c Access Gateway Community String localhost:161 .1.3.6.1.2.1.31.1
.1.3.6.1.2.1.31.1.1.1.6.1 = Counter64: 1940730
.1.3.6.1.2.1.31.1.1.1.6.2 = Counter64: 197893469
.1.3.6.1.2.1.31.1.1.1.6.3 = Counter64: 36218112
.1.3.6.1.2.1.31.1.1.1.10.1 = Counter64: 1940730
.1.3.6.1.2.1.31.1.1.1.10.2 = Counter64: 2156505
.1.3.6.1.2.1.31.1.1.1.10.3 = Counter64: 7615666

Poll load objects

$ snmpwalk -O n -v2c -c Access Gateway Community String localhost:161 .1.3.6.1.4.1.2021.10
.1.3.6.1.4.1.2021.10.1.3.1 = STRING: 0.03
.1.3.6.1.4.1.2021.10.1.3.2 = STRING: 0.08
.1.3.6.1.4.1.2021.10.1.3.3 = STRING: 0.07

Poll memory objects

$ snmpwalk -O n -v2c -c Access Gateway Community String  localhost:161 .1.3.6.1.4.1.2021.4
.1.3.6.1.4.1.2021.4.3.0 = INTEGER: 2064380 kB
.1.3.6.1.4.1.2021.4.4.0 = INTEGER: 2058428 kB
.1.3.6.1.4.1.2021.4.5.0 = INTEGER: 1020072 kB
.1.3.6.1.4.1.2021.4.6.0 = INTEGER: 80916 kB
.1.3.6.1.4.1.2021.4.11.0 = INTEGER: 2139344 kB
.1.3.6.1.4.1.2021.4.14.0 = INTEGER: 105608 kB
.1.3.6.1.4.1.2021.4.15.0 = INTEGER: 415916 kB

Poll session cache logwatch objects

$ snmpwalk -O n -v2c -c Access Gateway Community String  localhost:161 .1.3.6.1.4.1.2021.16.2
.1.3.6.1.4.1.2021.16.2.1.1.1 = INTEGER: 1
.1.3.6.1.4.1.2021.16.2.1.1.2 = INTEGER: 2
.1.3.6.1.4.1.2021.16.2.1.1.3 = INTEGER: 3
.1.3.6.1.4.1.2021.16.2.1.2.1 = STRING: sessionDbConnection
.1.3.6.1.4.1.2021.16.2.1.2.2 = STRING: sessionDbStoring
.1.3.6.1.4.1.2021.16.2.1.2.3 = STRING: sessionDbGet
.1.3.6.1.4.1.2021.16.2.1.5.1 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.5.2 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.5.3 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.7.1 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.7.2 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.7.3 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.9.1 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.9.2 = Counter32: 0
.1.3.6.1.4.1.2021.16.2.1.9.3 = Counter32: 0

Poll process objects

$ snmpwalk -O n -v2c -c Access Gateway Community String  localhost:161 .1.3.6.1.4.1.2021.2
.1.3.6.1.4.1.2021.2.1.1.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.1.2 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.1.3 = INTEGER: 3
.1.3.6.1.4.1.2021.2.1.1.4 = INTEGER: 4
.1.3.6.1.4.1.2021.2.1.1.5 = INTEGER: 5
.1.3.6.1.4.1.2021.2.1.1.6 = INTEGER: 6
.1.3.6.1.4.1.2021.2.1.1.7 = INTEGER: 7
.1.3.6.1.4.1.2021.2.1.1.8 = INTEGER: 8
.1.3.6.1.4.1.2021.2.1.3.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.2 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.3.3 = INTEGER: 6
.1.3.6.1.4.1.2021.2.1.3.4 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.5 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.6 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.3.7 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.3.8 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.2 = INTEGER: 0
.1.3.6.1.4.1.2021.2.1.4.3 = INTEGER: 51
.1.3.6.1.4.1.2021.2.1.4.4 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.5 = INTEGER: 4
.1.3.6.1.4.1.2021.2.1.4.6 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.4.7 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.4.8 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.1 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.2 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.5.3 = INTEGER: 6
.1.3.6.1.4.1.2021.2.1.5.4 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.5 = INTEGER: 3
.1.3.6.1.4.1.2021.2.1.5.6 = INTEGER: 2
.1.3.6.1.4.1.2021.2.1.5.7 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.5.8 = INTEGER: 1
.1.3.6.1.4.1.2021.2.1.100.1 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.2 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.3 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.4 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.5 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.6 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.7 = INTEGER: noError(0)
.1.3.6.1.4.1.2021.2.1.100.8 = INTEGER: noError(0)

Keep in mind that you must modify the snmpwalk command based on the version of SNMP that you configured. In the example, SNMP v2c was used with a community string of AccessGateway, and the port was left at the default 161.

After verifying that SNMP is functioning properly, you can configure the network management system (NMS) to poll the Access Gateway appliance. Consult your NMS documentation for configuration steps to add a new managed device.