Process | Run By/From | Always Running? | Location |
---|---|---|---|
applicationMonitor | starteye | yes | entuity_home\bin |
authTool (.bat) | manual | no | entuity_home\bin |
autoDiscovery | application server (tomcat) | no | entuity_home\bin |
backup | provost, manual | no | entuity_home\bin |
cfgDigest | entuity_home\lib\tools | ||
changeState | entuity_home\bin | ||
checkvcs | entuity_home\bin | ||
checkLicense | entuity_home\bin | ||
configure | entuity_home\install | ||
customPoller | configurable | entuity_home\lib\tools | |
dbCheck | starteye, configure, manual | no | entuity_home\bin |
devDefunct | provost | no | entuity_home\lib\tools |
deviceDelete | entuity_home\lib\tools | ||
devPoller | adding of a device | no | entuity_home\bin |
devSysman | provost | no | entuity_home\bin |
diskMonitor | starteye | yes | entuity_home\bin |
dnsProxy | provost | no | entuity_home\bin |
domMan | provost | no | entuity_home\bin |
DsKernelStatic | starteye | yes | entuity_home\bin |
dumpipnettoport | entuity_home\lib\tools | ||
dumpiptodev | entuity_home\lib\tools | ||
dumpvip | entuity_home\lib\tools | ||
duplexman | provost | no | entuity_home\bin |
encode_keychange | entuity_home\lib\tools | ||
eyepoller | starteye | yes | entuity_home\bin |
FixNewBinVendor | entuity_home\lib\tools | ||
flowCollector.bat | entuity_home\bin | ||
getDownstream | entuity_home\lib\tools | ||
hostIdent | entuity_home\lib\tools | ||
httpd | always running | yes | entuity_home\lib\apache\bin |
install | ISO image | ||
instService | entuity_home\bin | ||
ipman | provost | no | entuity_home\bin |
jasperStudio | entuity_home\bin | ||
kill | entuity_home\lib\tools | ||
licenseSrvr | starteye | yes | entuity_home\bin |
macman | provost | no | entuity_home\bin |
macScheduler | starteye | yes | entuity_home\bin |
myisamchk | entuity_home\database\bin | ||
myisampack | entuity_home\database\bin | ||
mysql | entuity_home\database\bin | ||
mysqladmin | entuity_home\database\bin | ||
mysqlcheck | entuity_home\database\bin | ||
mysqld | starteye | yes | entuity_home\database\bin |
mysqldump | entuity_home\database\bin | ||
mysqlimport | entuity_home\database\bin | ||
mysqlshow | entuity_home\database\bin | ||
newcommunity | entuity_home\lib\tools | ||
nicman | provost | no | entuity_home\bin |
ObtainGenericVendor | entuity_home\bin | ||
perror | entuity_home\lib\tools | ||
probity | entuity_home\lib\tools | ||
prodigy | provost | no | entuity_home\bin |
profluent | provost | no | entuity_home\bin |
prole | provost | no | entuity_home\bin |
proliferate | autoDiscovery, manual | no | entuity_home\bin |
prolifsys | entuity_home\bin | ||
prologV2 | always running | yes | entuity_home\bin |
protean | provost | no | entuity_home\bin |
provost | starteye | yes | entuity_home\bin |
replace | entuity_home\database\bin | ||
restore | entuity_home\bin | ||
rollLog | entuity_home\database\bin | ||
runbg | entuity_home\bin | ||
setupProle | entuity_home\bin | ||
showdevs | entuity_home\lib\tools | ||
slalogger | entuity_home\bin | ||
snmpbulkget | entuity_home\lib\tools | ||
snmpcmd | entuity_home\lib\tools | ||
snmpdelta | entuity_home\lib\tools | ||
snmpdf | entuity_home\lib\tools | ||
snmpdump | entuity_home\lib\tools | ||
snmpget | entuity_home\lib\tools | ||
snmpgetnext | entuity_home\lib\tools | ||
snmpset | entuity_home\lib\tools | ||
snmpstatus | entuity_home\lib\tools | ||
snmptable | entuity_home\lib\tools | ||
snmptest | entuity_home\lib\tools | ||
snmptranslate | entuity_home\lib\tools | ||
snmptrap | entuity_home\lib\tools | ||
snmpusm | entuity_home\lib\tools | ||
snmpvacm | entuity_home\lib\tools | ||
snmpwalk | entuity_home\lib\tools | ||
start | entuity_home\bin | ||
starteotssvr | always running | yes | entuity_home\bin |
starteye | entuity_home\bin | ||
stop | entuity_home\bin | ||
stopeye | entuity_home\bin | ||
stpman | provost | no | entuity_home\bin |
swmaint | entuity_home\bin | ||
sysLogger | starteye | yes | entuity_home\bin |
ticker | always running | yes | entuity_home\bin |
trapsplit | system administrator | not run | entuity_home\bin |
updateNames | provost | no | entuity_home\bin |
vendinfo | entuity_home\lib\tools | ||
viewserver | starteye | entuity_home\bin | |
vipman | provost | no | entuity_home\bin |
vtpDomainTool | entuity_home\lib\tools | ||
vtpman | provost | no | entuity_home\bin |
applicationMonitor
Location | entuity_home\bin |
Type |
process. Runs every 120 seconds. |
Invoked By | starteots |
User Invocation | n/a |
Invoked Processes | command line |
Configured Through |
|
Log File | entuity_home\log\applicationMonitor.log[1..4] |
applicationMonitor performs all forms of availability monitoring, i.e. device, server and application availability. Full functionality is available for devices with IPv4 management addresses, with currently more limited support for devices with IPv6 management addresses.
When the Entuity network monitoring and management system monitors a device using IPv6, then applicationMonitor monitors the device management address using ICMPv6. applicationMonitor can raise events when the management address fails to respond, but does not perform traceroute or route cause analysis. Also, applicationMonitor does not monitor other IPv6 addresses on the device.
When there are IPv4 addresses on a device with an IPv6 management address, Entuity only considers the device as down when all of the addresses are unreachable.
authTool (.bat)
Location | entuity_home\bin |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
authTool is intended to assist testing of external user authentication configurations and
management of the Entuity emergency access user accounts. In Windows environments it is
a batch file, authTool.bat.
Usage, syntax and options
The general syntax for this tool is:
authTool [-d] actionName
where:
- -d is optional and specifies verbose output.
- actionName is the name of the action to perform.
- arguments specify input to that action and are specific for that action. In many cases, if arguments to the action are not supplied, authTool prompts for their entry.
Syntax options
- check
checks whether user is able to log on in emergency situation. You must enter the emergency access user name and password.
./authTool list
name of the user must be present and non-empty
Please enter name of the user:
root
user's password must be present and non-empty
Please enter user's password:
root
Emergency access is enabled
User 'root' is allowed to connect. - delete
deletes the named emergency access user profile.
./authTool delete
name of the user to delete must be present and non-empty
Please enter name of the user to delete:
root
Emergency access is enabled
Are you sure you want to delete user named 'root'? [yes/no]:
yes - encrypt
encrypts the LDAP administrator's password.
authTool encrypt [user=username] [password=password]
- ldaptree
displays the whole LDAP tree, with the option of listing the details of one entry:
authTool ldaptree [url=] [user=username] [password=password] [basedn=]
This example shows an LDAP tree for an example of LDAP implementation:
[entry=]
# ./authTool ldaptree url=ldap://10.44.3.73
This example shows the detail of an LDAP entry:
o=nokia
ou=groups,o=nokia
cn=i_ext_s_axs_tool_admin,ou=groups,o=nokia
cn=i_ext_s_axs_tool_user,ou=groups,o=nokia
ou=people,o=nokia
cn=tu1,ou=people,o=nokia
cn=tu2,ou=people,o=nokia
cn=tu3,ou=people,o=nokia
cn=tu4,ou=people,o=nokia
cn=tu5,ou=people,o=nokia
cn=tu6,ou=people,o=nokia
# ./authTool ldaptree url=ldap://10.44.3.73 entry=tu1
cn=tu1,ou=people,o=nokia
userPassword: [B@5e179a
objectClass: person
nokiaMemberOf: i_ext_s_axs_tool_user
sn: u1
cn: tu1 - list
lists emergency access user accents used to log on in an emergency situation.
./authTool list
Emergency access is enabled
Users:
eUser
root
Total users: 2 - logon
once you have configured external authentication, or are in the process of doing so, you can test the user logon configuration with the authTool logon function:
authTool logon [user=username] [password=password]
- mapping
performs mapping of supplied attributes to groups. You invoke the mapping action as follows:
authTool mapping attributeName=attributeValue
For example, to invoke authTool:
attributeName=attributeValue
authTool mapping userName=cwilliams groups="Network Admin"
You can also run authTool mapping just against the group:
authTool -d mapping groups=developers
- passwd
creates new, or updates an existing, emergency access user. To access this function, you must enter a valid Entuity administrator username and password, and then specify the emergency access username and password.
./authTool passwd
name of an administrator user must be present and non-empty
Please enter name of an administrator user:
admin
administrator user's password must be present and non-empty
Please enter administrator user's password:
admin
name of the user must be present and non-empty
Please enter name of the user:
root
user's password must be present and non-empty
Please enter user's password:
root
Please re-enter user's password:
root
Emergency access is enabled
Password set for the user 'root' - serverAccess
authTool serverAccess allows you to check the user access module for a particular user, and optionally specify the user group.
authTool serverAccess user=jsmith groups=operation
Testing server access for user 'jsmith' as member of:
operation
Access to server allowed
autoDiscovery
Location | entuity_home\bin |
Type | process |
Invoked By | application server (tomcat) |
User Invocation |
|
Invoked Processes | proliferate |
Configured Through |
|
Log File | entuity_home\log\autoDiscovery.log [1..4] |
The following section details the options available when you decide to configure autoDiscovery through configuration files or run it from the command line. Please consult with your Entuity contact before configuring autoDiscovery through configuration files or running it from the command line. Please see this article for help and information on how to use Auto Discovery through the Entuity UI.
Through provost.conf you can configure when autoDiscovery runs, e.g. each Sunday at 01:00 provost runs autoDiscovery. When autoDiscovery starts, and every subsequent minute whilst it is running, it checks the value of automatic in the autoDiscovery section of entuity.cfg. When it is set to:
- 0, autoDiscovery is not automatically started. When it is already running having been:
- manually started, then this setting is ignored.
- automatically started, then autoDiscovery is stopped.
- 1, autoDiscovery runs. It finds devices on a network, by ‘pinging’ every IP address on each specified network.
The autoDiscovery utility finds devices on a network by pinging every IP address on each specified network, and finding further subnets using SNMPv1/v2c and SNMPv3.
By default, autoDiscovery:
- does not search new subnets unless you use -follow.
- does not search the local subnet when you include addresses. To search the local subnet use -local.
- command line values take precedence over any configuration file values, apart from when including addresses, excluding addresses and specifying port and community strings where the values are combined.
- generates output to the dev.txt file. To specify a different name, use a parameter of –o <filename> (see Entuity System Files). The device file is written in a format that can be used directly by proliferate, consisting of lines of IP addresses followed by community strings (the file also contains comments, beginning with the ‘#’ character).
autoDiscovery calls proliferate, which by default adds all SNMP pollable devices to the candidate devices list in Entuity. If:
- Entuity recognizes the device, it is added to the candidate devices list as a device of that type.
- Entuity can generate an uncertified vendor file, it is added to the candidate devices list as Unclassified.
- Entuity does not recognize the device, it is added to the candidate devices list as a device without type.
Usage, syntax and options
Usage 1
This usage is only available with SNMPv1/v2c devices:
autoDiscovery [ -follow ] [ options... ]
Search only the network(s) to which the current host is attached.
In this usage, autoDiscovery is run by itself. autoDiscovery only includes the local subnet to which the host is attached in the search. Any new subnets that are discovered are not followed.
The -follow option enables following of new subnets.
Usage 2
This usage is only available with SNMPv1/v2c devices:
autoDiscovery -in addresses [ -ex addresses ] [ -local ] [-follow ] [ options... ]
Search only the hosts or networks specified.
- -in <addresses>
Comma separated list of hosts or networks to include in the search. - -ex <addresses>
Comma separated list of hosts or networks to exclude from the search. - -local
Search the networks to which the current host is attached. - -follow
Automatically search new network(s) that are discovered.
In this usage, autoDiscovery is run with a list of addresses to include in, or exclude from, the search. When you want to:
- search the network to which the current host is attached, either include it in the list or use the -local option.
- follow new subnets, the -follow option must be given.
Usage 3
This usage is available with SNMPv1/v2c and SNMPv3 devices:
autoDiscovery -config [ file ] [ options... ]
Read options from configuration file.
- -config
autoDiscovery can read options and data, such as included addresses, from a configuration file. When a file is not specified then autoDiscovery looks for the default configuration file, entuity_home\etc\autodisc.cfg.
It is preferable to specify all the required options in the configuration file, although you can also use the command line. When options have already been specified in the configuration file, the command line options usually take precedence. The exceptions are: include addresses, exclude addresses, ports and community strings where configuration file and command line values are combined.
The scope of autoDiscovery’s search is therefore derived from a combination of command line, configuration file and default values, for example:- if you do not include addresses, autoDiscovery takes the host’s subnet as the scope. If you have included addresses but also want to search the host’s subnet then use -local. Alternatively, you can give the local network as an included address.
- if you include addresses through the configuration file and command line, autoDiscovery takes the combined address list as its scope. Similarly, if you exclude addresses through the configuration file and command line autoDiscovery takes the combined list and excludes it from the scope.
- if you include and exclude the same port, then autoDiscovery excludes the port from the search.
- if you want autoDiscovery to follow subnets it discovers then it must be configured with -follow.
Syntax options
- -addpingonly
instructs autoDiscovery to set management level for the device to Ping Only when a
device only responds to ping. When autoDiscovery-nodb is set, this option is ignored. - -auto
Instructs autoDiscovery to check the value of the automatic variable in the
autodiscovery section of entuity.cfg. When this value is:- 0, autoDiscovery is stopped and does not run automatically.
- 1, autoDiscovery runs each Sunday at 01:00 hours.
During the configuration of Entuity, if you created your device file using autoDiscovery, then autoDiscovery is running using -auto. By default automatic is set to 1, so autoDiscovery will automatically run every Sunday (for details on automatic, see entuity.cfg).
- -c <string>
where <string> is comma separated list of community strings, no white spaces between, to be tried when SNMP data is requested. The default - “public” - should be included in the list if it is required. If the -c parameter is not specified, “public” is used. - -dontallowipchange
instructs autoDiscovery to use the first discovered IP address on a device as its management address. - -excludesysoids=<sysoid>
excludes the detailed sysoid from autoDiscovery. This example excludes Cisco Unified Communications Manager from autoDiscovery:
-excludesysoids=1.3.6.1.4.1.311.1.1.3.1.2
- -f <n>
this sets the SNMP final wait period, the period autoDiscovery waits to capture responses from final requests. When SNMP responses are slow or you are using more threads you may need to increase this final wait period.
The SNMP final wait is linked to the Ping response time (-pt). The default of 30 seconds is 10 times the Ping response time. If you amend the Ping response time you may want to maintain this 10:1 relationship.
To change the final wait period, enter the new value in seconds. - -h and -?
both open the help file, supplying an up-to-date list of commands and associated descriptions. - -hn
do not resolve discovered IP addresses to host names. The default is on. - -i
instructs autoDiscovery to mark all interfaces on discovered devices as unmanaged. - -ith <n>
determines the number of addresses autoDiscovery can ping simultaneously, by setting the number of threads on the IP address queue. The default is 512 (see Setting the Number of Threads). - -m
instructs autoDiscovery to mark only management interfaces on discovered devices as managed. - -ma <n>
sets the largest allowed subnet size that is included in the autoDiscovery search, e.g. -ma 16 excludes from the search subnets that have more than 16 addresses. The default is unlimited, therefore all classes of subnets are fully pingable. - -nodb
do not automatically populate the database. - -o <filename>
name of device output file (default is dev.txt). - -p <ports>
where <ports> is a comma separated list of ports, no white spaces between, to be tried when SNMP data is requested. - -progress
includes progress details to standard out. - -prune
autoDiscovery discards networks if it receives a Network Unreachable response for thea ddress or a subnet within it.
As prune causes autoDiscovery to discard networks you must be careful that you specify the search address(es) at an appropriate level. If you specify a network address that has a number of subnets, it only requires one of those subnets to be unreachable for autoDiscovery to regard that whole network address being unreachable. autoDiscovery then stops searching the specified network address (possibly missing reachable subnets) and moves to the next specified address.
For example, this network list is suitable for -prune:
212.15.70.0
These are Class C subnets which do not contain subnets. If one of these networks is unreachable, it is not searched, speeding up the autoDiscovery process. The unreachable subnet does not stop autoDiscovery searching the other two subnets.
212.15.71.0
212.15.72.0
204.4.143.0
In this network list the first address is not suitable for -prune:
212.15.0.0
It is a Class B subnet which, in this example, contains subnets 212.15.70.0, 212.15.71.0, and 212.15.72.0. If a Class C subnet within the specified Class B subnet is unreachable (e.g. does not yet exist), autoDiscovery stops the discovery process on the entire Class B subnet, and if applicable searches the next specified address.
204.4.143.0
Continuing the example, if 212.15.70.0 is reached, but 212.15.71.0 is unreachable, then autoDiscovery does not search for 212.15.72.0. autoDiscovery searches the next specified address, 204.4.143.0. The only data returned from 212.15.0.0 is from the first subnet, 212.15.70.0. - -pt <n>
set ping timeout to n seconds, the default is 3 seconds. You can:- decrease the timeout period to speed up autoDiscovery. On a slow network you are increasing the probability of not including every single device.
- increase the timeout period to improve the reliability of autoDiscovery results. On a slow network this increases the length of time it takes autoDiscovery to run.
- -rememberendhosts
maintain a list of all IP addresses, even those that are only able to respond to ping. This is a resource intensive setting. - -sth
determines the number of simultaneous autoDiscovery SNMP requests by setting the number of threads on the SNMP queue. The default is 64 (see Setting the Number of Threads). - -usestdout
sets autoDiscovery output to standard out (i.e. the console) rather than the output file. - -v
verbose mode, where detailed diagnostic information is produced and written to the log file, autodiscovery.log.
See also
proliferate, showdevs and prolifsys.
Setting the timeout parameter
The ping timeout defaults to 3 seconds, but can be modified using the parameter –pt <n>.
The SNMP timeout varies with the ‘ping’ response time, and so you do not need to specify the SNMP timeout on the command line.
You can speed up autoDiscovery by reducing the ping timeout, but risk the possibility on a slow network of not discovering every single device. You can increase confidence in the reliability of the results by increasing the ping timeout.
To change the final wait period, use –f <n>. This defaults to 30 to allow for worst case scenario SNMP timeout.
Setting the number of threads
You can speed up autoDiscovery by increasing the number of threads it uses, as most time is spent waiting for ‘ping’ responses. However, more threads cost more system resources – and there is no upper limit currently set in autoDiscovery. This means that setting the number of threads is an ‘advanced’ option.
To set the number of threads on the IP address queue, use –ith <n> . The default is 512 threads.
To set the number of threads on the SNMP queue, use –sth <n>. The default is currently 64 threads. Increasing the n argument has a less far-reaching effect than would be the case with -ith, as far fewer devices get to the SNMP stage.
configuration file.
Writing a configuration file
Allowed section headings in a configuration file are:
[ports]
[community strings]
[included addresses]
[excluded addresses]
[options]
An example configuration file:
[ports]
161
162
[community strings]
public
[included addresses]
137.73.8.10/255.255.255.0
slinky.cs.nyu.edu
[options]
-ith=64
-sth=32
-follow
-local
-nodb
When a configuration file:
- does not contain a section of included addresses, then the subnet to which the host is
currently attached is searched. - does not contain a section of ports, then the default port 161 is used.
- does not contain a section of community strings, then the default string "public" is used.
- does not contain a particular option, then default values are used. For example, by default autoDiscovery does not search discovered subnets. Set the option -follow to allow autoDiscovery to search discovered subnets.
Specifying IP addresses
autoDiscovery takes the IP address and subnet mask of the local machine. You can specify other machines or networks if required.
The format for specifying hosts and subnets is:
{ a[.b[.c[.d]]][/e.f.g.h] | hostname }
where each letter a..h is a number between 0 and 255 decimal inclusive.
IP addresses may be partial, and can optionally be followed by a slash and a subnet mask on the same line. In these cases a subnet is specified. A host can also be a machine name.
Examples are:
- 204.4.143.147 (a machine).
- hurricane (machine).
- 204.4.143 (a subnet).
- 204.4.143.0 (a subnet).
- 204.4.143.147/255.255.255.0 (a subnet).
autoDiscovery is currently sensitive (negatively) to white space in these files.
If you specify a big subnet, or if one turns up during the search, the number of potential addresses is checked against the maximum allowed. The default is not specified, so all sizes of subnets are allowed. You can change this using -ma to reduce the size of subnets that autoDiscovery is allowed to search.
Files
For SNMPv1/v2c and SNMPv3 devices, autoDiscovery configuration is defined through entuity_home/etc/autodisc.cfg. In addition, you can also configure discovery of SNMPv1/v2c devices from the command line. Where a device supports both SNMPv1/v2c and SNMPv3 credentials, Entuity uses SNMPv3.
Discovered devices are added to Entuity and to the device file, by default dev.txt
backup
Location | entuity_home\bin |
Type | process. By default runs each evening at 23:00. |
Invoked By | provost |
User Invocation | command line. |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\backup.log.[1..4] |
Usage
By default, backup is run automatically by provost every evening at 23:00. You can also run backup from the command line:
backup
When run manually, you need to ensure that the Entuity database server is running.
Description
The backup utility dumps:
- DSALPHA database to entuity_home\database\data\backupsw
- EOSdb database to entuity_home\database\data\backupdb
- GreenIT database to entuity_home\database\data\GreenIT
- secdb database to entuity_home\database\data\backupsecdb
- MySQL users table to entuity_home\database\data\backupmysql
The databases are not backed up individually.
The contents of DSALPHA, EOSdb, secdb and MySQL are dumped automatically. The only exception from EOSdstream is the dsutilization table that contains fast port data. The table structure is backed up but its contents are not currently included in the backup. With regard to EOStrend, all tables that have not been backed up before, or are empty, are backed up, together with all the data contained in existing tables that is more recent than the data in previous backups.
The number of tables (if any) to be backed up is output to the screen, together with the confirmation as to whether or not the backup has been successful.
If you need to restore the databases from a backup, use the restore command.restore both restores the databases and also repairs any errors.
By default this backup is run every evening at 23:00 by provost. You can also run it from the command line.
See also
cfgDigest
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
cfgDigest is an investigative tool used with Entuity configuration files. It has two usages:
- present a configuration file in a standard structure.
cfgDigest c:\entuity\etc\sw_cpu_times.cfg
- compare two named configuration files.
cfgDigest c:\entuity\etc\sw_cpu_times.cfg c:\entuity\etc\
sw_cpu_times.cfg
changeState
Location | entuity_home\bin |
Type | internal process |
Invoked By | provost |
User Invocation | no |
Invoked Processes | n/a |
Configured Through | entuity_home\etc\provost.conf |
Log File | n/a |
Description
changeState updates a prole sequence number in the database after prole has run.
checkvcs
Location | entuity_home\bin |
Type | internal process |
Invoked By | n/a |
User Invocation | no |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
Internal use only. Used by the VCS integration to check status of the Entuity system
checkLicense
Location | entuity_home\bin |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Syntax
From the command line of the Entuity server machine for which the license was generated, you can use checkLicense to check the state of the license. It must always be run with one or more parameters, otherwise it may return an error.
You should always specify the license file, for example when running from entuity_home\bin of the Entuity server machine use this structure:
checkLicense -f c:\Entuity\etc\license.dat
When you want to run checkLicense on a different machine to the one on which the license is to be installed, then you must define additional parameters, e.g. the operating system to which the Entuity server is installed, its IP address, host identifier, MAC address.
For example, this allows you to check from Windows a license generated for an Entuity server installed to a Unix server:
checkLicense -s -i 10.0.0.1 -f c:\license\license.dat
These options are available with checkLicense:
- -f, indicates the name and, optionally, the location of the license file.
- -h <host-indent>, to be used when checking a license intended for an Entuity server
installed to Windows, Linux or VMware environments. In those environments the host
identifier is an integral part of Entuity licensing
- -i <ipaddress> , to be used when checking a license intended for an Entuity server installed to Unix environments. In these environments the host machine’s IP address is a key part of Entuity licensing.
- -m <macaddress> , indicates the host’s MAC address is a key part of Entuity licensing. This is reserved for possible future usage.
- -l, indicates that the license you are testing is for an Entuity server installed in a Linux environment (and need only be used when running checkLicense in a non-Linux environment).
- -s, indicates that the license you are testing is for an Entuity server installed in a Unix environment (and need only be used when running checkLicense in a non-Unix environment).
- -w, indicates that the license you are testing is for an Entuity server installed in a Windows environment (and need only be used when running checkLicense in a non-Windows environment).
- -v, indicates that the license you are testing is for an Entuity server installed in a VMware environment (and need only be used when running checkLicense in a non-VMware environment).
- -d <install-date>, use to specify the date and time of the Entuity installation.
- -k, identifies the license file as one generated in an obsolete format. This is usually not applicable in live systems.
Description
This utility checks the validity of the license file, by default license.dat, against the license server, decoding the contents of the license file and writing them to file stdout.
This is an extract of example output, with checkLicense ran from C:\Entuity\bin:
checkLicense -f c:\Entuity\etc\license.dat
PRODUCT EOSDevices
Expiry 01/Oct/2012 01:00:00
Count 1
OPTION 'C' - 600
PRODUCT IFA
Expiry 01/Oct/2012 01:00:00
Count 1
OPTION 'C' - 2
PRODUCT IFAPremium
Expiry 01/Oct/2012 01:00:00
Count 1
PRODUCT EOSsnews
Expiry 01/Oct/2012 01:00:00
Count 2
OPTION 'S' - 9999
PRODUCT EOSprovost
Expiry 01/Oct/2012 01:00:00
Count 1
PRODUCT TopologyMap
Expiry 01/Oct/2012 01:00:00
Count 1
PRODUCT EOSrca
Expiry 01/Oct/2012 01:00:00
Count 1
PRODUCT ReportServer
Expiry 01/Oct/2012 01:00:00
Count 1
PRODUCT TrapIntegration
Expiry 01/Oct/2012 01:00:00
Count 1
PRODUCT EOSobject0
Expiry 01/Oct/2012 01:00:00
Count 1
OPTION 'C' - 50000
OPTION 'P' - CISCOErrorDisableObject:0
OPTION 'P' - CheckpointModule:0
OPTION 'P' - HostConnectionTopoNodeEx:0
OPTION 'P' - HostConnection:0
OPTION 'P' - HostConnectionTopoNode:0
OPTION 'P' - VirtualCDROM:0
OPTION 'P' - VirtualController:0
OPTION 'P' - VirtualNIC:0
OPTION 'P' - VirtualDisk:0
OPTION 'P' - VirtualMachine:0
OPTION 'P' - ChargeableHypervisor:0:1
OPTION 'P' - HyperVisor:0
OPTION 'P' - VirtualizationPlatformDevice:0
OPTION 'P' - IPSLAUDPCreator:0
OPTION 'P' - IPSLATCPCreator:0
OPTION 'P' - IPSLAJitterVoIPCreator:0
OPTION 'P' - IPSLAJitterCreator:0
OPTION 'P' - IPSLAICMPEchoPoller:0
OPTION 'P' - IPSLAHTTPRawCreator:0
OPTION 'P' - IPSLAHTTPCreator:0
:
:
:
:
PRODUCT EYEVersion
Expiry 01/Oct/2012 01:00:00
Count 1
OPTION 'V' - EYE:12.5:Entuity_12.5
OPTION 'H' - 6b22bdfcc9f3193d2de813ceff89a70
where:
- C is the total amount of credits that the license permits.
- P is the policy group. Each group has its own rating, when set to 0 the group objects do not cost a license object.
- S is the credit value of one switch.
Error messages
When checkLicense returns expiry dates of 1969 or 1970 for each process, this indicates the license file is invalid. When the license file was valid but is now expired, checkLicense returns the correct expiry date.
WARNING: Hardware change detected, indicates a change in the hardware setup of the Entuity server since the license was installed, e.g. a change in MAC address.
Files
entuity.cfg, license.dat, hostIdentifier.txt.
configure
Location | entuity_home\install |
Type | command line utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | command line output, entuity_home\log\EYEConfigure.xxx.log |
Description
configure sets up the Entuity server, for example configure:
- configures the Entuity software, for example:
- database settings.
- activates and deactivates modules.
- sets module parameters.
- security settings.
- adds and updates available reports.
- sets the ports that Entuity uses, e.g. for Event Viewer, Entuity database.
- sets up necessary services (in a Windows environment).
- allows you to select the license file.
You can only run configure after install has successfully completed. In a Windows environment configure runs as a Java wizard or through the command line. In Linux environments only the command line option is available.
Following the initial configuration of Entuity, you can run configure as often as is required to apply customizations to your system, for example updates to site specific files. You can only run configure when the Entuity server is not running.
Syntax
configure [[text | gui] [showportwarning]] | [defaults] | [services] | [serverid ...]
Where:
- text instructs configure to run through the command line which is the default on Linux machines, but not Windows.
- gui instructs configure to run through the Java wizard which is the default on Windows machines.
- defaults instructs configure to run from the command line using the responses made the last time configure ran or using the settings in a specified defaults file. (See configure defaults <file>.)
- showportwarning instructs configure when run from the command line to display warnings when a port you are assigning to an Entuity process is already assigned to another process.
- services instructs configure to run but to only update the Windows services so that they apply to the current installation; the current installation must have been previously fully configured. The services option may be useful in a test environment where you have a number of Entuity installations. It is not recommended for use on your live installation.
- serverid includes a series of functions for identifying and updating the Entuity server identifier. (See configure serverid.)
configure defaults <file>
configure defaults instructs configure to run from the command line using the responses made the last time configure ran. configure defaults is useful when you have to re-run configure and do not want to amend any of the options available through configure, for example you have:
- applied one or more patches.
- upgraded Entuity.
- amended a setting in a configuration file (for which you must run configure to apply them).
configure defaults file instructs configure to run using the settings in a specified text file. This can be useful when configuring multiple Entuity servers with essentially the same setup. This example uses the defaults.cfg file from the specified path:
configure defaults D:/resources/defaults.cfg
The defaults file uses the same parameters as listed in entuity.cfg. configure uses the default values of any option specified.
This example defaults.cfg file sets the web port number and configures the Atrium integration (entuity_home/etc/installed_modules.cfg includes a list of module names that can be enabled):
[]
webportnum=81
[modules]
Atrium_Integration=1
[JustForTemplates]
AtriumProperties_eye.server=testVal1
AtriumProperties_dataexport.dbServer=testVal2
configure serverid
The server identifier is used within Entuity to uniquely identify a particular Entuity server, this is especially important:
- in multi-server environments where serverid distinguishes one server from another.
- restoring a database from one server to another server.
configure serverid has the syntax:
configure serverid { list | { { update | update_full } }
Where:
- list, lists all of the serverids known to the server, including associated remote servers. It is useful when checking the consistency of serverid throughout the installation, for example after a cloning of a device, or restoring a database to a different server. To list the serverids in the install, including any remote servers enter:
configure serverid list
- update, updates from the specified <source> the files and database with serverid.
- update_full, updates from the specified <source> the files and database with serverid but also dashboards, user selections and reports.
- <source> identifies to which serverid the server should be set:
- new generates a new unique server identifier for the Entuity install. new can be useful when Entuity was installed to a virtual machine which you have then cloned. As part of multi-server implementation it requires a unique serverid which you can fully assign to the cloned install, for example:
configure serverid update_full new
- from_db uses the unique server identifier in the Entuity database install and allows you to apply it across the Entuity install. from_db might be useful when the database is being restored to a new machine, for example the original machine has failed and you want to maintain the remote and central relationships established with the other Entuity servers. To set an Entuity install to use the serverid contained in the database enter:
configure serverid update_full from_db
- from_file uses the unique server identifier in entuity_home\etc\serverid.xml and allows you to apply it across the Entuity install. from_file can be useful when the database is being applied to a new machine, for example you want to use the setup from an existing server, its views, server accounts, report definitions but want it to be a unique install. To set an Entuity install to use the serverid contained in the entuity_home\etc\serverid.xml enter:
configure serverid update_full from_file
- <serverid> which is the manually entered serverid, for example 9a55e715-3c18- 4ef1-9cc9-f1b7f29ea576.
- new generates a new unique server identifier for the Entuity install. new can be useful when Entuity was installed to a virtual machine which you have then cloned. As part of multi-server implementation it requires a unique serverid which you can fully assign to the cloned install, for example:
These connections are invalid and should be removed.
See also
dbcheck
Location | entuity_home\bin |
Type | process, runs once when Entuity is started. |
Invoked By | starteye, configure |
User Invocation | command line |
Invoked Processes | myisamchk |
Configured Through | entuity_home\startup_o/s.cfg |
Log File | entuity_home\log\dbcheck.log.[1..4] |
Description
dbcheck verifies the last shutdown of mysqld completed successfully. When the shutdown was not successful it initiates a full check and, if necessary repair, of all database tables. Depending up on the size of your database this may take a significant amount of time, and so delay the start of Entuity. You can view its progress through dbcheck.log.
dbcheck is also called when configure runs if there is an existing database but no mysql.error.log which is usually the case when running an Entuity upgrade. dbcheck runs in fast mode (dbcheck -F) although you can set it to run in a more extensive mode (dbcheck -E).
You can run dbcheck from the command line but you should not run it when the database is running. dbcheck determines the successful shutdown of mysqld by scanning entuity_home\log\mysqld.error.log file for these messages:
081215 19:14:19 [Note] C:\entuity_z\database\bin\mysqld-nt: ready for connections.
081215 19:14:46 [Note] C:\entuity_z\database\bin\mysqld-nt: Normal shutdown
081215 19:14:46 [Note] C:\entuity_z\database\bin\mysqld-nt: Shutdown complete
071022 20:50:52 [ERROR] D:\Entuity\database\bin\mysqld-nt: Incorrect key file for table '.\dsalpha\dss_switchsystemresources.MYI'; try to repair it
When dbcheck detects an error, it invokes myisamchk to perform the table check and repair. A check and repair is also run when the previous run of mysqld contains an Incorrect Key file message.
Options
- -f, forces dbcheck to run without analyzing mysql.error.log for errors.
- -Q do not scan the database rows to check for incorrect links.
- -F, dbcheck checks only tables that were not properly closed. This is the default Repair option selected when re-running configure, for example during an Entuity upgrade.
- -C, dbcheck checks only tables that have been changed since the last check or that were not properly closed.
- -M, dbcheck scans rows to verify that deleted links are valid and calculates a key checksum for the rows and verifies this with a calculated checksum for the keys.
- -E, dbcheck runs a full key lookup for all keys for each row which ensures that the table is 100% consistent. This is an extended database check and, depending on the size of the database, may take a significant length of time.
- -h, dbcheck displays the help text.
Logs
Messages are written to dbcheck.log in entuity_home\log. Each time dbcheck starts it scans mysql.error.log and then records its actions in the log file, for example:
11/07/2014 13:59:37 INFO: (DBCheck.cpp)Scanning "C:\Entuity\log\mysqld.error.log" to check mysqld was correctly shutdown
11/07/2014 13:59:37 INFO: (MysqlErrorLog.cpp)mysqld last shutdown completed successfully: 141106 13:51:22
11/07/2014 13:59:37 INFO: (DBCheck.cpp)Check/Repair complete
The file automatically wraps to dbcheck.log.[1-4] when the log becomes full.
devDefunct
Location | entuity_home\lib\tools |
Type | process, runs once a day at 00:00 |
Invoked By | provost |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | entuity.cfg |
Log File | entuity_home\log\devdefunct.log.[1..4] |
Description
It is responsible for deleting devices from Entuity that have aged out and are therefore deemed defunct. By default, an age out value is not set, so devices are not automatically removed from Entuity. Through the devDefunct section in entuity.cfg you can set an age out value.
deviceDelete
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Syntax
deviceDelete deviceName
Description
The deviceDelete utility can be used to delete individual devices by name. The output upon successful deletion is in the following format:
INFO: Successfully deleted deviceName
devpoller
Location | entuity_home\bin |
Type | process, run when devices are added to Entuity. |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | prolifsys, macman, ipman, vipman, nicman |
Configured Through | entuity.cfg |
Log File | entuity_home\log\devpoller.log.[1..4] |
Description
This process is run when devices are added to Entuity, calling the processes that identify device details.
devsysman
Location | entuity_home\bin |
Type | process, run once daily at 04:30 |
Invoked By | provost |
User Invocation | command line |
Invoked Processes | prolifsys, macman, ipman, vipman, nicman |
Configured Through | n/a |
Log File | entuity_home\log\devsysman.log.[1..4] |
Description
Responsible for the SNMP polling of network devices for system-related information, including system location and description.
diskMonitor
Location | entuity_home\bin |
Type | process, runs continuously. |
Invoked By | starteye |
User Invocation | command line |
Invoked Processes | prolifsys, macman, ipman, vipman, nicman |
Configured Through | entuity.cfg [diskMonitor] |
Log File | entuity_home\log\diskMonitor.log.[1..4] |
Description
This process monitors disk space on the Entuity server and is invoked when Entuity starts up. diskMonitor polls for disk space where the Entuity database is installed. It compares this value to two thresholds, if it falls below the:
- first, then diskMonitor sends events to EMS.
- second, then diskMonitor initiates the shutdown of Entuity. This prevents corruption of the database that can occur when disk space is not available.
You can configure diskMonitor, e.g. set threshold values, period between samples, through entuity.cfg.
Logs
Messages are written to diskMonitor.log in entuity_home\log. Each time diskMonitor starts it writes to the log its current settings. Each time it analyzes a sample, it writes the results to the log. The file automatically wraps to diskMonitor.log.[1-4] when the log becomes full.
dnsproxy
Location | entuity_home\bin |
Type | process |
Invoked By | provost |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | entuity.cfg [dnsProxy] |
Log File | entuity_home\log\dnsproxy.log.[1..4] |
Description
dnsproxy makes DNS requests and creates a DNS cache which is accessed by Entuity processes. The cache is limited to 10,000 per zone. This is configurable in etc\entuity.cfg. If the cache is exceeded Entuity drops the least recently used entries.
dnsproxy refreshes the cache:
- when the Entuity object inventory changes, e.g. a new device is managed, a device is added to a zone.
- within 10 minutes, if a zone was unavailable.
Options
- ?, displays help.
- .exit, quits the dnsproxy action.
- .invalidate, simulates a zone modification.
- .list, displays configured zones. .port, display dnsproxy port number.
- .stats, display dnsproxy statistics for the current zone.
- .dump, display dnsproxy contents for current zone.
- .walk <start> <cnt>, display dnsproxy contents for current zone from start limited to cnt items.
- .purge, discard dnsproxy contents for the current zone.
- .zone <zone>, set current zone by id or name.
- .version <4|6>, set ip version to 4 or 6.
- <ipAddress>, perform reverse dns lookup.
- <host>, perform dns look up.
domman
Location | entuity_home\bin |
Type | process, runs daily at 05:30. |
Invoked By | provost |
User Invocation | command line |
Invoked Processes | prolifsys, macman, ipman, vipman, nicman |
Configured Through | entuity.cfg |
Log File | entuity_home\log\domman.log.[1..4] |
Description
Responsible for maintaining the system domain tables, including device and VLAN domains.
DsKernelStatic
Location | entuity_home\bin |
Type | process, runs continuously. |
Invoked By | starteye |
User Invocation | n/a |
Invoked Processes | StormWorks functionality |
Configured Through | sw_name.cfg.startup_O.S.cfg |
Log File | entuity_home\log\dskernel.log.[1..4] |
Description
This process actions activities for which it has been configured through StormWorks configure.
dumpipnettoport
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
dumpipnettoport exports the ipnettoport table to the command line. ipnettoport maps IP addresses to device ports.
dumpiptodev
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
dumpipnettoport exports the ipnettodev table to the command line. ipnettodev maps IP addresses to devices.
dumpvip
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
dumpvip exports virtual IP addresses to the command line.
duplexman
Location | entuity_home\bin |
Type | process, runs daily at 07:00 |
Invoked By | provost |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | entuity.cfg |
Log File | entuity_home\log\duplexman.log.[1..4] |
Description
Responsible for maintaining the port duplex tables, so Entuity recognizes whether each managed port is full or half duplex.
encode_keychange
Location | entuity_home\lib\tools |
Type | third-party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
This utility and documentation is provided according to its license terms, which can be viewed under entuity_home\licenseTerms\Net-SNMP.
Syntax
encode_keychange -t md5|sha 1 [OPTIONS]
Description
encocde_keychange produces a KeyChange string using the old and new passphrases as described in Section 5 of RFC 2274 "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)". -t option is mandatory and specifies the hash transform type to use.
The transform is used to convert passphrase to master key for a given user (Ku), convert master key to the localized key (Kul), and to hash the old Kul with the random bits.
Passphrases are obtained by examining a number of sources until success (in order listed):
- Command line options (see -N and -O options below);
- The file $HOME\.snmp\passphrase.ek which should only contain two lines with old and
new passphrase; - Standard input -or- user input from the terminal.
Options
- -E [0x] <engineID> EngineID used for Kul generation.
<engineID>is interpreted as a hex string when preceded by 0x, otherwise it is treated as a text string. If no <engineID> is specified, it is constructed from the first IP address for the local host. - -f, force passphrases to be read from standard input.
- -h, display the help message.
- -N "<new_passphrase>" , passphrase used to generate the new Ku.
- -O "<old_passphrase>" , passphrase used to generate the old Ku.
- -P, turn off the prompt for passphrases when getting data from standard input.
- -v, be verbose.
- -V, echo passphrases to terminal.
eyepoller
Location | entuity_home\bin |
Type | utility |
Invoked By | starteye |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through |
entuity_home\etc\startup_o/s.cfg entuity_home\etc\eyepoller_overrides.cfg |
Log File | entuity_home\log\eyepoller.log |
Description
By default, eyepoller polls for interface utilization, fault and congestion data at five minute intervals. eyepoller does not poll ports that adminstratively down.
eyepoller is configurable through entuity.cfg, as are associated events which monitor the accuracy of polling. These events are not enabled by default.
RFC 2863 requires interfaces that operate above 20 Mbps to support 64 bit counters; SNMP agents that support 64 bit counters are available from SNMPv2 onwards. However, eyepoller can successfully poll ports with a speed of 105Mbps or below using SNMPv1 polling of 32 bit counters. For eyepoller to collect traffic and utilization data for ports with a speed above 105Mbps there must be accompanying 64 bit counter support in the device’s SNMP agent.
Entuity recommend checking devices for installation of SNMP agents that support 64 bit counters. For example you can test a device’s 64 bit counter support using entuity_home\lib\tools\snmpwalk:
snmpwalk –v2c -c <community> <device> .1.3.6.1.2.1.31.1.1.1.6
eyepoller uses a number of 64 bit counters including IF-MIB::ifHCInOctets.
Where the device agent does not support 64 bit counters you should consider upgrading the agent.
FixNewBinVendor
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | command line |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
Prior to Entuity introduction of generically managed devices, Entuity would, where possible, automatically generate device definitions and assign device types to devices for which it did not contain vendor definition details.
FixNewBinVendor allows you amend attr.cfg, so existing devices that are managed through newbin.vendor use the generic device type, rather than switch or router. This utility only requires running once.
flowCollector.bat
Location | entuity_home\bin |
Type | utility |
Invoked By | n/a |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
With Integrated Flow Analyzer you should amend port to application mapping through the web UI. These mappings are held in entuity_home\etc\flow-applications-template.txt, which you can directly amend. flowCollector.bat is a batch file to be run when you have edited the template file.
To load the mappings, from entuity_home\bin enter:
flowCollector -loadMappings
You can also run the batch file to check the status of current flow collection, from entuity_home\bin enter:
flowCollector -stats
flowCollector displays a report to the screen, for example:
Flow Collector Started: Wed Aug 11 13:58:58 BST 2010
Receiver on port 9996 (receive buffer size = 8192 b)
Accepted packets: 17331, bytes: 7071048
Packet queue usage: 0 from available 1000 (peak usage: 1)
Number of accepted packets: 17331
Number of dropped packets: 0
Packet processor (checking packet sequences: yes)
Unrecognized packets: 0
Missed packets: 0
Total packets: 17331
Total flow records decoded: 138648
Flow Buffer
Number of flows dropped due to flush partition busy: 0
Accepted 138648 flows from a total of 138648
NetFlowV9 unprocessed flows:
option flow sets: 0
data sets due to no template: 0
flows due to IPv6: 0
flows due to insufficient data: 0
Recent partition stats:
flows received: 80, dropped: 0, grouped: 72
flows received: 80, dropped: 0, grouped: 72
flows received: 80, dropped: 0, grouped: 72
flows received: 80, dropped: 0, grouped: 72
flows received: 80, dropped: 0, grouped: 72
Flow Buffer Flusher recent writes:
0 ms for 8 records
0 ms for 8 records
0 ms for 8 records
0 ms for 8 records
0 ms for 8 records
Performance Sampler
Recent write times for Interface
16 ms for 2 records
Recent write times for Device
0 ms for 1 records
Recent write times for Performance
0 ms for 23 records
Flow Filter
perform inventory filtering: yes
in-memory version: Thu Jul 15 13:46:01 BST 2010
exclusion rules: 0
Application port mapper
in-memory version: Fri Jul 09 10:43:59 BST 2010
NetFlow v9 Store
number of templates: 0
Age Out Job recent deletes:
0 ms for 26 records
0 ms for 0 records
0 ms for 8 records
0 ms for 26 records
16 ms for 0 records
0 ms for 8 records
0 ms for 26 records
0 ms for 0 records
0 ms for 8 records
0 ms for 26 records
getDownstream
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation |
|
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Syntax
Entuity identifies managed objects using two different methods, and each method assigns objects their own unique identifiers. These identifiers are normally only used by internal Entuity processes. However, you can access these identifiers:
- ForkEvent forwards objectID and objectType as part of eosObjectID.
- Entuity Remedy AR System integration module uses ForkEvent to forward objectID,
objectType and StormWorksID as part of eosObjectID. - Flex Reports allow you to report on StormWorks identifiers when you select Show Hidden Data.
Where you are receiving the identifiers through ForkEvent, you should use getDownstream with:
getDownStream.exe objectID objectType
where:
- objectID is the unique identifier for that managed object.
- ObjectType is 0 for device, and 1 for port.
Where you identify the object through running a Flex Report to find the StormWorks identifier use this syntax:
getDownStream StormWorksID
Description
Network Outage events indicate the number of devices impacted by a node failure. From the command line you can run getDownstream to view a list of the devices impacted by the failure. getDownstream shows the devices Availability Monitor identified as being impacted by the node failure the last time Availability Monitor ran.
getDownstream can also be called from a context sensitive User Action in the Events dashlet.
Files
entuity.cfg, license.dat
hostIdent
Location | entuity_home\bin |
Type | process, runs during Install. |
Invoked By | Install |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\etc\hostIdentifier.txt |
Description
The license file restricts installation of Entuity to the server for which you provided a host identifier.
You must provide to your Entuity supplier the host identifier of the machine to which you want to install Entuity. You can discover this by running hostident:
- before installation, by obtaining a copy of hostident from your Entuity contact, and running it from the command line. hostident displays the host identifier on the command line.
- as part of install, install displays the host identifier.
- as part of configure, configure displays the host identifier.
From Entuity 21.0 P01 and Entuity v20.0 P06 upwards, you can use the following option flags to specify different (but still valid) IP/MAC addresses for the host identifier:
- -i for IP address.
- -m for MAC address.
- -s to print system information.
You can run hostident from the command line:
hostIdent
httpd
Location | entuity_home\lib\apache\bin |
Type | process, runs continuously. |
Invoked By | n/a |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through |
|
Log File |
|
Description
This process is a web server for the GUI front end. It is started and stopped automatically. The web server used is the public domain Apache web server. For details on the error and access log messages created, refer to the Apache documentation at http://www.apache.org.
install
Location | on the supplied software image. |
Type | command line utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\EYEInstall.log |
Description
install installs the Entuity software to your server. It is the first step in setting up your server, and must successfully complete before you can configure it.
Through install, you can specify the folders Entuity uses to build the database and locate the log files. On completion it identifies the current license file and the host identifier.
Syntax
install [text ¦ gui] ¦ [no-configure] ¦ [to <path>]
Where:
- text instructs install to run through the command line which is the default on Linux machines, but not Windows. In Windows, install runs as a Java wizard.
- gui instructs install to run through the Java wizard which is the default on Windows machines, but not on Linux. In Linux, install runs through the command line.
- no-configure instructs install to not trigger the running of configure.
- to <path> allows entry of the directory to which to install Entuity. install prevents installation to a system directory.
See also
instService
Location | entuity_home\bin |
Type | process, run during install. |
Invoked By | configure |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | configure |
Log File | n/a |
Description
instService creates the Entuity Windows services during server installation.
ipman
Location | entuity_home\bin |
Type | process, run each day at 05:00, 10:00 and 15:00 |
Invoked By | provost |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | provost.conf, entuity.cfg [ipman] |
Log File | entuity_home\log\ipman.log.[1..4] |
Syntax
ipman usage options
ipman <ttl> [deviceName] [-d] [-f] ¦ ipman -h
where:
- ttl, sets the number of iterations of ipman before a MAC to IP address mapping expires.
- deviceName, device to poll. When not specified ipman polls all managed devices.
- -d, sets the debug level.
- -f, instructs ipman to check ipman.devicefile in entuity.cfg for a device file. In this device file you can specify routers which Entuity does not manage but from which you want to collect ARP cache information. Entuity requires ARP cache details for connected end host IP address identification. By default, provost runs ipman with -f but does not reference, or require, a device file. ipman.log includes an information message reporting a device file is not specified:
INFO: Unable to open a device file: please set ipman.devicefile in entuity.cfg to the full path and name of your device file.
- -h, calls help when used from the command line.
Description
ipman uses SNMP to gather ARP (Address Resolution Protocol) entries from devices. ipman, by default, gathers ARP information from each of the devices being managed by Entuity, checking ARP cache entries for switch and router capabilities.
You can configure ipman to gather ARP data from devices not managed by the Entuity server by running ipman against a specific device, or a list of devices specified in a configuration file.
ipman ignores MAC addresses in the range 00:00:0C:07:AC:00 to 00:00:0C:07:AC:FF, this range can be extended through the macman section in entuity.cfg.
When zones are configured, ipman places local ARP entries in the appropriate zone according to the interface on which they were seen.
Example ARP Cache Collection
In multi-server environments, an Entuity server may not manage routers from which it requires ARP cache information to perform end host IP address resolution on devices it does manage. These routers may be managed by other Entuity servers. Rather than have more than one Entuity server manage the same routers, through a device file you can configure ipman to collect ARP cache information from these routers.
By default, provost runs ipman with -f, but does not reference a device file. You must create a device file and through entuity.cfg identify it to ipman. ipman can then collect ARP cache information from the routers specified in the device file.
In order to set ipman to collect ARP cache information from routers an Entuity server does not
manage:
- create a tab delimited text file containing the host names or IP addresses, and SNMP
read community strings for the routers ipman polls.
For example the file entuity_home\etc\arp_cache_devices.cfg contains:
router1_hostname community_xxx
Entuity recommend you use the example location and name of the device file to ensure it is maintained during Entuity upgrades.
router2_hostname community_xxx
router3_hostname community_xxx - In entuity.cfg, specify the name of the device file, D:\Entuity\etc\entuity.cfg:
[ipman]
devicefile=D:\Entuity\etc\arp_cache_devices.cfg - The next time ipman runs, it references the device file.
You can check the success of the polling through ipman.log:
INFO: Opened D:\Entuity\etc\arp_cache_devices.cfg
INFO: Got arp info for device router1_hostname
.
.
kill
Location | entuity_home\lib\tool |
Type | command line |
Invoked By | n/a |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
Terminates the process using its process identifier. For example, to kill process number 9:
kill 9
licenseSrvr
Location | entuity_home\bin |
Type | process, runs continuously. |
Invoked By | starteye |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through |
|
Log File | entuity_home\log\license.log.[1..4] |
Description
This process, together with DsKernelStatic, manages the Entuity licenses. It is started with the other main system processes. Before managing a new object, Entuity checks that the license allows the object to be managed. Licensing information is read from the license each time the Entuity server starts. By default, licensing information is read from file entuity_home\etc\license.dat.
macman
Location | entuity_home\bin |
Type | process, runs daily at 09:30 |
Invoked By | provost, macscheduler |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | [macman] |
Log File | entuity_home\log\macman.log.[1..4] |
Description
macman gathers MAC (Media Access Control) information for the devices Entuity manages.
This allows Entuity to display port end hosts.
macman ignores MAC addresses in the range 00:00:0C:07:AC:00 to 00:00:0C:07:AC:FF, these are reserved for ethernet and FFDI HSRP group virtual mac addresses. You can extend the MAC addresses that macman ignores through the macman section in entuity.cfg.
macScheduler also runs macman on devices when the port operational status of any monitored non-router port changes from inactive to active. This status change implies other changes have also occurred on the port and MAC addresses require checking.
Entuity checks for the port operational status every hour for non-router ports.
Entuity adds a five minute delay before running a MAC address check on a device, resulting from a port status change, in order to suppress many port changes occurring in a short space of time and flooding the server (and device) with requests. When port status changes occur on many devices in a short period of time (e.g. at the beginning of the day when everyone connects and logs on), then the MAC checks for some devices may be delayed further due to the load on the server.
Switch ports that have more than ten MAC addresses and also have associated VLANs are identified as trunk ports. Entuity does not display the end hosts of trunk ports.
MAC addresses are aged out of the database using a ‘time to live’ scheme whereby a MAC address is only discarded when it has not been seen anywhere in the network for seven days. However Entuity retains MAC address change history until the number of event changes reaches a set limit, at which point Entuity discards the oldest change history record.
macScheduler
Location | entuity_home\bin |
Type | process, runs daily at 09:30. |
Invoked By | change in port status to active. |
User Invocation | n/a |
Invoked Processes | macman |
Configured Through | startup_O/S.cfg |
Log File | entuity_home\log\macScheduler.log.[1..4] |
Description
This process runs macman on devices when the port operational status of any monitored non-router port changes from inactive to active. This status change implies other changes have also occurred on the port and MAC addresses require checking.
myisamchk
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
myisamchk gets information about your database tables or checks, repairs, or optimizes them. myisamchk works with MyISAM tables (.MYD and .MYI suffixed files).
myisampack
Location | entuity_home\database\bin |
Type | database utility. |
Invoked By | user |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
myisampack compresses MyISAM tables (.MYD and .MYI suffixed files), compressing each column in the table separately.
mysql
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
mysql is a simple SQL shell (with GNU readline capabilities). It supports interactive and non-interactive use. When used interactively, query results are presented in an ASCII-table format. When used non-interactively (for example, as a filter), the result is presented in tab-separated format. The output format can be changed using command options.
mysqladmin
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
mysqladmin is a client for performing administrative operations. You can use it to check the server's configuration and current status, to create and drop databases, and more.
mysqlcheck
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
mysqlcheck client checks, repairs, optimizes, and analyzes tables.
mysqld
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | starteeye |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | entuity_home\database\data\<hostname>.err |
Description
This process is the database server. It listens on a single TCP/IP port number (default 3306), through which the Entuity database can be accessed.
mysqldump
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
mysqldump can be used to dump a database or a collection of databases for backup or transfer to another SQL server. The dump typically contains SQL statements to create the table, populate it, or both. However, mysqldump can also be used to generate files in CSV, other delimited text, or XML format.
mysqlimport
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
mysqlimport is a data import utility providing a command-line interface to the LOAD DATA INFILE SQL statement.
mysqlshow
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
mysqlshow allows you to view which databases exist, their tables, or a table's columns or indexes.
newcommunity
Location | entuity_home\libtools |
Type | database utility |
Invoked By | user |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\newcommunity.log.[1..4] |
Syntax
newcommunityold-community new-community
Description
The newcommunity utility is used to change all instances of device SNMP read community string old-community to new-community. Once the utility has completed its processing successfully, the following confirmation message is displayed:
Modified community strings of n devices
where n is the number of instances that were changed.
Files
entuity.cfg and bin.vendor
See also
nicman
Location | entuity_home\bin |
Type | process, runs daily at 21:00 |
Invoked By | provost |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | provost.conf |
Log File | entuity_home\log\nicman.log.[1..4] |
Description
This process combines end host MAC and IP address information held in the database, and stores it in a form suitable for use by other applications.
ObtainGenericVendor
Location | entuity_home\bin |
Type | process |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\obtaingenericvendor.[1..4] |
Description
Entuity now takes under its management devices without a device support dataset (vendor file). Entuity first attempts to create a generic vendor file and if that fails devices are still polled.
ObtainGenericVendor -y
For example, if Entuity is managing a device with the unsupported sysoid sysoid: .1.3.6.1.4.1.9694.1.4, ObtainGenericVendor would create a new device support dataset:
entuity_home\Entuity\etc\uncertified\1.3.6.1.4.1.9694.1.4.vendor
perror
Location | entuity_home\database\bin |
Type | database utility |
Invoked By | user |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
perror prints a description for a system error code or for a storage engine (table handler) error code.
probity
Location | entuity_home\lib\tools |
Type | process, runs continuously. |
Invoked By | user |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Syntax
probity
Description
probity displays information about the devices currently being monitored in the Entuity management environment. It is useful for checking the integrity of the database, and can be used to troubleshoot system problems.
An example of the output produced is shown below:
1 routerb2 Attr:1 Prole ID:5 RawData:12
2 routerc1 Attr:1 Prole ID:5 RawData:16
3 routerc2 Attr:1 Prole ID:4 RawData:16
One row of information appears for each device being managed. The first column lists the device ID, and is used for internal purposes. The second column lists the device name, as defined by the System Administrator. The third column lists the number of entries this device has in the database ‘attributes’ table (this value should always be set to 1). The fourth column displays the ID of the poller responsible for monitoring the device. If this value is set to ‘INVALID’, then Entuity is not polling the device, the most likely reason being that the poll time is too long. The fifth column displays the number of ports that are being monitored for the given device.
Files
entuity.cfg
See also
prodigy
Location | entuity_home\bin |
Type | process, runs on completion of prole. |
Invoked By | provost |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | provost.conf |
Log File | entuity_home\log\prodigy.log.[1..4] |
Description
prodigy is responsible for analyzing the polled data, forwarding information to the trend database for storage, and for removing any ports that are marked for deletion. It also checks there are enough license credits to manage all of the ports on the device
profluent
Location | entuity_home\bin |
Type | process, runs once a day at 04:00 |
Invoked By | provost |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | provost.conf |
Log File | entuity_home\log\prof.log.[1..4] |
Description
This process manages the relationship between the prole process(es) and network devices. The profluent process calculates the number of proles that need to be run, based on the variances between typical device polling times.
prole
Location | entuity_home\bin |
Type | process, runs every 20 minutes. |
Invoked By | provost |
User Invocation | n/a |
Invoked Processes | setupProle |
Configured Through |
provost.conf |
Log File | entuity_home\log\prole.log.[1..4] |
Description
This process is responsible for SNMP polling a predefined list of networking devices. Multiple proles may be started simultaneously, depending on the number of devices being managed.
The SNMP response data is forwarded to the database for storage and subsequent analysis by prodigy. For hubs, prole also artificially creates outbound data (octets/packets), which hubs do not provide.
prole uses vendor information, supplied through bin.vendor individual vendor files, and mib.txt.
proliferate
Location | entuity_home\bin |
Type | process |
Invoked By | autoDiscovery |
User Invocation |
|
Invoked Processes |
|
Configured Through |
|
Log File | output is usually to stdout, unless autoDiscovery is run from the command line with the appropriate settings, in which case the output is to entuity_home\log\proliferate.log.[1..4] |
Description
proliferate compares the SNMP devices Entuity currently manages against those you specify it should be managing, attempting to add devices when found. When adding devices to Entuity, proliferate:
- attempts to identify the device type, first using individual vendor and then bin.vendor files.
- identifies whether the device supports router, switch, router/switch or none of these system capabilities.
- has an extensive set of switches that you can use to tailor its behavior for each device:
- the communication protocol Entuity uses to manage a device, i.e. IPv4 (default), IPv6.
- the Entuity device management level, i.e. Full, Full (Mgmt Port Only), Full Management (No Ports), Basic, Ping Only, None.
You can set the device(s) proliferate attempts to add to Entuity using:
- a device file. proliferate compares the devices detailed in the file to the devices Entuity currently manages. You can create your own device file, or use autoDiscovery. When autoDiscovery runs it creates a device file, autodisc.cfg, ready for proliferate.
- a single IP address and community string that proliferate compares to the devices Entuity currently manages.
- the options available through Device Inventory administration.
So, before a device is added to Entuity, proliferate verifies that it:
- has no existing interface IP addresses (if there are already any addresses for the device, then it is assumed to exist under a different name, unless the -I parameter is set).
- is responding to SNMP requests.
- passes a poll check.
- is of a recognized device type for management (based on the device sysOID being included to individual vendor or bin.vendor files).
When a device:
- passes all of the checks, proliferate adds it to Entuity, with devices of a type listed in entuity_home\etc\uncertified being added as Unclassified devices.
- fails any of the first three checks, then it is rejected.
- only fails the final check, then proliferate adds the device to Entuity as an Unclassified device. From the web UI you can run an Extensible Menu function to manage the device, which runs proliferate with -g. Alternatively, where you have a number of devices to add you may want to add them through a device file.
proliferate automatically runs prolifsys and prolifmodule.
Usage, Syntax and Options
Parameters
Switch Short/Long |
Description | |
---|---|---|
-a | --auth== |
SNMPv3 specific parameter. Sets the authentication protocol. Can be the following:
|
-A | --auth-pass== | SNMPv3 specific parameter. Sets the authentication password. Valid values must be between eight and thirty-two characters long. |
-c | --community= | sets the device community string. |
-d | --device= | sets the device name or IP address that Entuity uses when polling the device. |
-D | --name= | specify a name to identify the device. This overrides -N. |
-e | --engine-id= | SNMPv3-specific parameter. Specifies the SNMP engine identifier. |
-E | --exitMessage | displays a machine-readable exit message. |
-f | --file== | instructs proliferate to get the device information from the specified device file. |
-g | --unrecognized-into-generic |
When proliferate cannot identify a device type and this option is:
|
-h | --help |
run from the command line. Displays command help. |
-i | --ignore-interfaces |
takes the device under management but not its interfaces, i.e. ignores all interfaces. |
-I | --allow-duplicate-ip |
if this option (capitalized i) is not specified, then proliferate runs in ‘unique IP address enforcement’ mode, disregarding any devices with one or more IP addresses that already exist in the main database. If this option is specified, then proliferate ignores ‘unique IP address enforcement’ mode. This means, for example, that Cisco routers can be added even though they share IP addresses through HSRP (Hot Standby Routing Protocol). |
-l | --level |
this option (lowercase L) specifies the device management level, e.g. pingOnly, basic, full, fullMgmtOnly and fullNoPorts. Entuity also includes web, for use by proliferate when adding VM platforms to Entuity. |
-k | --keep-slow-devices |
by default, proliferate does not add devices to Entuity that take longer to poll than the 300 seconds maximum allowed (configurable through proliferate.maxpolltime in entuity.cfg and through -K). With this option you can run proliferate so that it accepts slow devices. |
-m | --managed-interface-only |
running proliferate -m on a device results in Entuity only managing the management port. When a management port is not found, then no ports are monitored. If new ports appear on the device, Entuity does not manage them. |
-N | --name-using= |
the display name used in Entuity, which when set to:
|
-O | --owner |
the owner of the proliferate action. |
-p | --protocol= |
sets the communication protocol that Entuity uses to manage a device, either IPv4 (default) or IPv6. These are the valid formats:
|
-P | --pdu-size= |
sets the maximum PDU size. |
-r | --retry= |
sets the number of SNMP poll retries. |
-R | --reevaluate-device-type |
this option enables a refresh of device vendor file information. For example, a device using the Not Classified Generically Managed device type, should be updated to use the appropriate vendor file as soon as you receive the vendor definition from Entuity Support. As part of the refresh the device would be assigned an appropriate device type, e.g. router, switch. |
-s | --suspend-polling |
stops SNMP polling of the specified device(s). |
-t | --timeout= |
sets the SNMP request timeout, in seconds. It is configurable through eostimeoutsnmp, by default 300 seconds. |
-T | --override-type |
associates the numeric internal Entuity identifier device type to the specified device. |
-u | --user= |
SNMPv3-specific parameter. Sets the security name. |
-U | --update-view-membership |
updates the managed object map that is used as the basis for objects viewed through the web interface. |
-v | --version= |
sets the SNMP version used to manage the device, where:
|
-V | --verbose |
puts proliferate into 'verbose' mode, so that it produces detailed diagnostic information. |
-w | --web-polling-details |
Specifies connection details for web service polling, e.g. for use with VM Platform device types. Enter the parameters in this order: '[type],[url],[user],[password]' where type can be 2(esx)|3(oracle). You can use Escape commas where present in any of the four parts. |
-x | --priv= |
SNMPv3 specific parameter. Sets the privacy protocol, valid values are 3-DES, AES, AES192, AES256. Note, from Entuity v22.0 GA upwards, Triple DES (3-DES) is no longer supported as an encryption method. |
-X | --priv-pass= |
SNMPv3 specific parameter. Sets the privacy password, valid values must be between eight and thirty-two characters long. |
-y | --createVendorForExisting |
create a vendor file for the specified device, a device which is already in the database. |
-Z | --zone |
devices can be added to a particular zone. |
Usage 1: Running with a Device File
proliferate compares the devices held in the current version of the device file against those that are already being managed, and adds any new devices to the Entuity database for monitoring.
proliferate [-v] [-I] [-t] [-fDeviceFile]
For example, if you enter the command:
proliferate -I dev.txt
proliferate will then:
- compare the devices in the device file, dev.txt, to the devices that Entuity manages.
- run in ‘unique IP address enforcement’ mode, disregarding any devices with IP addresses that already exist in the main database.
Usage 2: Running with a Single Device
proliferate compares the specified IP address and community string against those Entuity already manages. proliferate adds new devices to the Entuity database for monitoring.
proliferate [-g] -dIpAddress[-cCommunityString]
Example 1 - Adding a device that does not have a vendor file:
When you attempt to add to Entuity a new device that is also of a new device type for which Entuity does not have a vendor file, then after entering the command:
proliferate -g -d 187.15.70.155 -c public
proliferate:
- compares the device 187.15.70.155 with the devices that Entuity manages.
- attempts to create a new bin.vendor file definition, and adds the device to Entuity, as a Not Classified Generically Managed device.
Example 2 - Adding a device and only its management port:
You can add a device to Entuity and limit Entuity’s management of it to its management port by entering:
proliferate -m -d 10.25.90.155 -c public
proliferate:
- compares the device 10.25.90.155 with the devices that Entuity manages.
- adds only the device’s management port to Entuity.
Usage 3: Adding VM Platforms
Entuity manages VM platforms through their API, which necessitates a different set of connection attributes to other device types. Entuity recommends VM platforms are added through the web UI, but when you want to add VM platforms from the command line, the format is:
proliferate -dIpAddress-lmanLevel-wtype, url, user, password-TdeviceType
where:
- -d IpAddress, identifies the device name or IP address.
- -l manLevel, must be set to the management level web.
- -w sets the web connection details, which must be comma delimited and entered in this
order:
- type, enter 2 for a VMware ESXi or 3 for an Oracle VM platform.
- url, the url to the VM platform’s SDK.
- user, user account Entuity uses to access the SDK.
- password, user account password.
- -T, sets the device to the internal Entuity identifier for a VM platform, i.e. 1144.
For example, to add the VM platform blade to Entuity, you can enter:
proliferate -d blade -l web -w 2,https://blade/sdk,{user},{password} -T 1144
Files
entuity.cfg, mib.txt, bin.vendor, Device File (Seed File) and autodisc.cfg.
See also
autoDiscovery, showdevs, prolifsys and prolifmodule.
prolifsys
Location | entuity_home\bin |
Type | process |
Invoked By | proliferate |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\prolifsys.log.[1..4] |
Description
A process internal to Entuity, used when adding devices.
prologV2
Location | entuity_home\bin |
Type | process |
Invoked By | starteye |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through |
startup_O/S.cfg |
Log File | entuity_home\log\prologV2.log.[1..4] |
Description
This process receives SNMPv1 and SNMPv2c traps from managed network devices and forwards them to the Event Management System as events.
prologV2 also caches credentials for SNMPv3 devices, both managed and unmanaged. SNMPv3 traps are decoded through a configuration file, which the system administrator must manually maintain. Only successfully decrypted and authenticated traps are forwarded, all other traps are dropped.
prologV2 listens for IPv4 and IPv6 traps and informs. For IPv6 traps, when the source address:
- matches the management IP address of the device, Entuity can raise an event against the managed device.
- does not match the device management address, Entuity cannot identify the device as a managed device. ENA raises the event as though it is against an unmanaged device, using the IPv6 address as the source of the event.
By default, prologV2 listens on UDP port 162, although this can be changed using the trapportnum variable set in entuity.cfg.
prologV2 trap handling settings can also be configured through the Traps section of entuity.cfg. For example, enterpriseFormat allows you to configure Entuity to include more information to enterprise traps, replaceEventDetailsAction to replace problematic characters from the event details. The remaining parameters allow you to amend the setup of prologV2 to handle the rate of incoming traps.
prologV2 supports HP OpenView style expansions in trap description strings, i.e. $A $E $e $G $S $O $o $T $# $$ $*. Wildcard specific trap numbers and sub-oid matching are also supported.
protean
Location | entuity_home\bin |
Type | process |
Invoked By | provost, runs once a day at 02:00 |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | provost.conf |
Log File | entuity_home\log\protean.log.[1..4] |
Description
protean updates the IP and VLAN network information used by other processes. protean uses SNMP to gather new addressing information from each device managed by Entuity, and forwards this information to the main database for storage.
provost
Location | entuity_home\bin |
Type | process |
Invoked By | starteye |
User Invocation | n/a |
Invoked Processes | all those specified in provost.conf |
Configured Through | startup_O/S.cfg |
Log File | entuity_home\log\protean.log.[1..4] |
Description
This process is responsible for the scheduling of non-Event Stream Manager processes within the Entuity environment. provost is only stopped when Entuity closes down.
replace
Location | entuity_home\database\bin |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Documentation | entuity_home\database\docs\manual.htm |
Log File | n/a |
Description
replace utility changes strings in place in files or on the standard input.
restore
Location | entuity_home\bin |
Type | process |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Syntax
restore [-f]
The command can only be run if the database server mysqld is running without the rest of Entuity.
The -f parameter will suppress the prompt for confirmation immediately prior to the removal of the existing databases.
Description
restore destroys existing Entuity databases, and any existing mysql.user table, builds new ones, and recreates the tables and data from the backup files, which will have been created via the backup command. After running restore, and before restarting the Entuity server, you should run swmaint to audit and maintain the database.
You cannot restore the databases individually.
You are informed whether or not the restore has been successful.
Files
Messages relating to start, failure and completion are written to the file restore.log in the entuity_home\log directory (where entuity_home is the Entuity installation directory) This wraps to restore.log.[1-4] when the log becomes full. The database output is also written to restore.log.
See also
rollLog
Location | entuity_home\lib\tools |
Type | process |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
rolllog copies or moves a file and adds a timestamp to the filename.
Syntax
RollLog.exe Y|M|D|H|N|S M|C FileName [DestDir]
where:
- Y, specifies only the year (YY).
- M, specifies year and month (YYMM).
- D, specifies year, month and day (YYMMDD).
- H, specifies year, month, day and hours (YYMMDDHH).
- N, specifies year, month, day, hours and minutes (YYMMDDHHMM).
- S, specifies year, month, day, hours, minutes and seconds (YYMMDDHHMMSS).
- M|C, specifies whether to move or copy the file.
- FileName, full name of the file to copy or move. When the file name includes spaces use
double quotes. - DestDir, is an optional destination directory. When not specified the copy is done to the
same directory as the source file.
runbg
Location | entuity_home\bin |
Type | process |
Invoked By | user |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
runbg allows you to run Entuity binaries in the background from the command line.
setupProle
Location | entuity_home\bin |
Type | process |
Invoked By | startup |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Description
setupProle is an internal Entuity process involved in setting up proles.
showdevs
Location | entuity_hom\lib\tools |
Type | process |
Invoked By | user |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
Syntax
showdevs > outputfile.txt
Description
The showdevs utility displays the devices currently being monitored in the Entuity management environment, together with their SNMP read community strings. An example of the output produced is shown below:
# VM Platform blade
-d 10.44.1.249 -D 10.44.1.249 -l full -c public
-d apcr1 -D apcr1 -l full -c public
-d entlonsw03 -D entlonsw03 -l full -c public
-d 10.66.24.1 -N IpAddress -l full -c public
-d 10.66.13.25 -N PolledName -l full -c public
-d 10.66.13.22 -N PolledName -l full -c public
One row of information appears for each device being managed. The first column displays the device name, as defined by the System Administrator. The second column displays the device community string, used for SNMP polling of the device.
Files
entuity.cfg
See also
newcommunity and probity
slalogger
Location | entuity_home\bin |
Type | process |
Invoked By | provost, runs every 60 minutes |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through |
|
Log File | entuity_home\log\slalogger.log.[1..4] |
Description
slalogger handles the roll-up of availability data collected by applicationMonitor. The roll-up parameters are set through entuity.cfg. Roll-up information is available through reports and the availability graphs.
snmpbulkget
Location | entuity_home\lib\tools |
Type | third party utilty |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpbulkget [APPLICATION OPTIONS] [COMMON OPTIONS] OID [OID]...
Description
snmpbulkget is an SNMP application that uses the SNMP GETBULK request to query a network entity efficiently for information. One or more object identifiers (OIDs) may be given as arguments on the command line. Each variable name is given in the format specified in variables(5).
If the network entity has an error processing the request packet, an error packet will be returned and a message will be shown, helping to pinpoint why the request was malformed.
Options
- -Cn<NUM>
Set the non-repeaters field in the GETBULK PDU. This specifies the number of supplied variables that should not be iterated over. The default is 0. - -Cr<NUM>
Set the max-repetitions field in the GETBULK PDU. This specifies the maximum number of iterations over the repeating variables. The default is 10.
In addition to these options, snmpbulkget takes the common options described in the snmpcmd(1) manual page.
Example
The command:
snmpbulkget -v2c -Cn1 -Cr5 -Os -c public zeus system ifTable
retrieves the variable system.sysDescr.0 (which is the lexicographically next object to system) and the first 5 objects in the ifTable:
sysDescr.0 = STRING: "SunOS zeus.net.cmu.edu 4.1.3_U1 1 sun4m"
ifIndex.1 = INTEGER: 1
ifIndex.2 = INTEGER: 2
ifDescr.1 = STRING: "lo0"
et cetera.
snmpcmd
Location | n/a |
Type | this Man page is only available when your system administrator has separately installed man pages to the Entuity server. |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | n/a |
This documentation is provided according to its license terms, which can be viewed under entuity_home\licenseTerms\Net-SNMP.
Syntax
snmpcmd [OPTIONS] AGENT [PARAMETERS]
Description
This section describes the common options for the SNMP commands: snmpbulkget, snmpbulkwalk, snmpdelta, snmpget, snmpgetnext, snmpset, snmpstatus, snmptable, snmptest, snmptrap, snmpdf, snmpusm, snmpwalk. The command line applications use the SNMP protocol to communicate with an SNMP capable network entity, an agent. Individual applications typically (but not necessarily) take additional parameters that are given after the agent specification. These parameters are documented in the manual pages for each application.
Options
- -3[MmKk] 0xHEXKEY
Sets the keys to be used for SNMPv3 transactions. These options allow you to set the master authentication and encryption keys (-3m and -3M respectively) or set the localized authentication and encryption keys (-3k and -3K respectively). SNMPv3 keys can be either passed in by hand using these flags, or by the use of keys generated from passwords using the -A and -X flags discussed below. For further details on SNMPv3 and its usage of keying information, see the Net-SNMP tutorial web site (http://www.NetSNMP.org/tutorial-5/commands/). Overrides the defAuthMasterKey (-3m), defPrivMasterKey (-3M), defAuthLocalizedKey (-3k) or defPrivLocalizedKey (-3K) tokens, respectively, in the snmp.conf file, see snmp.conf(5). - -a authProtocol
Set the authentication protocol used for authenticated SNMPv3 messages.
Overrides the defAuthType token in the snmp.conf file. Can be the following:- MD5
- SHA224
- SHA256
- SHA384
- SHA512
- -A authPassword
Set the authentication pass phrase used for authenticated SNMPv3 messages. Overrides the defAuthPassphrase token in the snmp.conf file. It is insecure to specify pass phrases on the command line, see snmp.conf(5). - -c community
Set the community string for SNMPv1/v2c transactions. Overrides the defCommunity token in the snmp.conf file. - -d
Dump (in hexadecimal) the raw SNMP packets sent and received. - -D TOKEN[,...]
Turn on debugging output for the given TOKEN(s). Try ALL for extremely verbose output. - -e engineID
Set the authoritative (security) engineID used for SNMPv3 REQUEST messages. It is typically not necessary to specify this, as it will usually be discovered automatically. - -E engineID
Set the context engineID used for SNMPv3 REQUEST messages scopedPdu. If not specified, this will default to the authoritative engineID. - -h, --help
Display a brief usage message and then exit. - -H
Display a list of configuration file directives understood by the command and then exit. - -I [brRhu]
Specifies input parsing options. See INPUT OPTIONS below. - -l secLevel
Set the security level used for SNMPv3 messages (noAuthNoPriv|authNoPriv|authPriv). Appropriate pass phrase(s) must provided when using any level higher than noAuthNoPriv. Overrides the defSecurityLevel token in the snmp.conf file. - -L [eEfFoOsS]
Specifies output logging options. - -m MIBLIST
Specifies a colon separated list of MIB modules (not files) to load for this application. This overrides (or augments) the environment variable MIBS, the snmp.conf directive mibs, and the list of MIBs hardcoded into the Net-SNMP library.
If MIBLIST has a leading '-' or '+' character, then the MIB modules listed are loaded in addition to the default list, coming before or after this list respectively. Otherwise, the specified MIBs are loaded instead of this default list.
The special keyword ALL is used to load all MIB modules in the MIB directory search list. Every file whose name does not begin with "." will be parsed as if it were a MIB file. - -M DIRLIST
Specifies a colon separated list of directories to search for MIBs. This overrides (or augments) the environment variable MIBDIRS, the snmp.conf directive mibdirs, and the default directory hardcoded into the Net-SNMP library (/usr/local/share/snmp/mibs).
If DIRLIST has a leading '-' or '+' character, then the given directories are added to the default list, being searched before or after the directories on this list respectively. Otherwise, the specified directories are searched instead of this default list.
Note that the directories appearing later in the list take precedence over earlier ones. To avoid searching any MIB directories, set the MIBDIRS environment variable to the empty string ("").
Note that MIBs specified using the -m option or the mibs configuration directive will be loaded from one of the directories listed by the -M option (or equivalents). The mibfile directive takes a full path to the specified MIB file, so this does not need to be in the MIB directory search list. - -n contextName
Set the contextName used for SNMPv3 messages. The default contextName is the empty string "". Overrides the defContext token in the snmp.conf file. - -O [abeEfnqQsStTuUvxX]
Specifies output printing options. - -P [cdeRuwW]
Specifies MIB parsing options. - -r retries
Specifies the number of retries to be used in the requests. The default is 5. - -t timeout
Specifies the timeout in seconds between retries. The default is 1. - -u secName
Set the securityName used for authenticated SNMPv3 messages. Overrides the
defSecurityName token in the snmp.conf file. - -v 1 | 2c | 3
Specifies the protocol version to use: 1 (RFCs 1155-1157), 2c (RFCs 1901-1908), or 3 (RFCs 2571-2574). The default is typically version 3. Overrides the defVersion token in the
snmp.conf file. - -V, --version
Display version information for the application and then exit. - -x privProtocol
Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages. Overrides the defPrivType token in the snmp.conf file. This option is only valid if the Net-SNMP software was build to use OpenSSL. - -X privPassword
Set the privacy pass phrase used for encrypted SNMPv3 messages. Overrides the defPrivPassphrase token in the snmp.conf file. It is insecure to specify pass phrases on the command line, see snmp.conf(5). - -Yname=value
--name=value
Allows to specify any token ("name") supported in the snmp.conf file and sets its value to "value". Overrides the corresponding token in the snmp.conf file. See snmp.conf(5) for the full list of tokens. - -Z boots,time
Set the engineBoots and engineTime used for authenticated SNMPv3 messages. This will initialize the local notion of the agents boots/time with an authenticated value stored in the LCD. It is typically not necessary to specify this option, as these values will usually be discovered automatically.
Agent Specification
The string AGENT in the SYNOPSIS above specifies the remote SNMP entity with which to communicate. This specification takes the form:
[<transport-specifier>:]<transport-address>
At its simplest, the AGENT specification may consist of a hostname, or an IPv4 address in the standard "dotted quad" notation. In this case, communication will be attempted using UDP/IPv4 to port 161 of the given host. Otherwise, the <transport-address> part of the specification is parsed according to the following table:
<transport-specifier>
<transport-address> format
udp hostname[:port] or IPv4-address[:port]
tcp hostname[:port] or IPv4-address[:port]
unix pathname
ipx [network]:node[/port]
aal5pvc or pvc
[interface.][VPI.]VCI
udp6 or udpv6 or udpipv6
hostname[:port] or IPv6-address:port or '['IPv6-address']'[:port]
tcp6 or tcpv6 or tcpipv6
hostname[:port] or IPv6-address:port or
'['IPv6-address']'[:port]
- hostname:161
perform query using UDP/IPv4 datagrams to hostname on port 161. The ":161" is redundant here since that is the default SNMP port in any case. - udp:hostname
identical to the previous specification. The "udp:" is redundant here since UDP/IPv4 is the default transport. - TCP:hostname:1161
connect to hostname on port 1161 using TCP/IPv4 and perform query over that connection. - ipx::00D0B7AAE308
perform query using IPX datagrams to node number 00D0B7AAE308 on the default network, and using the default IPX port of 36879 (900F hexadecimal), as suggested in RFC 1906. - ipx:0AE43409:00D0B721C6C0/1161
perform query using IPX datagrams to port 1161 on node number 00D0B721C6C0 on network number 0AE43409. - unix:/tmp/local-agent
connect to the Unix domain socket /tmp/local-agent, and perform the query over that connection. - /tmp/local-agent
identical to the previous specification, since the Unix domain is the default transport if the first character of the <transport-address> is a '/'. - AAL5PVC:100
perform the query using AAL5 PDUs sent on the permanent virtual circuit with VPI=0 and VCI=100 (decimal) on the first ATM adapter in the machine. - PVC:1.10.32
perform the query using AAL5 PDUs sent on the permanent virtual circuit with VPI=10 (decimal) and VCI=32 (decimal) on the second ATM adapter in the machine. Note that "PVC" is a synonym for "AAL5PVC". - udp6:hostname:10161
perform the query using UDP/IPv6 datagrams to port 10161 on hostname (which will be looked up as an AAAA record). - UDP6:[fe80::2d0:b7ff:fe21:c6c0]
perform the query using UDP/IPv6 datagrams to port 161 at address fe80::2d0:b7ff:fe21:c6c0. - tcpipv6:[::1]:1611
connect to port 1611 on the local host (::1 in IPv6 parlance) using TCP/IPv6 and perform query over that connection.
MIB parsing options
The Net-SNMP MIB parser mostly adheres to the Structure of Management Information (SMI). As that specification has changed through time, and in recognition of the diversity in compliance expressed in MIB files, additional options provide more flexibility in reading MIB files.
- -Pc
Allow ASN.1 comments to extend to the end of the MIB source line. Strictly speaking, a second appearance of "--" should terminate the comment, but this breaks some MIB files. This behaviour can also be set with the configuration token strictCommentTerm. - -Pd
Disables saving the DESCRIPTION of MIB objects when parsing MIB files, reducing the amount of memory used by the running application. - -Pe
Show errors encountered when parsing MIB files. These include references to IMPORTed modules and MIB objects that cannot be located in the MIB directory search list. This can also be set with the configuration token showMibErrors. - -PR
If the same MIB object (parent name and sub-identifier) appears multiple times in the list of MIB definitions loaded, use the last version to be read in. By default, the first version will be used, and any duplicates discarded. This behaviour can also be set with the configuration token mibReplaceWithLatest.
Such ordering is normally only relevant if there are two MIB files with conflicting object definitions for the same OID (or different revisions of the same basic MIB object). - -Pu
Allow the underline character in MIB object names and other symbols. Strictly speaking,
this is not valid SMI syntax, but some vendor MIB files define such names. This can also
be set with the configuration token mibAllowUnderline. - -Pw
Show various warning messages in parsing MIB files and building the overall OID tree. This can also be set with the configuration directive mibWarningLevel 1. - -PW
Show some additional warning messages, mostly relating to parsing individual MIB objects. This can also be set with the configuration directive mibWarningLevel 2.
Output options
The format of the output from SNMP commands can be controlled using various parameters of the -O flag. The effects of these sub-options can be seen by comparison with the following default output (unless otherwise specified):
$ snmpget -c public -v 1 localhost sysUpTime.0
SNMPv2-MIB::sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -Oa
Display string values as ASCII strings (unless there is a DISPLAY-HINT defined for the corresponding MIB object). By default, the library attempts to determine whether the value is a printable or binary string, and displays it accordingly.
This option does not affect objects that do have a Display Hint. - -Ob
Display table indexes numerically, rather than trying to interpret the instance subidentifiers as string or OID values:
$ snmpgetnext -c public -v 1 localhost vacmSecurityModel
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0."wes" = xxx
$ snmpgetnext -c public -v 1 -Ob localhost vacmSecurityModel
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0.3.119.101.115 = xxx - -Oe
Removes the symbolic labels from enumeration values:
$ snmpget -c public -v 1 localhost ipForwarding.0
IP-MIB::ipForwarding.0 = INTEGER: forwarding(1)
$ snmpget -c public -v 1 -Oe localhost ipForwarding.0
IP-MIB::ipForwarding.0 = INTEGER: 1 - -OE
Modifies index strings to escape the quote characters:
$ snmpgetnext -c public -v 1 localhost vacmSecurityModel
This allows the output to be reused in shell commands.
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0."wes" = xxx
$ snmpgetnext -c public -v 1 -OE localhost vacmSecurityModel
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0.\"wes\" = xxx - -Of
Include the full list of MIB objects when displaying an OID:
.iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -On
Displays the OID numerically:
.1.3.6.1.2.1.1.3.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -Oq
Removes the equal sign and type information when displaying varbind values:
SNMPv2-MIB::sysUpTime.0 1:15:09:27.63
- -OQ
Removes the type information when displaying varbind values:
SNMPv2-MIB::sysUpTime.0 = 1:15:09:27.63
- -Os
Display the MIB object name (plus any instance or other subidentifiers):
sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -OS
Display the name of the MIB, as well as the object name:
SNMPv2-MIB::sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
This is the default OID output format. - -Ot
Display TimeTicks values as raw numbers:
SNMPv2-MIB::sysUpTime.0 = 14096763
- -OT
If values are printed as Hex strings, display a printable version as well. - -Ou
Display the OID in the traditional UCD-style (inherited from the original CMU code). That means removing a series of "standard" prefixes from the OID, and displaying the remaining list of MIB object names (plus any other subidentifiers):system.sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -OU
Do not print the UNITS suffix at the end of the value. - -Ov
Display the varbind value only, not the OID:
$ snmpget -c public -v 1 -Oe localhost ipForwarding.0
INTEGER: forwarding(1) - -Ox
Display string values as Hex strings (unless there is a DISPLAY-HINT defined for the corresponding MIB object). By default, the library attempts to determine whether the value is a printable or binary string, and displays it accordingly.
This option does not affect objects that do have a Display Hint. - -OX
Display table indexes in a more "program like" output, imitating a traditional array-style index format:
$ snmpgetnext -c public -v 1 localhost ipv6RouteTable
IPv6-MIB::ipv6RouteIfIndex.63.254.1.0.255.0.0.0.0.0.0.0.0.0.0.0.64.1 = INTEGER: 2
$ snmpgetnext -c public -v 1 -OE localhost ipv6RouteTable
IPv6-MIB::ipv6RouteIfIndex[3ffe:100:ff00:0:0:0:0:0][64][1] = INTEGER: 2
Most of these options can also be configured via configuration tokens. See the snmp.conf(5)
manual page for details.
Logging options
The mechanism and destination to use for logging of warning and error messages can be controlled by passing various parameters to the -L flag.
- -Le
Log messages to the standard error stream. - -Lf FILE
Log messages to the specified file. - -Lo
Log messages to the standard output stream. - -Ls FACILITY
Log messages via syslog, using the specified facility ('d' for LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7).
There are also "upper case" versions of each of these options, which allow the corresponding logging mechanism to be restricted to certain priorities of message. Using standard error logging as an example:
-LE pri
will log messages of priority 'pri' and above to standard error. - -LE p1-p2
will log messages with priority between 'p1' and 'p2' (inclusive) to standard error. For -LF and -LS the priority specification comes before the file or facility token. The priorities recognised are:
- 0 or ! for LOG_EMERG,
- 1 or a for LOG_ALERT,
- 2 or c for LOG_CRIT,
- 3 or e for LOG_ERR,
- 4 or w for LOG_WARNING,
- 5 or n for LOG_NOTICE,
- 6 or i for LOG_INFO, and
- 7 or d for LOG_DEBUG.
Normal output is (or will be!) logged at a priority level of LOG_NOTICE
Input options
The interpretation of input object names and the values to be assigned can be controlled
using various parameters of the -I flag. The default behaviour will be described at the end of
this section.
- -Ib
Specifies that the given name should be regarded as a regular expression, to match (case-insensitively) against object names in the MIB tree. The "best" match will be used - calculated as the one that matches the closest to the beginning of the node name and the highest in the tree. For example, the MIB object vacmSecurityModel could be matched by the expression vacmsecuritymodel (full name, but different case), or vacm.*model (regexp pattern).
'.' is a special character in regular expression patterns, so the expression cannot specify instance subidentifiers or more than one object name. A "best match" expression will only be applied against single MIB object names. For example, the expression sys*ontact.0 would not match the instance sysContact.0 (although sys*ontact would match sysContact). Similarly, specifying a MIB module name will not succeed (so SNMPv2-MIB::sys.*ontact would not match either). - -Ih
Disables the use of DISPLAY-HINT information when assigning values. This would then require providing the raw value:
snmpset ... HOST-RESOURCES-MIB::hrSystemData.0
instead of a formatted version:
x "07 D2 0C 0A 02 04 06 08"
snmpset ... HOST-RESOURCES-MIB::hrSystemDate.0
= 2002-12-10,2:4:6.8 - -Ir
Disables checking table indexes and the value to be assigned against the relevant MIB definitions. This will (hopefully) result in the remote agent reporting an invalid request, rather than checking (and rejecting) this before it is sent to the remote agent. Local checks are more efficient (and the diagnostics provided also tend to be more precise), but disabling this behaviour is particularly useful when testing the remote agent. - -IR
Enables "random access" lookup of MIB names. Rather than providing a full OID path to the desired MIB object (or qualifying this object with an explicit MIB module name), the MIB tree will be searched for the matching object name. Thus .iso.org.dod.internet.mib2.system.sysDescr.0 (or SNMPv2-MIB::sysDescr.0) can be specified simply as sysDescr.0.
Since MIB object names are not globally unique, this approach may return a different MIB object depending on which MIB files have been loaded. The MIB-MODULE::objectName syntax has the advantage of uniquely identifying a particular MIB object, as well as being slightly more efficient (and automatically loading the necessary MIB file if necessary). - -Is SUFFIX
Adds the specified suffix to each textual OID given on the command line. This can be used to retrieve multiple objects from the same row of a table, by specifying a common index value. - -IS PREFIX
Adds the specified prefix to each textual OID given on the command line. This can be used to specify an explicit MIB module name for all objects being retrieved (or for
incurably lazy typists). - -Iu
Enables the traditional UCD-style approach to interpreting input OIDs. This assumes that OIDs are rooted at the 'mib-2' point in the tree (unless they start with an explicit '.' or include a MIB module name). So the sysDescr instance above would be referenced as system.sysDescr.0.
Object names specified with a leading '.' are always interpreted as "fully qualified" OIDs, listing the sequence of MIB objects from the root of the MIB tree. Such objects and those qualified by an explicit MIB module name are unaffected by the -Ib, -IR and -Iu flags.
Otherwise, if none of the above input options are specified, the default behaviour for a "relative" OID is to try and interpret it as an (implicitly) fully qualified OID, then apply "random access" lookup (-IR), followed by "best match" pattern matching (-Ib).
Environment variables
PREFIX
The standard prefix for object identifiers (when using UCD-style output). Defaults to .iso.org.dod.internet.mgmt.mib-2
MIBS
The list of MIBs to load. Defaults to SNMPv2-TC:SNMPv2-MIB:IF-MIB:IP-MIB:TCP-MIB:UDPMIB:SNMP-VACM-MIB. Overridden by the -m option.
MIBDIRS
The list of directories to search for MIBs. Defaults to /usr/local/share/snmp/mibs. Overridden by the -M option.
See also
snmpget, snmpgetnext, snmpset, snmpbulkget, snmpbulkwalk, snmpwalk, snmptable, snmpdelta, snmptrap, snmpinform, snmpusm, snmpstatus, snmptest(1), snmp.conf.
snmpdelta
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
This utility and documentation is provided according to its license terms, which can be
viewed under entuity_home\licenseTerms\Net-SNMP.
Syntax
snmpdelta [ common options ] [-Cf] [ -Ct ] [ -Cs ] [ -CS ] [ -Cm ] [ -CF configfile ] [ -Cl ] [ -Cp period ] [ -CP Peaks ] [ -Ck ] [ -CT ] AGENT OID [ OID ... ]
Description
snmpdelta will monitor the specified integer valued OIDs, and report changes over time.
AGENT identifies a target SNMP agent, which is instrumented to monitor the given objects.
At its simplest, the AGENT specification will consist of a hostname or an IPv4 address. In this
situation, the command will attempt communication with the agent, using UDP/IPv4 to port
161 of the given target host. see snmpcmd(1) for a full list of the possible formats for AGENT.
OID is an object identifier which uniquely identifies the object type within a MIB. Multiple OIDs
can be specified on a single snmpdelta command.
Options
COMMON OPTIONS
Please see snmpcmd for a list of possible values for COMMON OPTIONS as well as their descriptions.
- -Cf
Don't fix errors and retry the request. Without this option, if multiple oids have been specified for a single request and if the request for one or more of the oids fails, snmpdelta will retry the request so that data for oids apart from the ones that failed will still be returned. Specifying -Cf tells snmpdelta not to retry a request, even if there are multiple oids specified. - -Ct
Flag will determine time interval from the monitored entity. - -Cs
Flag will display a timestamp. - -CS
Generates a "sum count" in addition to the individual instance counts. The "sum count" is the total of all the individual deltas for each time period. - -Cm
Prints the maximum value ever attained. - -CF configfile
Tells snmpdelta to read it's configuration from the specified file. This options allows the input to be set up in advance rather than having to be specified on the command line. - -Cl
Tells snmpdelta to write it's configuration to files whose names correspond to the MIB instances monitored. For example, snmpdelta -Cl localhost ifInOctets.1 will create a file "localhost-ifInOctets.1". - -Cp
Specifies the number of seconds between polling periods. Polling constitutes sending a request to the agent. The default polling period is one second. - -CP peaks
Specifies the reporting period in number of polling periods. If this option is specified, snmpdelta polls the agent peaks number of times before reporting the results. The result reported includes the average value over the reporting period. In addition, the highest polled value within the reporting period is shown. - -Ck
When the polling period (-Cp) is an increment of 60 seconds and the timestamp is displayed in the output (-Cs), then the default display shows the timestamp in the format hh:mm mm/dd. This option causes the timestamp format to be hh:mm:ss mm/dd. - -CT
Makes snmpdelta print its output in tabular form. - -Cv vars/pkt
Specifies the maximum number of oids allowed to be packaged in a single PDU. Multiple PDUs can be created in a single request. The default value of variables per packet is 60. This option is useful if a request response results in an error because the packet is too big.
Examples
$ snmpdelta -c public -v 1 -Cs localhost IF-MIB::ifInUcastPkts.3 IFMIB::ifOutUcastPkts.3
[20:15:43 6/14] ifInUcastPkts.3 /1 sec: 158
[20:15:43 6/14] ifOutUcastPkts.3 /1 sec: 158
[20:15:44 6/14] ifInUcastPkts.3 /1 sec: 184
[20:15:44 6/14] ifOutUcastPkts.3 /1 sec: 184
[20:15:45 6/14] ifInUcastPkts.3 /1 sec: 184
[20:15:45 6/14] ifOutUcastPkts.3 /1 sec: 184
[20:15:46 6/14] ifInUcastPkts.3 /1 sec: 158
[20:15:46 6/14] ifOutUcastPkts.3 /1 sec: 158
[20:15:47 6/14] ifInUcastPkts.3 /1 sec: 184
[20:15:47 6/14] ifOutUcastPkts.3 /1 sec: 184
[20:15:48 6/14] ifInUcastPkts.3 /1 sec: 184
[20:15:48 6/14] ifOutUcastPkts.3 /1 sec: 184
[20:15:49 6/14] ifInUcastPkts.3 /1 sec: 158
[20:15:49 6/14] ifOutUcastPkts.3 /1 sec: 158
^C
$ snmpdelta -c public -v 1 -Cs -CT localhost IF-MIB:ifInUcastPkts.3
IF-MIB:ifOutcastPkts.3
localhost ifInUcastPkts.3 ifOutUcastPkts.3
[20:15:59 6/14] 184.00 184.00
[20:16:00 6/14] 158.00 158.00
[20:16:01 6/14] 184.00 184.00
[20:16:02 6/14] 184.00 184.00
[20:16:03 6/14] 158.00 158.00
[20:16:04 6/14] 184.00 184.00
[20:16:05 6/14] 184.00 184.00
[20:16:06 6/14] 158.00 158.00
^C
The following example uses a number of options. Since the Cl option is specified, the output is sent to a file and not to the screen.
$ snmpdelta -c public -v 1 -Ct -Cs -CS -Cm -Cl -Cp 60 -CP 60
interlink.sw.net.cmu.edu .1.3.6.1.2.1.2.2.1.16.3
.1.3.6.1.2.1.2.2.1.16.4
fi
snmpdf
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpdf [COMMON OPTIONS] [-Cu] AGENT
Description
snmpdf is simply a networked version of the typical df command. It checks the disk space on
the remote machine by examining the HOST-RESOURCES-MIB's hrStorageTable or the
UCD-SNMP-MIB's dskTable. By default, the hrStorageTable is preferred as it typically
contains more information. However, the -Cu argument can be passed to snmpdf to force the
usage of the dskTable.
AGENT identifies a target SNMP agent, which is instrumented to monitor the given objects.
At its simplest, the AGENT specification will consist of a hostname or an IPv4 address. In this situation, the command will attempt communication with the agent, using UDP/IPv4 to port 161 of the given target host. See the snmpcmd(1) manual page for a full list of the possible formats for AGENT.
See the snmpd.conf(5) manual page on setting up the dskTable using the disk directive in the snmpd.conf file.
Options
Please see snmpcmd(1) for a list of possible values for COMMON OPTIONS as well as their descriptions.
- -Cu
Forces the command to use dskTable in mib UCD-SNMP-MIB instead of the default to determine the storage information. Generally, the default use of hrStorageTable in mib HOST-RESOURCES-MIB is preferred because it typically contains more information.
Examples
% snmpdf -v 2c -c public localhost
Description | size (kB) | Used | Available | Used% |
---|---|---|---|---|
/ | 7524587 | 2186910 | 5337677 | 29% |
/proc | 0 | 0 | 0 | 0% |
/etc/mnttab | 0 | 0 | 0 | 0% |
/var/run | 1223088 | 32 | 1223056 | 0% |
/tmp | 1289904 | 66848 | 1223056 | 5% |
/cache | 124330 | 2416 | 121914 | 1% |
/vol | 0 | 0 | 0 | 0% |
Real Memory | 524288 | 447456 | 76832 | 85% |
Swap Space | 1420296 | 195192 | 1225104 | 13% |
snmpdump
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpdump [OPTIONS] hostname
Description
snmpdump is an SNMP application that uses SNMP GETNEXT requests to query and return the full MIB, including the enterprise section (unlike the OID specific snmpwalk). snmpdump is more tolerant of faults and loops than snmpwalk. By default snmpdump:
- Has 6 retries with a 10 second timeout.
- Assumes SNMP version 2c, with public as the community string.
- Uses MIB Loop detection, which you can turn off using -C switch.
When snmpdump completes it displays an "End of MIB" message, number of variables and the time taken.
You can configure snmpdump to work with SNMP v3.
Options
These options are available with snmpdump:
- -h, --help
Display a brief usage message and then exit. - -C
Turn off loop checking. - -v 1 | 2c | 3
Specifies the protocol version to use: 1 (RFCs 1155-1157), 2c (RFCs 1901-1908), or 3
(RFCs 2571-2574). The default is version 2c. - -V, --version
Display version information for the application and then exit. - snmpdump [OPTIONS] hostname [starting OID]
parameter enabling you to continue an snmpdump that has failed. If you are gathering a walk and it gets into a loop or terminates, you could look at the OID and start with the next table. E.g.: if you become stuck on .1.3.6.1.2.1.17.4.4.1.5.24 = Counter32: 0, you can start with .1.3.6.1.2.1.18. Once they have finished, send both walks to Entuity.
This is a SNMP version 1 and 2c specific option:
- -c COMMUNITY
Set the community string for SNMPv1/v2c transactions, default public.
These are SNMP version 3 specific options:
- -a PROTOCOL
Set the authentication protocol used for authenticated SNMPv3 messages. Can be the following:- MD5
- SHA224
- SHA256
- SHA384
- SHA512
- -A PASSPHRASE
Set the authentication pass phrase used for authenticated SNMPv3 messages. - -e ENGINE-ID
Set the authoritative (security) engineID used for SNMPv3 REQUEST messages. It is
typically not necessary to specify this, as it will usually be discovered automatically. - -E ENGINE-ID
Set the context engineID used for SNMPv3 REQUEST messages scopedPdu. If not
specified, this will default to the authoritative engineID. - -l LEVEL
Set the security level used for SNMPv3 messages (noAuthNoPriv|authNoPriv|authPriv).
Appropriate pass phrase(s) must provided when using any level higher than
noAuthNoPriv. - -n CONTEXT
Set the contextName used for SNMPv3 messages. The default contextName is the empty string "". - -u USER-NAME
Set the securityName used for authenticated SNMPv3 messages. - -x PROTOCOL
Set the privacy protocol used for encrypted SNMPv3 messages. Can be the following:- AES128
- AES192
- AES256
- 3DES (Note, from Entuity v22.0 GA upwards, 3DES is no longer supported as an encryption method)
- -X PASSPHRASE
Set the privacy pass phrase used for encrypted SNMPv3 messages. - -Z BOOTS,TIME
Set the engineBoots and engineTime used for authenticated SNMPv3 messages. This will initialize the local notion of the agents boots/time with an authenticated value stored in the LCD. It is typically not necessary to specify this option, as these values will usually be discovered automatically.
These are general communication options:
- -r RETRIES
Specifies the number of retries to be used in the requests. The default is 5. - -t TIMEOUT
Specifies the timeout in seconds between retries. The default is 1.
Example
The command:
snmpdump 10.1.1.1
will retrieve the full MIB.
snmpget
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpget [COMMON OPTIONS] [-Cf] OID [OID]...
Description
snmpget is an SNMP application that uses the SNMP GET request to query for information on a network entity. One or more object identifiers (OIDs) may be given as arguments on the command line. Each variable name is given in the format specified in variables(5).
For example:
snmpget -c public zeus system.sysDescr.0
will retrieve the variable system.sysDescr.0:
system.sysDescr.0 = "SunOS zeus.net.cmu.edu 4.1.3_U1 1 sun4m"
If the network entity has an error processing the request packet, an error packet will be returned and a message will be shown, helping to pinpoint in what way the request was malformed. If there were other variables in the request, the request will be resent without the bad variable.
Options
- -Cf
If -Cf is not specified, some applications (snmpdelta, snmpget, snmpgetnext and snmpstatus) will try to fix errors returned by the agent that you were talking to and resend the request. The only time this is really useful is if you specified a OID that didn't exist in your request and you're using SNMPv1 which requires "all or nothing" kinds of requests. Here is an example (note that system.sysUpTime is an incomplete OID as it needs the .0 index appended to it):
snmpget -v1 -Cf -c public localhost system.sysUpTime
system.sysContact.0
Errorinpacket
Reason: (noSuchName) There is no such variable name in this MIB.
This name doesn't exist: system.sysUpTime
snmpget -v1 -c public localhost system.sysUpTime system.sysContact.0
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
This name doesn't exist: system.sysUpTime
system.sysContact.0 = STRING: root@localhost
With the -Cf specified the application will not try to fix the PDU for you.
In addition to this option, snmpget takes the common options described in the snmpcmd(1)
manual page.
snmpgetnext
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpgetnext [COMMON OPTIONS] [-Cf] OID [OID]...
Description
snmpget is an SNMP application that uses the SNMP GETNEXT request to query for information on a network entity. One or more object identifiers (OIDs) may be given as arguments on the command line. Each variable name is given in the format specified in variables(5). For each one, the variable that is lexicographically "next" in the remote entity's MIB will be returned.
For example:
snmpgetnext -c public zeus interfaces.ifTable.ifEntry.ifType.1
will retrieve the variable interfaces.ifTable.ifEntry.ifType.2:
interfaces.ifTable.ifEntry.ifType.2 = softwareLoopback(24)
If the network entity has an error processing the request packet, an error message will be shown, helping to pinpoint in what way the request was malformed.
Options
snmpgetnext takes the common options described in the snmpcmd(1) manual page and also the -Cf option described in the snmpget(1) manual page
snmpset
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpset [COMMON OPTIONS] OID TYPE VALUE [OID TYPE VALUE]...
Description
snmpset is an SNMP application that uses the SNMP SET request to set information on a network entity. One or more object identifiers (OIDs) must be given as arguments on the command line. A type and a value to be set must accompany each object identifier. Each variable name is given in the format specified in variables(5).
The TYPE is a single character, one of:
i INTEGER
u UNSIGNED
s STRING
x HEX STRING
d DECIMAL STRING
n NULLOBJ
o OBJID
t TIMETICKS
a IPADDRESS
b BITS
Most of these will use the obvious corresponding ASN.1 type. 's', 'x', 'd' and 'b' are all different ways of specifying an OCTET STRING value, and the 'u' unsigned type is also used for handling Gauge32 values.
If you have the proper MIB file loaded, you can, in most cases, replace the type with an '=' sign. For an object of type OCTET STRING this will assume a string like the 's' type notation. For other types it will do "The Right Thing".
For example:
snmpset -c private -v 1 test-hub system.sysContact.0 sdpz@noc.rutgers.edu ip.ipforwarding.0 = 2
will set the variables sysContact.0 and ipForwarding.0:
system.sysContact.0 = STRING: "pgp@entuity.com"
ip.ipForwarding.0 = INTEGER: not-forwarding(2)
If the network entity has an error processing the request packet, an error packet will be returned and a message will be shown, helping to pinpoint in what way the request was malformed.
Options
- Common options
See snmpcmd for a list of possible values for common options.
snmpstatus
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpstatus [COMMON OPTIONS] [-Cf] AGENT
Description
snmpstatus is an SNMP application that retrieves several important statistics from a network entity.
AGENT identifies a target SNMP agent, which is instrumented to monitor the given objects.
At its simplest, the AGENT specification will consist of a hostname or an IPv4 address. In this
situation, the command will attempt communication with the agent, using UDP/IPv4 to port
161 of the given target host.
See the snmpcmd for a full list of the possible formats for AGENT.
The information returned is:
- The IP address of the entity.
- A textual description of the entity (sysDescr.0).
- The uptime of the entity's SNMP agent (sysUpTime.0).
- The sum of received packets on all interfaces (ifInUCastPkts.* + ifInNUCastPkts.*).
- The sum of transmitted packets on all interfaces (ifOutUCastPkts.* + ifOutNUCastPkts.*).
- The number of IP input packets (ipInReceives.0).
- The number of IP output packets (ipOutRequests.0).
For example:
snmpstatus -c public -v 1 netdev-kbox.cc.cmu.edu
will produce output similar to the following:
[128.2.56.220]=>[Kinetics FastPath2] Up: 1 day, 4:43:31
Interfaces: 1, Recv/Trans packets: 262874/39867 | IP: 31603/15805
snmpstatus also checks the operational status of all interfaces (ifOperStatus.*), and if it finds any that are not running, it will report in a manner similar to this:
2 interfaces are down!
If the network entity has an error processing the request packet, an error packet will be returned and a message will be shown, helping to pinpoint in what way the request was malformed. snmpstatus will attempt to reform its request to eliminate the malformed variable (unless the -Cf option is given, see below), but this variable will then be missing from the displayed data.
Options
- Common options
Please see snmpcmd for a list of possible values for common options. - -Cf
By default, snmpstatus will try to fix errors returned by the agent and retry a request. In
this situation, the command will display the data that it can. If the -Cf option is specified,
then snmpstatus will not try to fix errors, and the error will cause the command to
terminate.
snmptable
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmptable [COMMON OPTIONS] [-Cb] [-CB] [-Ch] [-CH] [-Ci] [-Cf STRING] [-Cw WIDTH] AGENT TABLE-OID
Description
snmptable is an SNMP application that repeatedly uses the SNMP GETNEXT or GETBULK requests to query for information on a network entity. The parameter TABLE-OID must
specify an SNMP table.
snmptable is an SNMP application that repeatedly uses the SNMP GETNEXT or GETBULK requests to query for information on a network entity. The parameter TABLE-OID must specify an SNMP table.
AGENT identifies a target SNMP agent, which is instrumented to monitor the given objects. At its simplest, the AGENT specification will consist of a hostname or an IPv4 address. In this situation, the command will attempt communication with the agent, using UDP/IPv4 to port 161 of the given target host. see snmpcmd(1) for a full list of the possible formats for AGENT.
Options
- Common options
see snmpcmd for a list of possible values for common options. - -Cb
Display only a brief heading. Any common prefix of the table field names will be deleted. - -CB
Do not use GETBULK requests to retrieve data, only GETNEXT. - -Cc CHARS
Print table in columns of CHARS characters width. - -Cf STRING
The string STRING is used to separate table columns. With this option, each table entry will be printed in compact form, just with the string given to separate the columns (useful if you want to import it into a database). Otherwise it is printed in nicely aligned columns. - -Ch
Display only the column headings. - -CH
Do not display the column headings. - -Ci
This option prepends the index of the entry to all printed lines. - -Cl
Left justify the data in each column. - -Cr REPEATERS
For GETBULK requests, REPEATERS specifies the max-repeaters value to use. For GETNEXT requests, REPEATERS specifies the number of entries to retrieve at a time. - -Cw WIDTH
Specifies the width of the lines when the table is printed. If the lines will be longer, the table will be printed in sections of at most WIDTH characters. If WIDTH is less than the length of the contents of a single column, then that single column will still be printed.
Examples
$ snmptable -v 2c -c public localhost at.atTable
SNMP table: at.atTable RFC1213-MIB::atTable
atIfIndex atPhysAddress atNetAddress
1 8:0:20:20:0:ab 130.225.243.33
$ snmptable -v 2c -c public -Cf + localhost at.atTable
SNMP table: at.atTable
atIfIndex+atPhysAddress+atNetAddress 1+8:0:20:20:0:ab+130.225.243.33
$ snmptable localhost -Cl -CB -Ci -OX -Cb -Cc 16 -Cw 64 ifTable
SNMP table: ifTable
InDiscardsInErrorsInUnknownProtosOutOctets
Index | Descr | Type | Mtu |
---|---|---|---|
Speed | PhysAddress | AdminStatus | OperStatus |
LastChange | InOctets | InUcastPkts | InNUcastPkts |
OutUcastPkts | OutNUcastPkts | OutDiscards | OutErrors |
OutQLen | Specific | ||
index: [1] | |||
1 | lo | softwareLoopbac | 16436 |
10000000 | up | up | |
? | 2837283786 | 3052466 | ? |
0 | 0 | ? | 2837283786 |
3052466 | ? | 0 | 0 |
0 | zeroDotZero | ||
index: [2] | |||
2 | eth0 | ethernetCsmacd | 1500 |
10000000 | 0:5:5d:d1:f7:cf | up | up |
? | 2052604234 | 44252973 | ? |
0 | 0 | ? | 149778187 |
65897282 | ? | 0 | 0 |
0 | zeroDotZero |
snmptest
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmptest [COMMON OPTIONS] AGENT
Description
snmptest is a flexible SNMP application that can monitor and manage information on a network entity.
After invoking the program, a command line interpreter proceeds to accept commands. This interpreter enables the user to send different types of SNMP requests to target agents.
AGENT identifies a target SNMP agent, which is instrumented to monitor the given objects. At its simplest, the AGENT specification will consist of a hostname or an IPv4 address. In this situation, the command will attempt communication with the agent, using UDP/IPv4 to port 161 of the given target host. see snmpcmd(1) for a full list of the possible formats for AGENT.
Once snmptest is invoked, the command line interpreter will prompt with:
Variable:
At this point you can enter one or more variable names, one per line. A blank line ends the parameter input and will send the request (variables entered) in a single packet, to the remote entity. Each variable name is given in the format specified in variables(5). For example:
snmptest -c public -v 1 zeus
Variable: system.sysDescr.0
Variable:
will return some information about the request and reply packets, as well as the information:
requestid 0x5992478A errstat 0x0 errindex 0x0
system.sysDescr.0 = STRING: "Unix 4.3BSD"
The errstatus value shows the error status code for the call. The possible values for errstat are in the header file snmp.h. The errindex value identifies the variable that has the given error. Index values are assigned to all the variables entered at the "Variable": prompt. The first value is assigned an index of 1.
Upon startup, the program defaults to sending a GET request packet. The type of request can be changed by typing one of the following commands at the "Variable:" prompt:
- $G - send a GET request
- $N - send a GETNEXT request
- $S - send a SET request
- $B - send a GETBULK request
GETBULK is not available in SNMPv1 $I - send an Inform request - $T - send an SNMPv2 Trap request
Other values that can be entered at the "Variable:" prompt are: $D - toggle the dumping of each sent and received packet - $QP - toggle a quicker, less verbose output form
- $Q - Quit the program
Request Types:
- GET Request:
When in "GET request" mode ($G or default), the user can enter an OID at the "Variable:" prompt. The user can enter multiple OIDs, one per prompt. The user enters a blank line to send the GET request. - GETNEXT Request:
The "GETNEXT request" mode ($N) is similar to the "Get request" mode, described
above. - SET Request:
When in the "SET request" mode ($S), more information is requested by the prompt for each variable. The prompt:
Type [i|s|x|d|n|o|t|a]:
requests the type of the variable be entered. Depending on the type of value you want to
set, you can type one of the following:
i - integer
u - unsigned integer
s - octet string in ASCII
x - octet string in hex bytes, separated by whitespace
d - octet string as decimal bytes, separated by whitespace
a - ip address in dotted IP notation
o - object identifier
n - null
t - timeticks
At this point a value will be prompted for:
Value:
If this is an integer value, just type the integer (in decimal). If it is a decimal string, type in white-space separated decimal numbers, one per byte of the string. Again type a blank line at the prompt for the variable name to send the packet. - GETBULK Request:
The "GETBULK request" mode ($B) is similar to the "Set request" mode. GETBULK, however, is not available in SNMPv1. - Inform Request: however, is not available in SNMPv1. Also, the _agent_ specified on the snmptest command should correspond to the target snmptrapd agent.
- SNMPv2 Trap Request:
The "SNMPv2 Trap Request" mode ($T) is similar to the "Set request" mode. This type of request, however, is not available in SNMPv1. Also, the _agent_ specified on the snmptest command should correspond to the target snmptrapd agent.
Options
- Common options
see snmpcmd for a list of possible values for common options.
Examples
The following is an example of sending a GET request for two OIDs:
% snmptest -v 2c -c public testhost:9999
Variable: system.sysDescr.0
Variable: system.sysContact.0
Variable:
Received Get Response from 128.2.56.220
requestid 0x7D9FCD63 errstat 0x0 errindex 0x0
SNMPv2-MIB::sysDescr.0 = STRING: SunOS testhost 5.9 Generic_112233-02
sun4u
SNMPv2-MIB::sysContact.0 = STRING: x1111
The following is an example of sending a GETNEXT request:
Variable: SNMPv2-MIB::sysORUpTime
Variable:
Received Get Response from 128.2.56.220
requestid 0x7D9FCD64 errstat 0x0 errindex 0x0
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (6) 0:00:00.06
Variable:
The following is an example of sending a SET request:
Variable: $S
Request type is Set Request
Variable: system.sysLocation.0
Type [i|u|s|x|d|n|o|t|a]: s
Value: building 17
Variable:
Received Get Response from 128.2.56.220
requestid 0x7D9FCD65 errstat 0x0 errindex 0x0
SNMPv2-MIB::sysLocation.0 = STRING: building A
Variable:
The following is an example of sending a GETBULK request:
Variable: $B
Request type is Bulk Request
Enter a blank line to terminate the list of non-repeaters
and to begin the repeating variables
Variable:
Now input the repeating variables
Variable: system.sysContact.0
Variable: system.sysLocation.0
Variable:
What repeat count? 2
Received Get Response from 128.2.56.220
requestid 0x2EA7942A errstat 0x0 errindex 0x0
SNMPv2-MIB::sysName.0 = STRING: testhost
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (58) 0:00:00.58
SNMPv2-MIB::sysLocation.0 = STRING: bldg A
SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB
Variable:
The following is an example of sending an Inform request:
snmptest -v 2c -c public snmptrapd_host
Variable: $I
Request type is Inform Request
(Are you sending to the right port?)
Variable: system.sysContact.0
Type [i|u|sIx|d|n|o|t|a]: s
Value: x12345
Variable:
Inform Acknowledged
Variable:
The snmptrapd_host will show:
snmptrapd_host []: Trap SNMPv2-MIB::sysContact.0 = STRING: x12345
The following is an example of sending an SNMPv2 Trap request:
snmptest -v 2c -c public snmptrapd_host
Variable: $T
Request type is SNMPv2 Trap Request
(Are you sending to the right port?)
Variable: system.sysLocation.0
Type [i|u|s|x|d|n|o|t|a]: s
Value: building a
Variable:
The snmptrapd_host will show:
snmptrapd_host []: Trap SNMPv2-MIB::sys.0 = STRING: building a
snmptranslate
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmptranslate [OPTIONS] OID [OID]...
Description
snmptranslate is an application that translates one or more SNMP object identifier values from their symbolic (textual) forms into their numerical forms (or vice versa).
OID is either a numeric or textual object identifier.
Options
- -D TOKEN[,...]
Turn on debugging output for the given TOKEN(s). Try ALL for extremely verbose output. - -h
Display a brief usage message and then exit. - -m MIBLIST
Specifies a colon separated list of MIB modules to load for this application. This overrides the environment variable MIBS.
The special keyword ALL is used to specify all modules in all directories when searching for MIB files. Every file whose name does not begin with "." will be parsed as if it were a
MIB file. - -M DIRLIST
Specifies a colon separated list of directories to search for MIBs. This overrides the environment variable MIBDIRS. - -T TRANSOPTS
Provides control over the translation of the OID values. The following TRANSOPTS are available: - -Td
Print full details of the specified OID. - -Tp
Print a graphical tree, rooted at the specified OID. - -Ta
Dump the loaded MIB in a trivial form. - -Tl
Dump a labelled form of all objects. - -To
Dump a numeric form of all objects. - -Ts
Dump a symbolic form of all objects. - -Tt
Dump a tree form of the loaded MIBs (mostly useful for debugging). - -Tz
Dump a numeric and labelled form of all objects (compatible with MIB2SCHEMA format). - -V
Display version information for the application and then exit. - -w WIDTH
Specifies the width of -Tp and -Td output. The default is very large.
In addition to the above options, snmptranslate takes the OID input (-I), MIB parsing (-M) and OID output (-O) options described in the INPUT OPTIONS, MIB PARSING OPTIONS and OUTPUT OPTIONS sections of the snmpcmd(1) manual page.
Examples
* snmptranslate -On -IR seceders
will translate "sysDescr" to a more qualified form:
system.sysDescr
* snmptranslate -Onf -IR sysDescr
will translate "sysDecr" to:
.iso.org.dod.internet.mgmt.mib-2.system.sysDescr
* snmptranslate -Td -OS system.sysDescr
will translate "sysDecr" into:
SNMPv2-MIB::sysDescr
sysDescr OBJECT-TYPE
-- FROM SNMPv2-MIB
-- TEXTUAL CONVENTION DisplayString
SYNTAX OCTET STRING (0..255)
DISPLAY-HINT "255a"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "A textual description of the entity. This
value should include the full name and
version identification of the system's
hardware type, software operating-system,
and networking software."
::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) system(1) 1 }
* snmptranslate -Tp -OS system
will print the following tree:
+--system(1)
|
+-- -R-- String sysDescr(1)
| Textual Convention: DisplayString
| Size: 0..255
+-- -R-- ObjID sysObjectID(2)
+-- -R-- TimeTicks sysUpTime(3)
+-- -RW- String sysContact(4)
| Textual Convention: DisplayString
| Size: 0..255
+-- -RW- String sysName(5)
| Textual Convention: DisplayString
| Size: 0..255
+-- -RW- String sysLocation(6)
| Textual Convention: DisplayString
| Size: 0..255
+-- -R-- Integer sysServices(7)
+-- -R-- TimeTicks sysORLastChange(8)
| Textual Convention: TimeStamp
|
+--sysORTable(9)
|
+--sysOREntry(1)
|
+-- ---- Integer sysORIndex(1)
+-- -R-- ObjID sysORID(2)
+-- -R-- String sysORDescr(3)
| Textual Convention: DisplayString
| Size: 0..255
+-- -R-- TimeTicks sysORUpTime(4)
Textual Convention: TimeStamp
* snmptranslate -Ta | head
will produce the following dump:
dump DEFINITIONS ::= BEGIN
org ::= { iso 3 }
dod ::= { org 6 }
internet ::= { dod 1 }
directory ::= { internet 1 }
mgmt ::= { internet 2 }
experimental ::= { internet 3 }
private ::= { internet 4 }
security ::= { internet 5 }
snmpV2 ::= { internet 6 }
* snmptranslate -Tl | head
will produce the following dump:
.iso(1).org(3)
.iso(1).org(3).dod(6)
.iso(1).org(3).dod(6).internet(1)
.iso(1).org(3).dod(6).internet(1).directory(1)
.iso(1).org(3).dod(6).internet(1).mgmt(2)
.iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1)
.iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).system(1)
.iso(1).org(3).dod(6).internet(1).mgmt(2).mib2(1).system(1).sysDescr(1)
.iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).system(1).sysObjectID(2)
.iso(1).org(3).dod(6).internet(1).mgmt(2).mib2(1).system(1).sysUpTime(3)
* snmptranslate -To | head
will produce the following dump
.1.3
.1.3.6
.1.3.6.1
.1.3.6.1.1
.1.3.6.1.2
.1.3.6.1.2.1
.1.3.6.1.2.1.1
.1.3.6.1.2.1.1.1
.1.3.6.1.2.1.1.2
.1.3.6.1.2.1.1.3
* snmptranslate -Ts | head
will produce the following dump
.iso.org
.iso.org.dod
.iso.org.dod.internet
.iso.org.dod.internet.directory
.iso.org.dod.internet.mgmt
.iso.org.dod.internet.mgmt.mib-2
.iso.org.dod.internet.mgmt.mib-2.system
.iso.org.dod.internet.mgmt.mib-2.system.sysDescr
.iso.org.dod.internet.mgmt.mib-2.system.sysObjectID
.iso.org.dod.internet.mgmt.mib-2.system.sysUpTime
* snmptranslate -Tt | head
will produce the following dump
org(3) type=0
dod(6) type=0
internet(1) type=0
directory(1) type=0
mgmt(2) type=0
mib-2(1) type=0
system(1) type=0
sysDescr(1) type=2 tc=4 hint=255a
sysObjectID(2) type=1
sysUpTime(3) type=8
snmptrap
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmptrap -v 1 [COMMON OPTIONS] [-Ci] enterprise-oid agent generic-trap
specific-trap uptime [OID TYPE VALUE]...
snmptrap -v [2c|3] [COMMON OPTIONS] [-Ci] uptime trap-oid [OID TYPE
VALUE]...
snmpinform -v [2c|3] [COMMON OPTIONS] uptime trap-oid [OID TYPE
VALUE]...
Description
snmptrap is an SNMP application that uses the SNMP TRAP operation to send information to a network manager. One or more object identifiers (OIDs) can be given as arguments on the command line. A type and a value must accompany each object identifier. Each variable name is given in the format specified in variables(5).
When invoked as snmpinform, or when -Ci is added to the command line flags of snmptrap, it sends an INFORM-PDU, expecting a response from the trap receiver, retransmitting if required. Otherwise it sends an TRAP-PDU or TRAP2-PDU.
If any of the required version 1 parameters, enterprise-oid, agent, and uptime are specified as empty, it defaults to 1.3.6.1.4.1.3.1.1 (enterprises.cmu.1.1), hostname, and host-uptime respectively.
The TYPE is a single character, one of:
i - integer
c - counter 32
u - unsigned integer
s - octet string in ASCII
x - octet string in hex bytes, separated by whitespace
d - octet string as decimal bytes, separated by whitespace
a - ip address in dotted IP notation
o - object identifier
b - bits
n - null
t - timeticks
which are handled in the same way as the snmpset command.
For example:
snmptrap -v 1 -c public manager enterprises.spider test-hub 3 0 '' interfaces.iftable.ifentry.ifindex.1 i 1
will send a generic linkUp trap to manager, for interface 1.
Options
- Common options
see snmpcmd for a list of possible values for common options. - -Ci.
snmpusm
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpusm [COMMON OPTIONS] create USER [CLONEFROM-USER]
snmpusm [COMMON OPTIONS] delete USER
snmpusm [COMMON OPTIONS] cloneFrom USER CLONEFROM-USER
snmpusm [COMMON OPTIONS] [-Ca] [-Cx] passwd OLD-PASSPHRASE NEWPASSPHRASE [USER]
snmpusm [COMMON OPTIONS] <-Ca | -Cx> -Ck passwd OLD-KEY-OR-PASSPHRASE
NEW-KEY-OR-PASSPHRASE [USER]
snmpusm [COMMON OPTIONS] [-Ca] [-Cx] changekey [USER]
Description
snmpusm is an SNMP application that can be used to do simple maintenance on the users known to an SNMP agent, by manipulating the agent's User-based Security Module (USM) table. The user needs write access to the usmUserTable MIB table. This tool can be used to create, delete, clone, and change the passphrase of users configured on a running SNMP
agent.
Options
- Common options
see snmpcmd for a list of possible values for common options. - -CE ENGINE-ID
Set usmUserEngineID to be used as part of the index of the usmUserTable. Default is to use the contextEngineID (set via -E or probed) as the usmUserEngineID. - -Cp STRING
Set the usmUserPublic value of the (new) user to the specified STRING.
Options for the passwd and changekey commands:
- -Ca
Change the authentication key. - -Cx
Change the privacy key. - -Ck
Allows to use localized key (must start with 0x) instead of passphrase. When this option is used, either the -Ca or -Cx option (but not both) must also be used.
Creating Users
An unauthenticated SNMPv3 user can be created using the command
snmpusm [OPTIONS] create USER
This constructs an (inactive) entry in the usmUserTable, with no authentication or privacy settings. In principle, this user should be useable for 'noAuthNoPriv' requests, but in practise the Net-SNMP agent will not allow such an entry to be made active.
In order to activate this entry, it is necessary to "clone" an existing user, using the command
snmpusm [OPTIONS] cloneFrom USER CLONEFROM-USER
The USER entry then inherits the same authentication and privacy settings (including pass phrases) as the CLONEFROM user.
These two steps can be combined into one, by using the command
snmpusm [OPTIONS] create USER CLONEFROM-USER
The two forms of the create sub-command require that the user being created does not already exist. The cloneFrom sub-command requires that the user being cloned to does already exist.
Cloning is the only way to specify which authentication and privacy protocols to use for a given user, and it is only possible to do this once. Subsequent attempts to reclone onto the same user will appear to succeed, but will be silently ignored. This (somewhat unexpected) behaviour is mandated by the SNMPv3 USM specifications (RFC 3414). To change the authentication and privacy settings for a given user, it is necessary to delete and recreate the user entry. This is not necessary for simply changing the pass phrases (see below). This means that the agent must be initialized with at least one user for each combination of authentication and privacy protocols. See the snmpd.conf(5) manual page for details of the createUser configuration directive.
Deleting Users
A user can be deleted from the usmUserTable using the command
snmpusm [OPTIONS] delete USER
Changing Password Phrases
User profiles contain private keys that are never transmitted over the wire in clear text (regardless of whether the administration requests are encrypted or not). To change the secret key for a user, it is necessary to specify the user's old passphrase as well as the new one. This uses the command
snmpusm [OPTIONS] [-Ca] [-Cx] passwd OLD-PASSPHRASE NEW-PASSPHRASE [USER]
After cloning a new user entry from the appropriate template, you should immediately
change the new user's passphrase.
If USER is not specified, this command will change the passphrase of the (SNMPv3) user issuing the command. If the -Ca or -Cx options are specified, then only the authentication or privacy keys are changed. If these options are not specified, then both the authentication and privacy keys are changed.
snmpusm [OPTIONS] [-Ca] [-Cx] changekey [USER]
This command changes the key in a perfect-forward-secrecy compliant way through a diffiehelman exchange. The remote agent must support the SNMP-USM-DH-OBJECTS-MIB for this command to work. The resulting keys are printed to the console and may be then set in future command invocations using the --defAuthLocalizedKey and --defPrivLocalizedKey options or in your snmp.conf file using the defAuthLocalizedKey and defPrivLocalizedKey keywords.
Since these keys are randomly generated based on a diffie helman exchange, they are no longer derived from a more easily typed password. They are, however, much more secure.
To change from a localized key back to a password, the following variant of the passwd subcommand is used:
snmpusm [OPTIONS] <-Ca | -Cx> -Ck passwd OLD-KEY-OR-PASSPHRASE NEWKEY-OR-PASSPHRASE [USER]
Either the -Ca or the -Cx option must be specified. The OLD-KEY-OR-PASSPHRASE and/or NEW-KEY-OR-PASSPHRASE arguments can either be a passphrase or a localized key starting with "0x", e.g. as printed out by the changekey sub-command.
Examples
Let's assume for our examples that the following VACM and USM configurations lines were in the snmpd.conf file for a Net-SNMP agent. These lines set up a default user called "initial" with the authentication passphrase "setup_passphrase" so that we can perform the initial set up of an agent:
# VACM configuration entries
rwuser initial
# lets add the new user we'll create too:
rwuser wes
# USM configuration entries
createUser initial MD5 setup_passphrase DES
Create a new user
snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase localhost create wes initial
Creates a new user, here named "wes" using the user "initial" to do it. "wes" is cloned from "initial" in the process, so he inherits that user's passphrase ("setup_passphrase").
Change the user's passphrase
snmpusm -v 3 -u wes -n "" -l authNoPriv -a MD5 -A setup_passphrase localhost passwd setup_passphrase new_passphrase
After creating the user "wes" with the same passphrase as the "initial" user, we need to change his passphrase for him. The above command changes it from "setup_passphrase", which was inherited from the initial user, to "new_passphrase".
Test the new user
snmpget -v 3 -u wes -n "" -l authNoPriv -a MD5 -A new_passphrase
localhost sysUpTime.0
If the above commands were successful, this command should have properly performed an authenticated SNMPv3 GET request to the agent.
Now, go remove the vacm "group" snmpd.conf entry for the "initial" user and you have a valid user 'wes' that you can use for future transactions instead of initial.
snmpvacm
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpvacm [COMMON OPTIONS] createSec2Group MODEL SECURITYNAME GROUPNAME
snmpvacm [COMMON OPTIONS] deleteSec2Group MODEL SECURITYNAME
snmpvacm [COMMON OPTIONS] createView [-Ce] NAME SUBTREE MASK
snmpvacm [COMMON OPTIONS] deleteView NAME SUBTREE
snmpvacm [COMMON OPTIONS] createAccess GROUPNAME [CONTEXTPREFIX] MODEL
LEVEL CONTEXTMATCH READVIEW WRITEVIEW NOTIFYVIEW
snmpvacm [COMMON OPTIONS] deleteAccess GROUPNAME [CONTEXTPREFIX] MODEL
LEVEL
snmpvacm [COMMON OPTIONS] createAuth GROUPNAME [CONTEXTPREFIX] MODEL
LEVEL AUTHTYPE CONTEXTMATCH VIEW
snmpvacm [COMMON OPTIONS] deleteAuth GROUPNAME [CONTEXTPREFIX] MODEL
LEVEL AUTHTYPE
Description
snmpvacm is an SNMP application that can be used to do simple maintenance on the View-based Control Module (VACM) tables of an SNMP agent. The SNMPv3 VACM specifications (see RFC2575) define assorted tables to specify groups of users, MIB views, and authorized access settings. These snmpvacm commands effectively create or delete rows in the appropriate one of these tables, and match the equivalent configure directives which are documented in the snmpd.conf(5) man page.
Sub-Commands
createSec2Group MODEL SECURITYNAME GROUPNAME
Create an entry in the SNMPv3 security name to group table. This table allows a single access control entry to be applied to a number of users (or 'principals'), and is indexed by the security model and security name values.
- MODEL, An integer representing the security model, taking one of the following values:
- 1 - reserved for SNMPv1
- 2 - reserved for SNMPv2c
- 3 - User-based Security Model (USM)
- SECURITYNAME, A string representing the security name for a principal (represented in a security-model-independent format). For USM-based requests, the security name is the same as the username.
- GROUPNAME, A string identifying the group that this entry (i.e. security name/model pair) should belong to. This group name will then be referenced in the access table (see createAccess below).
deleteSec2Group MODEL SECURITYNAME
Delete an entry from the SNMPv3 security name to group table, thus removing access
control settings for the given principal. The entry to be removed is indexed by the MODEL and SECURITYNAME values, which should match those used in the corresponding createSec2Group command (or equivalent).
createView [-Ce] NAME SUBTREE MASK
Create an entry in the SNMPv3 MIB view table. A MIB view consists of a family of view subtrees which may be individually included in or (occasionally) excluded from the view.
Each view subtree is defined by a combination of an OID subtree together with a bit string mask. The view table is indexed by the view name and subtree OID values.
- [-Ce], an optional flag to indicate that this view subtree should be excluded from the named view. If not specified, the default is to include the subtree in the view. When constructing a view from a mixture of included and excluded subtrees, the excluded subtrees should be defined first - particularly if the named view is already referenced in one or more access entries.
- NAME, a string identifying a particular MIB view, of which this OID subtree/mask forms part (possibly the only part).
- SUBTREE, the OID defining the root of the subtree to add to (or exclude from) the named view.
- MASK, a bit mask indicating which sub-identifiers of the associated subtree OID should be regarded as significant.
deleteView NAME SUBTREE
Delete an entry from the SNMPv3 view table, thus removing the subtree from the given MIB view. Removing the final (or only) subtree will result in the deletion of the view. The entry to be removed is indexed by the NAME and SUBTREE values, which should match those used in the corresponding createView command (or equivalent).
When removing subtrees from a mixed view (i.e. containing both included and excluded subtrees), the included subtrees should be removed first.
createAccess GROUPNAME [CONTEXTPREFIX] MODEL LEVEL CONTEXTMATCH READVIEW WRITEVIEW NOTIFYVIEW
Create an entry in the SNMPv3 access table, thus allowing a certain level of access to particular MIB views for the principals in the specified group (given suitable security model and levels in the request). The access table is indexed by the group name, context prefix, security model and security level values.
- GROUPNAME, the name of the group that this access entry applies to (as set up by a createSec2Group command, or equivalent)
- CONTEXTPREFIX, a string representing a context name (or collection of context names) which this access entry applies to. The interpretation of this string depends on the value of the CONTEXTMATCH field (see below).
If omitted, this will default to the null context "". - MODEL, an integer representing the security model, taking one of the following values:
- 1 - reserved for SNMPv1
- 2 - reserved for SNMPv2c
- 3 - User-based Security Model (USM)
- LEVEL, an integer representing the minimal security level, taking one of the following values:
- 1 - noAuthNoPriv
- 2 - authNoPriv
- 3 - authPriv
This access entry will be applied to requests of this level or higher (where authPriv is higher than authNoPriv which is in turn higher than noAuthNoPriv).
- CONTEXTMATCH, indicates how to interpret the CONTEXTPREFIX value. If this field has the value '1' (representing 'exact') then the context name of a request must match the CONTEXTPREFIX value exactly for this access entry to be applicable to that request. If this field has the value '2' (representing 'prefix') then the initial substring of the context name of a request must match the CONTEXTPREFIX value for this access entry to be applicable to that request. This provides a simple form of wildcarding.
- READVIEW, the name of the MIB view (as set up by createView or equivalent) defining the MIB objects for which this request may request the current values.
If there is no view with this name, then read access is not granted. - WRITEVIEW, the name of the MIB view (as set up by createView or equivalent) defining the MIB objects for which this request may potentially SET new values.
If there is no view with this name, then read access is not granted. - NOTIFYVIEW, the name of the MIB view (as set up by createView or equivalent) defining the MIB objects which may be included in notification request.
deleteAccess GROUPNAME [CONTEXTPREFIX] MODEL LEVEL
Delete an entry from the SNMPv3 access table, thus removing the specified access control settings. The entry to be removed is indexed by the group name, context prefix, security model and security level values, which should match those used in the corresponding createAccess command (or equivalent).
createAuth GROUPNAME [CONTEXTPREFIX] MODEL LEVEL AUTHTYPE CONTEXTMATCH VIEW
Create an entry in the Net-SNMP extension to the standard access table, thus allowing a certain type of access to the MIB view for the principals in the specified group. The interpretation of GROUPNAME, CONTEXTPREFIX, MODEL, LEVEL and CONTEXTMATCH are the same as for the createAccess directive. The extension access table is indexed by the group name, context prefix, security model, security level and authtype values.
- AUTHTYPE, the style of access that this entry should be applied to. See snmpd.conf(5) and snmptrapd.conf(5) for details of valid tokens.
- VIEW, the name of the MIB view (as set up by createView or equivalent) defining the MIB objects for which this style of access is authorized.
deleteAuth GROUPNAME [CONTEXTPREFIX] MODEL LEVEL AUTHTYPE
Delete an entry from the extension access table, thus removing the specified access control settings. The entry to be removed is indexed by the group name, context prefix, security model, security level and authtype values, which should match those used in the corresponding createAuth command (or equivalent).
Examples
Given a pre-existing user dave (which could be set up using the snmpusm(1) command), we could configure full read-write access to the whole OID tree using the commands:
snmpvacm localhost createSec2Group 3 dave RWGroup
snmpvacm localhost createView all .1 80
snmpvacm localhost createAccess RWGroup 3 1 1 all all none
This creates a new security group named "RWGroup" containing the SNMPv3 user "dave", a new view "all" containing the full OID tree based on .iso(1) , and then allows those users in the group "RWGroup" (i.e. "dave") both read- and write-access to the view "all" (i.e. the full OID tree) when using authenticated SNMPv3 requests.
As a second example, we could set up read-only access to a portion of the OID tree using the commands:
snmpvacm localhost createSec2Group 3 wes ROGroup
snmpvacm localhost createView sysView system fe
snmpvacm localhost createAccess ROGroup 3 0 1 sysView none none
This creates a new security group named "ROGroup" containing the (pre-existing) user "wes", a new view "sysView" containing just the OID tree based on .iso(1).org(3).dod(6).inet(1).mgmt(2).mib-2(1).system(1) , and then allows those users in the group "ROGroup" (i.e. "wes") read-access, but not write-access to the view "sysView" (i.e. the system group).
Exit Status
The following exit values are returned:
- 0 - Successful completion
- 1 - A usage syntax error (which displays a suitable usage message) or a request timeout.
- 2 - An error occurred while executing the command (which also displays a suitable error
message).
Limitations
- This utility does not support the configuration of new community strings, so is only of use
for setting up new access control for SNMPv3 requests. It can be used to amend the
access settings for existing community strings, but not to set up new ones. - The use of numeric parameters for secLevel and contextMatch parameters is less than
intuitive. These commands do not provide the full flexibility of the equivalent config file
directives. - There is (currently) no equivalent to the one-shot configure directives rouser and rwuser.
snmpwalk
Location | entuity_home\lib\tools |
Type | third party utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
snmpwalk [APPLICATION OPTIONS] [COMMON OPTIONS] [OID]
Description
snmpwalk is an SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information.
An object identifier (OID) may be given on the command line. This OID specifies which portion of the object identifier space will be searched using GETNEXT requests. All variables in the subtree below the given OID are queried and their values presented to the user. Each variable name is given in the format specified in variables(5).
If no OID argument is present, snmpwalk will search the subtree rooted at SNMPv2-SMI::mib2 (including any MIB object values from other MIB modules, that are defined as lying within this subtree). If the network entity has an error processing the request packet, an error packet will be returned and a message will be shown, helping to pinpoint why the request was malformed.
If the tree search causes attempts to search beyond the end of the MIB, the message "End of MIB" will be displayed.
Options
- Common options
See snmpcmd for a list of possible values for common options. - -Cc, do not check whether the returned OIDs are increasing. Some agents (LaserJets are an example) return OIDs out of order, but can complete the walk anyway. Other agents return OIDs that are out of order and can cause snmpwalk to loop indefinitely. By default,nsnmpwalk tries to detect this behavior and warns you when it hits an agent acting illegally.
Use -Cc to turn off this check. - -Ci, include the given OID in the search range. Normally snmpwalk uses GETNEXT requests starting with the OID you specified and returns all results in the MIB subtree rooted at that OID. Sometimes, you may wish to include the OID specified on the command line in the printed results if it is a valid OID in the tree itself. This option lets you do this explicitly.
- -CI, in fact, the given OID will be retrieved automatically if the main subtree walk returns no useable values. This allows a walk of a single instance to behave as generally expected, and return the specified instance value. This option turns off this final GETnrequest, so a walk of a single instance will return nothing.
- -Cp, upon completion of the walk, print the number of variables found.
- -Ct, upon completion of the walk, print the total wall-clock time it took to collect the data (in seconds). Note that the timer is started just before the beginning of the data request series and stopped just after it finishes. Most importantly, this means that it does notninclude snmp library initialization, shutdown, argument processing, and any other overhead.
Examples
Version 2:
The command:
snmpwalk -Os -c public -v 1 zeus system
will retrieve all of the variables under system:
sysDescr.0 = STRING: "SunOS zeus.net.cmu.edu 4.1.3_U1 1 sun4m"
sysObjectID.0 = OID: enterprises.hp.nm.hpsystem.10.1.1
sysUpTime.0 = Timeticks: (155274552) 17 days, 23:19:05
sysContact.0 = STRING: ""
sysName.0 = STRING: "zeus.net.cmu.edu"
sysLocation.0 = STRING: ""
sysServices.0 = INTEGER: 72
Version 3:
snmpwalk -v3 -l authPriv -u >snmp_user -a SHA -A P1ki8fBIEbpBzAKJnzN9 -x AES –X psuuQEAFBJmUD5tvlI20 172.30.27.28
start
Location | entuity_home\bin |
Type | process |
Invoked By | command line |
User Invocation | command line |
Invoked Processes | n/a |
Configured Through | command line |
Log File | n/a |
Syntax
start database
Description
This command starts the Entuity database server mysqld in readiness for a restore from the previous backup.
In Windows, start is also the name of a Windows command. To use start, specify the full path:
c:\Entuity\bin\start database
starteotssvr
Location | entuity_home\bin |
Type | process |
Invoked By | starteye |
User Invocation | windows service |
Invoked Processes | n/a |
Configured Through | startup_WIN32.cfg |
Log File | entuity_home\log\starteyesvr.log.[1..4] |
Description
This process is a Windows service that controls the starting and continued running of processes specified through startup_WIN32.cfg. When starteotssvr fails to restart a process four times within five minutes then Entuity is shutdown.
Logs
Messages are written to the file systemcontrol.log in the entuity_home\log directory.
On UNIX and Linux, system administrators should replicate starteotssvr by defining a chron job that starts the processes specified in start_o/s.cfg
starteye
Location | entuity_home\bin |
Type | process |
Invoked By | startup |
User Invocation | command line |
Invoked Processes | Entuity processes |
Configured Through | n/a |
Log File | n/a |
Syntax
starteye
Description
starteye starts and monitors processes specified in startup_o/s.cfg. When a process stops starteye attempts to re-start the process, if four re-start attempts fail then starteye shuts down Entuity.
Files
entuity.cfg, and /top/start.log.
See also
stop
Location | entuity_home\bin |
Type | process |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | context dependent |
Configured Through | n/a |
Log File | n/a |
Syntax
stop database
Descriptionl
This command stops the Entuity database server mysqld following a restore from the previous backup.
See also
stopeye
Location | entuity_home\bin |
Type | process |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | Entuity processes |
Configured Through | n/a |
Log File | n/a |
Syntax
stopeye
Description
The stopeye script stops the:
- web server
- scheduler
- database
- license server.
The prompt returns when Entuity is successfully shutdown.
Files
entuity.cfg, and \tmp\start.log.
See also
stpman
Location | entuity_home\bin |
Type | process, run daily at 05:15. |
Invoked By | provost |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\stpman.log[1..4] |
Description
When you have the Device News (Device Network Early Warning System) module installed, is responsible for gathering STP (Spanning Tree Protocol)-related information from each switch and hub in the network. The information is gathered using SNMP, and includes the root switch, STP port status (blocking, forwarding, etc.), and STP timers.
swmaint
Location | entuity_home\bin |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | none |
Configured Through | command line parameters |
Log File | no |
Syntax
swmaint[-c <connection string>] [-d <days>] [-force] [-n] [-o] [-q] [-s] [-v]
Description
swmaint removes inconsistencies between StormWorks objects, associations and streams. It can also delete stale objects and optimize database tables, so incorporate swmaint into your Entuity housekeeping process. When restoring an Entuity database you should also always run swmaint before restarting the Entuity server.
Options
- -c, database connection string. When swmaint is run from the Entuity server it is not required. The database connection string has the format:
HOST=<host>;UID=<user>;PWD=<password>;DB=<database>;PORT=<port> - -d, objects that are considered stale for more days than this value are deleted. On long running systems the number of stale objects can impact database performance. By default swmaint does not delete stale objects.
- -force, continue swmaint even when the previous run failed or the Entuity server is running.
-force may result in data loss or corruption. - -n, no update. swmaint does not modify the database but does report on the state of the database. To view the number of stale objects you must always use this setting with -d.
- -o, deletes object data with incomplete StormWorks associations (the default). This option is only useful with -q.
- -p, optimize database tables. This calls the database command to optimize each table, and may take sometime.
- -q, quick mode. Quick mode does not delete or optimize object and sample data (dso_..
and dss_.. . You should use quick mode when wanting to quickly restart Entuity's management of your network. - -r, removes any incidents and archived events for objects that have been deleted by previous runs of swmaint. This is useful in combination with -d <number-of-days>, in which case it will do the above and also remove incidents and archived events for objects that are deleted by the -d option (i.e. that have been stale for <number-of-days> or more).
- -s, deletes sample data with incomplete associations (the default). This option is only useful with -q.
- -t, logs the types of any stale objects. This helps with analysis of the types of stale objects in the system and therefore config problems - it can reveal bad any StormWorks configuration that might be creating objects and then deleting them again.
- -v, verbose mode provides a full set of progress messages.
Examples
This example optimizes the database, deletes StormWorks objects with incomplete associations and delivers a full set of progress messages:
swmaint -v
This example reports on the number of stale objects that have been in the system more than seven days:
swmaint -n -d 7
This removes all stale objects from the database:
swmaint -d 0
sysLogger
Location | entuity_home\bin |
Type | process |
Invoked By | starteots |
User Invocation | n/a |
Invoked Processes | none |
Configured Through |
entuity_home\etc\startup_O/S.cfg entuity.cfg |
Log File | entuity_home\log\syslogger.log.[1..4] |
Description
Invoked during system startup and continues to run until the system closes. It receives device syslog messages, discards those from devices not managed by Entuity and forwards to the Event Viewer as events those it does. sysLogger uses the Entuity database to identify the device and possibly add additional information, e.g. CPU utilization, buffer capacity and mismatches in protocol.
Through the syslogger section of entuity.cfg you can use replaceEventDetailsAction to replace problematic characters from the event details.
ticker
Location | entuity_home\bin |
Type | process |
Invoked By | starteots |
User Invocation | n/a |
Invoked Processes | none |
Configured Through |
entuity_home\etc\startup_O/S.cfg |
Log File | entuity_home\log\ticker.log.[1..4] |
Description
This is the ticker process. It is a daemon process, invoked during software startup, that allows you to view real time output at the device and port level, viewing data changes as they occur.
trapsplit
Location | entuity_home\bin |
Type | process |
Invoked By | command line, starteots |
User Invocation | yes |
Invoked Processes | none |
Configured Through | command line, trapsplit configuration file, startup_o/s.cfg |
Log File | entuity_home\log\trapsplit.log.[1..4] |
Syntax
trapsplit [-p portnumber] [-l logfilename] configfilename
Description
This is a daemon process that can be started by the System Administrator. It is a trap receiver that forwards traps on to a user specified list of recipient hosts on user-definable UDP ports.
Listens for SNMP traps on UDP port 162. It then forwards the traps to one or more ports specified through the configuration file.
- -p portnumber is the UDP port on which trapsplit listens for traps. The default is UDP port 162. To amend the port, for example to listen on port 2162, enter:
trapsplit -p 2162 trapconfig.cfg
- -l logfilename enables logging and specifies the name and path of the trapsplit log file. By default logging is not enabled. To output the trapsplit messages to the Entuity log folder
enter:
trapsplit -l ..\log\trapsplit.log trapconfig.cfg
- configfilename is the trapsplit configuration file. Each entry should be on a separate line and have the format:
host [port]
Where:
- host specifies the destination host, either the hostname or IP address.
- port specifies the destination port. When not entered the default is UDP port 162.
updateNames
Location | entuity_home\bin |
Type | utility |
Invoked By | n/a |
User Invocation | process, command line |
Invoked Processes | none |
Configured Through | command line parameters |
Log File | entuity_home\log\updateNames.log |
Syntax
updateNames.
Description
Entuity distinguishes between the Polled Name/IP address it uses to manage a device and the Display Name it displays for you to identify the device.
Display Name can be derived from Polled Name / IP Address, System Name, Resolved Name, Resolved Name (fully qualified) and IP Address, i.e. the source of the name is external to Entuity and derived either from SNMP or DNS. If this external value changes then updateNames updates Display Name.
updateNames compares the device Display Name in Entuity against the value on the device. If there is a difference updateNames updates the Display Name. However if the new name clashes with an existing name Entuity appends its Device ID in brackets after it. If this would make the name longer than the maximum name length (59 characters) then the original name is shortened prior to appending the Device ID.
updateNames is scheduled, by default, to run at 03:00 every day. It can be disabled through a setting in entuity.cfg:
[updateNames]
disabled=true
updateNames can also be run from the command line from /bin/updateNames
updateNames.log records changes to device inventory and also when updateNames is run.
vendinfo
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | n/a |
User Invocation | command line |
Invoked Processes | none |
Configured Through | command line parameters |
Log File | no |
Description
vendinfo identifies the vendor device support datasets available to Entuity and the decisions made when more than one vendor file is available for a particular sysoid; which device support dataset Entuity uses to manage that device type (as identified through its sysoid).
Each device support dataset is associated with a specific device sysoid. Where there:
- is only one available device support dataset for a given sysoid, Entuity uses that dataset when managing a device with that sysoid.
- are two or more device support datasets for a given sysoid, Entuity uses the dataset with the highest priority.
Datasets are available through four types of vendor files, all have a .vendor extension. These vendor files are, listed in ascending order of priority:
- uncertified device definitions in entuity_home\etc\uncertified folder when Entuity discovers devices with sysoids for which there is not a device support dataset. These generic device support datasets should be considered temporary definitions, and only used until Entuity supply an appropriate vendor file.
- bin.vendor, which is installed to entuity_home\etc. It contains multiple device support datasets, many of which are also listed in their individual vanilla vendor files. bin.vendor has the second lowest priority when Entuity is determining the source of device information.
Device support datasets in bin.vendor have the second lowest priority when Entuity is determining which of those available to use to manage a device type. - vanilla vendor files are installed to entuity_home\etc during Entuity installation and configuration.
Device support datasets in vanilla vendor files have the second highest priority when Entuity is determining which vendor device definition to use to manage a device type. - exotica vendor files are installed to entuity_home\etc\exotica. Exotica files are only used by Entuity when they are copied to entuity_home\etc, either manually or during Entuity configuration, e.g. when selecting a module.
Device support datasets in exotica vendor files have the highest priority when Entuity is determining which vendor device definition to use to manage a device type.These files use a simple naming convention, using the vanilla filename, with a plus sign in the filename and identifying name, e.g. SOLSERV+managed Host.vendor.
Entuity does not make operational use of vendor files from the etc\exotica; these files are primarily reference resources. Entuity only uses vendor files in the active configuration directory, by default entuity_home\etc, when determining how to manage a device type.
vendinfo Switches
vendinfo is supplied with a number of case sensitive switches, that you can use individually, or combine to investigate vendor information:
- -e directory, instructs vendinfo to consider device support datasets in the specified folder as though they are in the active configuration folder, by default entuity_home\etc directory. You must specify the full path e.g.
vendinfo -e c:\entuity\etc -I 1.3.6.1.4.1.42.2.1.1
- -V directory, instructs vendinfo to consider device support datasets in the specified folder as though they are vanilla vendor files. You must specify the full path
e.g. vendinfo -V c:\entuity_resources\vanilla -I 1.3.6.1.4.1.42.2.1.1
- -E directory, instructs vendinfo to consider device support datasets in the specified folder as though they are in the exotica vendor file reference folder, by default entuity_home\etc\exotica directory. You must specify the full path e.g.
vendinfo -E c:\entuity\etc\exotica -I 1.3.6.1.4.1.42.2.1.1
- -B directory, instructs vendinfo to take the specified folder as the root folder for relative path folders specified with other switches, e.g.:
vendinfo -B c:\entuity -e etc -I 1.3.6.1.4.1.42.2.1.1
- -H directory, instructs vendinfo to take the specified folder as the root folder. Unlike the -B switch, you do not need to specify a path to the exotica folder, e.g.:
vendinfo -H c:\entuity -I 1.3.6.1.4.1.42.2.1.1
- -n filename, forces vendinfo to use newbin.vendor format when reading the specified file (newbin.vendor is a deprecated file):
vendinfo -n c:\entuity\etc\newbin.vendor
- -c filename, forces vendinfo to use classic.vendor format when reading the specified file:
vendinfo -c c:\entuity\etc\bin.vendor
- -x prefix, exclude data for sysoids starting with the entered prefix:
vendinfo -H c:\entuity -x 1.3.6.1.4.1.9 -x 1.3.6.1.4.1.42
- -X sysoid, excludes data for the entered sysoid:
vendinfo -H c:\entuity -X 1.3.6.1.4.1.42.2.1.1 -X 1.3.6.1.4.1.9.1.8
- -i prefix, includes data for sysoids starting with the entered prefix:
vendinfo -H c:\entuity -x 1.3.6.1.4.1.42 -x 1.3.6.1.4.1.9
- -I sysoid, allows you to specify the particular sysoid in which you are interested:
vendinfo -H c:\entuity -I 1.3.6.1.4.1.42.2.1.1
- -m, restricts vendinfo output to sysoids for devices currently under Entuity
management.
vendinfo -H c:\entuity -m
- -q, restricts vendinfo output to sysoids with concerns or questionable status. This is useful when investigating the current status of your system’s device support datasets.
vendinfo -H c:\entuity -q
- -h, displays command line help.
vendinfo -h
- -u, displays command line help.
vendinfo -u
- -v, displays vendinfo version number:
vendinfo version 1.7 [@(#)buildstamp.h $Revision: 6.48 $]
Understanding the results
In this example output, vendinfo is flagging a concern about the provenance of an operational device support dataset. This was most likely a consequence of mistakenly moving, rather than copying, an exotica device support file from entuity_home\etc\exotica to entuity_home\etc.
lib\tools\vendinfo -q
795 datasets read from 188 files ( 12 null files, 332 others):
c:\Entuity\TRUNKref30a\etc
25 datasets read from 25 files ( 5 null files, 2 others):
c:\Entuity\TRUNKref30a\etc\exotica
.1.3.6.1.4.1.42.2.1.1 - - -
?provenance winner 1.3 etc\SOLSERV+managedHost.vendor
variation=1 loser 1.3 etc\SOLSERV.vendor
variation=1 loser 1.3 etc\bin.vendor
variation=1 reference 1.3 etc\SOLSERV.vendor
When you run vendinfo it returns a report on device support datasets it has processed:
- exotica and uncertified vendor files contain one dataset each, bin.vendor contains multiple datasets.
- Null files are old, deprecated vendor files that no longer contain vendor definitions. They are supplied to prevent older Entuity installations continuing to use these definitions.
- Others, are files in the entuity_home\etc and entuity_home\etc\exotica folders that do not have the vendor extension and so Entuity and vendinfo do not consider them as device support files.
The results for each sysoid all have the same format:
sysoid
VendorStatus Variation=n ResultStatus VersionNumber PathName
where:
- sysoid identifies the sysoid to which the subsequent vendor information relates.
- VendorStatus indicates the status of the vendor file, and can be:
- ?Provenance, indicates a winner, or loser, entry in etc\ does not have a matching reference dataset, i.e. in entuity_home\etc\exotica. This does not necessarily indicate an immediate operational problem, only that it may indicate a problem in maintaining reference file information.
- ?fluke, indicates you need to check the vendor files in entuity_home\etc for competing vendor definitions from the same reference folder. For example, you may have copied from the entuity_home\etc\exotica to entuity_home\etc two Nokia3.8.1-build28 firewall definitions. Entuity cannot determine which you want to use to manage your devices, and so selects one on the basis of their filename’s ASCII alphabetic values.
- ?version, indicates vendor files with the same name have different operational characteristics. You should investigate that the correct vendor file is in use and ensure all vendor files with the same name have the same device definition.
- ?Name, indicates vendor files with different names have the same operational characteristics. You should investigate that the correct vendor file is in use and ensure all vendor files with the same definition have the same filename.
- ?rootName, indicates a deviation from the supplied naming convention. You must not amend vendor filenames as Entuity uses the naming convention when determining which vendor definition to use to manage a device.
- ?wrongDir, indicates vanilla or exotica file definitions are in the wrong folder, e.g. a vanilla vendor file is in the exotica folder.
When vendinfo is only run against one folder, VendorStatus indicators that rely on comparisons across folders, e.g. ?Provenance, are not meaningful.
- Variation=n, is only used where there is more than one vendor entry that would yield different operational behavior for the sysoid. Vendor definitions with the same variation value would exhibit the same operational behavior.
- ResultStatus can be:
- winner, the device support dataset identified as being the highest ranked available in entuity_home\etc for that sysoid.
- loser, a device support dataset for which there is another higher ranked dataset available in entuity_home\etc for that sysoid.
- reference, device support datasets that are not in operational use but held in the resource folder entuity_home\etc\exotica. Usually for every winner and loser there is an equivalent reference file for that sysoid.
- alternate, is applied to entries from etc\exotica whose behavior would not match any winner or loser from etc for the current sysoid.
- VersionNumber is an internal, non-mandatory Entuity reference number. Different version numbers between two files does not necessarily indicate differences in the vendor
definition information. - PathName, indicates the name and location of the file holding the vendor information.
viewserver
Location | entuity_home\bin |
Type | process |
Invoked By | starteots |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | [viewServer] |
Log File | entuity_home\log\viewserver.log.[1..4] |
Description
By default, event management process uses the internal Entuity mechanism viewserver for view membership checks. viewserver checks object-view and content filter settings, by default every twenty minutes, or when a view is amended.
vipman
Location | entuity_home\bin |
Type | process, run at 19:00 and 02:00 |
Invoked By | provost |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\vipman.log.[1..4] |
Description
It is responsible for ascertaining which ports in the network are deemed to be infrastructure
ports, i. e.
- router ports.
- trunk ports (i.e. ports connecting switches together).
- uplinks (i.e. ports connecting routers with switches).
Entuity uses three methods to identify trunk ports; through the MIB, by counting the number of MAC addresses on the port and then identifying whether there are associated VLANs and lastly through Cisco’s CDP trunk discovery protocol. Through the VIPMAN Trunk Promote module you can also identify to vipman ports you want Entuity to manage as trunk ports.
vtpDomainTool
Location | entuity_home\lib\tools |
Type | utility |
Invoked By | provost, user |
User Invocation | user, command line |
Invoked Processes | n/a |
Configured Through | provost.conf |
Log File | n/a |
Syntax
vtpDomainTool [-c] [-d] [-h] [-p] [-b]
where:
- -c, deletes the Regional by VTP view
- -d, sets debug logging level
- -h, displays help information
- -p, preserves user tags
- -b, preserves blank domain.
Description
vtpDomainTool automatically assigns aliases for use in Entuity, enabling Entuity to distinguish between VLANs that have the same name but are members of a different VTP domain. The VLAN alias is built by combining the VTP Domain Name with the VLAN name. vtpDomainTool also generates a View called Regional by VTP, which shows devices and VLANs grouped by VTP domain name.
vtpDomainTool can be run from the command line, or scheduled and run by provost. It uses information collected by vtpman to identify devices and VLANs, and their correct VTP domains. To maintain the accuracy of the view, you should schedule vtpDomainTool to run after vtpman has completed. Scheduling is set through provost.conf, for example:
job vtpDomainTool {
count 1, start @06:15:00, repeat forever, interval 24h, command
'${entuity_home}/lib/tools/vtpDomainTool'
Changes to configuration files are not maintained after upgrading Entuity, and so
VTPDomainTool would have to be rescheduled in provost.conf.
vtpman
Location | entuity_home\bin |
Type | process |
Invoked By | provost, run daily at 05:15 |
User Invocation | n/a |
Invoked Processes | n/a |
Configured Through | n/a |
Log File | entuity_home\log\vtpman.log.[1..4] |
Description
vtpman is responsible for gather VTP (VLAN Trunking Protocol)-related information from each switch in the network. The information is gathered using SNMP, and includes the VTP server, VTP domain name, and pruning status.
Comments
0 comments
Please sign in to leave a comment.