Enabling SNMP on VMware ESXi

I always struggle to remember the steps to enable SNMP on ESXi hosts so this post can not help me, but might be useful to others.

How to enable SNMP on ESXi 5.5

  1. Ensure that SSH is enabled on your host(s)
  2. SSH to your host using the root credentials
  3. Once connected run the following commands which will set the community string (as specified by COMMUNITY-STRING, enable SNMP, update the host firewall rules, and finally restart the SNMP service

esxcli system snmp set --communities COMMUNITY-STRING
esxcli system snmp set --enable true
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true
esxcli network firewall ruleset set --ruleset-id snmp --enabled true
/etc/init.d/snmpd restart

How to enable SNMP on ESXi 6.0

  1. Ensure that SSH is enabled on your host(s)
  2. SSH to your host using the root credentials
  3. Once connected run the following commands which will first reset the SNMP configuration. set the community string (as specified by COMMUNITY-STRING, set the SNMP port number, set the SNMP location information, set the SNMP contact information and finally enable SNMP

esxcli system snmp set -r
esxcli system snmp set -c COMMUNITY-STRING
esxcli system snmp set -p 161
esxcli system snmp set -L "Location (City, State, Country)"
esxcli system snmp set -C email@domain.com
esxcli system snmp set -e yes

Network Traffic Generator

In the course of operating a network there are countless times when it’s incredibly useful to be able to generate very specific types of network traffic. Some examples I’ve personally encountered are:

  • QoS troubleshooting (the ability to generate DSCP or CoS tagged packets)
  • Reproducing specific traffic for troubleshooting purposes
  • Validating access lists and security policies
  • Testing how applications respond to unique traffic

A fantastic tool to accomplish these tasks, amongst many others, is Ostinato. Ostinato is cross-platform with API support so you can integrate it with existing tools and processes. In addition to browsing the web site I would highly recommend listening to the Packet Pushers Priority Queue episode 52. In this episode host Ethan Banks talks to one of the creators of Ostinato provides and provides great overview of the tool as well as how to put it to use.

Free TACACS+ Servers

TACACS+ provides authentication, authorization, and accounting services for network devices. In simple terms this provides granular control over who has access (authentication), what that user is allowed to do (authorization) and keeps a log (accounting) of everything that user does.

Marc Huber has created and maintained a fantastic open source TACACS+ server for Linux available here: http://www.pro-bono-publico.de/projects/tac_plus.html

If you’re more inclined to the Windows world have a look here at a free TACACS+ server for Windows: http://www.tacacs.net

Open Source System and Network Management Software

This is mostly notes for myself… however, it was a useful post on NANOG that I wanted to keep track of. So I’m listing some packages to manage systems and devices via SNMP, syslog, daemons on the hosts, etc… and of course including graphing of time series data and such too.

Argus – http://argus.tcp4me.com
BigBrother – http://bb4.com/
Cacti – http://www.cacti.net
Groundwork – http://www.groundworkopensource.com/
Hyperic – http://www.hyperic.com/
Munin – http://munin.projects.linpro.no/
Nagios – http://www.nagios.org
OpenNMS – http://www.opennms.org/wiki/Main_Page
OpManager – http://www.manageengine.com
opsview – http://www.opsview.org/
Orion (not open source) – http://www.solarwinds.com/products/orion/
osimius – http://www.osmius.net/
PandoraFMS – http://pandorafms.org/
Spiceworks – http://www.spiceworks.com/
Zabbix – http://www.zabbix.com/
Zenoss – http://zenoss.com

NMIS – http://sins.com.au/nmis/ – http://sourceforge.net/projects/nmis/files/

http://www.icinga.org/ – a fork of Nagios
http://software.uninett.no/stager/ – another netflow tool
http://nedi.ch – amazing network discovery and inventory of hardware/network resources
http://nipper.titania.co.uk/ – audit tool for different network devices

Zabbix Open-Source Monitoring Platform

I have tried many different monitoring platforms some of which have been open-source and many of which have been proprietary, and all of which have seemed to miss the point when it comes to being extensible and at the same time be reasonably easy to manage. I recently discovered Zabbix which looks to be the perfect blend of easy to manage while also including all the advanced capabilities that make a monitoring package flexible enough to be useful.

A quick overview of some of the more interesting capabilities includes:

  • Distributed Monitoring (the ability to have remote nodes gather information and push that information to your primary management server)
  • Complex escalation options
  • Agent based monitoring with support for various Linux/Unix variants, Windows, OS X, and others
  • Customizable web interface to allow individuals the ability to create an interface that is most useful and relevant
  • A variety of alerting methods including e-mail, Jabber, SMS, and others
  • A web based regular expression editor to facilitate advanced alerting based on more complex criteria than simple “up/down” type methods
  • Database storage of all data and published API’s for integration with 3rd party tools

NeDi – Network Discovery

I came across this software yesterday and must admit I was quite impressed at this open source network discovery software. The basic idea is to use existing network discovery protocols such as CDP, FDP, LLDP as well as SNMP to “crawl” a network and record the various network relationships encountered. It also appears to have a very clean and user friendly interface which is something many network management tools seem to lack.

NeDi is web based and runs on a standard LAMP (Linux, Apache, MySQL, and PHP) infrastructure.