Installing BMC Defender SNMP Monitor adapter

The BMC Defender SNMP Monitor adapter is delivered as a self-extracting WinZip file. The installation is manual. No automatic installation is available. The installation steps are as follows:

  1. Obtain the BMC Defender SNMP Monitor adapter.
  2. Stop the BMC Defender Server Framework service, use the task manager to verify that all BMC Defender background processes have stopped.
  3. Run the self-extracting WinZip file. This unzips the SNMP software into the BMC Defender Windows distribution and modifies the BMC Defender program to start the CO-ping.exe program on system startup.
  4. Restart BMC Defender and configure address groups and other items on the Messages > Adapters > SNMP screen.
  5. Configure other parts of the BMC Defender system, such as threads, alerts, and ticket users, to correlate and process the syslog messages that are generated by the SNMP Monitor software.

You must have an administrator login to perform the software installation. The detailed steps needed to perform the installation are provided below.

Requirements

  • Existing BMC Defender Server installation—Prior to installing the SNMP Monitor software, the BMC Defender Server must be installed on a Windows platform, as discussed in the BMC Defender User Manual.
  • Disk space requirements—The SNMP Monitor software requires no significant disk space beyond the normal footprint of the BMC Defender Server. There is no extra disk space load due to this software.
  • CPU requirements—The SNMP Monitor software requires very little extra CPU requirements. A process (that consumes minimal CPU resources) starts in the BMC Defender Windows platform.
  • Service ports—The SNMP Monitor software agent requires access to the standard SNMP port of 161. Adjust firewalls to accommodate this service port and the communication channel between SNMP agents and the BMC Defender Server.

To ensure proper installation, close all windows, and temporarily disable any port blocking or virus scan software on the system. The existing BMC Defender Server process must be stopped prior to installation. Reboot after installation is not required.

Windows installation

Install the software as follows:

  1. Login to the BMC Defender Server Windows platform using an Administrator type login.
  2. Use the Windows Service Manager, or the Start and Stop Services utility in the Windows Start menu to stop the BMC Defender Server processes. The BMC Defender Server processes using the Windows Service Manager, or using the Start and Stop Services utility found in the Windows Start menu. In the Windows Task Manager, verify that all BMC Defender processes are stopped.
  3. Obtain and run the co-n-n-n-snmp.exe package, extracting files to the location where BMC Defender is installed.
    The default installation directory is C:\Program Files\BMC Software\BMC Defender.
  4. In the Windows Service Manager, or the Start and Stop Services utility, restart the BMC Defender Server processes. The BMC Defender Server processes using the Windows Service Manager, or using the Start and Stop Services utility.
  5. In the Windows Task Manager, verify that the CO-snmp.exe process now runs on the system.

SNMP device group configuration

After the CO-snmp.exe program is installed and is running on the system, you can configure the list of devices that are polled by the agent. Do this in the Messages > Adapters > SNMP tab. (The Adapters tab is automatically added to your system if it does not already exist.)

Note

By default, the CO-snmp.exe program does not poll devices.

The address group of 0.0.0.0 (the default poll address for all items) disables the polling process. You must configure a device IP address, or list of addresses that is polled by the CO-snmp.exe program.

Click Edit to edit an existing monitor. You can provide an IP address or device group as follows:

  1. Specify a static IP address, such as 10.1.1.1, to poll a single device.
  2. Specify an IP address with wildcards, such as 10.1.1.*, to poll all devices in the Devices tab of BMC Defender that match the specified wildcard.
  3. Specify an address group, such as @@my_servers@@, that describes one or more devices. These device groups provide the most maintainable way of polling the devices. You can configure device groups in the Correlation > Config > Address groups tab.

Note

If you use wildcards, the devices are polled only if the wildcard matches one or more entries in the Messages > Devices

You can add device entries with Add New on this screen.

If you set the IP address value to 0.0.0.0, it disables polling for a specified SNMP monitor. This provides a way of disabling the polling associated with a particular MIB object without deleting the SNMP monitor from the system.

SNMP read community configuration

Each SNMP Monitor is associated with a read community, that must be known to the administrator. This community value serves as a password to the agent, and no communication with the agent is possible unless this value is known. (The value is typically configured at the device where the agent resides, using a variety of techniques.)

You can specify a read community as follows:

  • If you enter the keyword Default as the read community for the SNMP Monitor, the program first looks in the Device Information screen for each device, and then uses the default read community configured on the System > Parms screen.
  • If you enter a value other than Default as the read community for the SNMP Monitor, the program uses that community string value as the read community for all devices polled by that monitor, ignoring any other read community information on the system.

MIB object configuration

The SNMP Monitor comes pre-configured with MIB object values that check for common security problems. These are sufficient for many enterprises. For specialized monitoring, such as Cisco monitoring or Printer monitoring, you might need to configure other MIB objects that are polled by the system.

SNMP MIB objects correspond to specific values that can be fetched from a managed platform using SNMP requests. Each MIB object consists of an object identifier (OID) expressed in dot-notation (such as 1.3.6.1.2.1.1.1.0) as well as a value type (either textual or numeric). If the object value is numeric, it can be a counter, a gauge, or an enum type value.

For numeric values:

  • Use a delta type threshold for counter type objects.
  • Use an abs type threshold for gauge type objects.
  • Use an equal type threshold for enum type objects.

 Any MIB object might also have a change or timeout type threshold, to detect changes or timeout conditions.

A list of common MIB objects is available from the MIB Help hyperlink, on the AddNew and Edit screens. You can append these MIB objects with a .0 extension (or some other extension if the MIB object is an SNMP table object) to fetch values from a managed device.

Note

Not all SNMP capable devices support all of the MIB objects found at this link.

Consult RFC documents on the web, or contact BMC Support for specific information and guidance.

Related topics

BMC-Defender-SNMP-Monitor-adapter

Configuring-BMC-Defender-Ping-Monitor-adapter

Using-BMC-Defender-Ping-Monitor-adapter


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*