I need to monitor a system via SNMP and integrate it with zabbix 5.0. I was making some test on my local machine so I installed snmp, snmpd and snmp-mib-downloader on ubuntu 20.04.
I need to monitor all these variables:
variables to monitor via snmp
The problem is that when I try to see some of those variables on my local machine, this happens:
snmpwalk -v 2c -c public 127.0.0.1 DISMAN-EVENT-MIB::mteHotTrigger.0
And I get:
DISMAN-EVENT-MIB::mteHotTrigger.0 = No Such Object available on this agent at this OID
Is there a way to change the value of the values of the trigger? Why is it that I cannot see the value of some of those variables?
The DISMAN-EVENT-MIB defines the MAX-ACCESS for mteHotTrigger as accessible-for-notify.
From the SNMPv2-SMI:
The value "accessible-for-notify" indicates an object which is accessible only via a notification (e.g., snmpTrapOID [5]).
In other words, this particular value cannot be retrieved using any kind of GET request (in fact, if you read the description of that variable, it only makes sense in the context of a notification). You need to set up your local machine to receive SNMP traps (notifications), and configure your managed machine to send traps to it.
Related
I have deployed my model training inside a docker container which is executed as a job on the GCP AI platform. The python script performing the training occasionally triggers a post request to a django app running on my local machine. The post request fails with a HTTPConnectionError.
So, my question is :
how do I trigger a POST request from inside a container running on GCP AI platform?
Your machine is connected to internet, I have no doubt about this.
However, is it directly connected to the internet? Or are you behind a box and connected to local network?
On windows, you can check this with ipconfig, on linux with /sbin/ifconfig. If you have a private IP (most of the time 192.168.x.x), you need to configure your box router to route the inbound connexion to your internal IP (on which your local machine is listening).
In addition, the IP attribution is, most of the time, performed with DHCP (automatic distribution). You also need to configure your box router to reserve a local private IP in your network to your local machine. Else, at the next reboot, you could have a different IP and the previous routing setup will have to be done again.
I am able to integrate ZAP running on another machine(let's say machine-B) with Jenkins installed on one machine (machine-A). While building a project, ZAP starts from another machine(B), but the resources(memory, heap) are utilised from one machine(A), which shouldn't be so.
Could someone suggest how to achieve the same?
By default ZAP will only allow connections from the local machine. You can set which IP addresses can connect to the API using the command line:
-config api.addrs.addr.name=123.456.789.123
If you are using ZAP in a completely isolated environment you can allow all IP addresses to connect to the ZAP API using:
-config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
You will also need to set or disable the API key.
For more details see this FAQ: https://github.com/zaproxy/zaproxy/wiki/FAQremote
I have an Ant script that I use to populate/prepare a database. All I need is to set the host, port and credentials for the database. It works fine for MySQL and DB2, the DB just need to be reachable from were the script is executed.
The DB service in Bluemix gives me a DB with an IP (75.x.x.x) that is only reachable from the internal network of Bluemix, it is not accessible externally.
My understanding is that my ant script needs to be executed from inside the Bluemix network/servers.
How can I do that?
What would be the alternatives?
I'm considering to create a NodeJS script to trigger that ant internally, but I'm not sure if it will work properly.
dashDB always had the ability for local clients (outside of Bluemix) to connect to the cloud database, and SQL Database later added the feature as well. So you should be able to populate a database as long as you have the correct driver client installed on your local machine.
Can you provide more details on how you tested that the IP is not reachable? Is there a firewall put in place between your local machine and Bluemix? Note that ping is not a good test because the port is blocked for security reasons. You may try the JDBC port indicated on the connection page from the console.
See link for instructions on how to make a connection:
https://www.ng.bluemix.net/docs/#services/SQLDB/index.html#connecting-to-sqldb
You might be able to use a simple custom buildpack. You can start with a sample like this one:
https://github.com/dmikusa-pivotal/cf-test-buildpack
fork it and modify the bin/compile script to run your ant task instead. Then put your ant script (and probably executable as I expect it is not installed in the Bluemix environment) in a directory and run
cf push <appname> -b <your forked git url>
To push it to Bluemix and run it. If you're just using it once you can probably get away with hard-coding the address and credentials, or else you can bind to the same service instance and get the info from VCAP_SERVICES.
I have a java process on a linux server, which runs with this option: -Dcom.sun.management.jmxremote
So I cannot just connect to this process via jconsole running on my local pc (because neither port nor -Dcom.sun.management.jmxremote.ssl=false options are set up).
But still, how can I connect to the application and run some operations over some of its MBeans? It this possible? I have a ssh access to the server and would be able to run it "locally" on the server (but not changing the options unfortunately)
According to JMX documentation the -Dcom.sun.management.jmxremote option
Enables the JMX remote agent and local monitoring via JMX connector published on a private
interface used by jconsole. The jconsole tool can use this connector if it is executed by
the same user ID as the user ID that started the agent. No password or access files are
checked for requests coming via this connector.
The naming is a bit unfortunate because it in fact enables the local monitoring only.
Since you can not change the options but can access the server via SSH the only option is to use X server forwarding (ssh -X ...) and run jconsole (or better yet jvisualvm which has specific optimisations for running remotely).
I have one windows service which will use plink.exe for SSH connection and I found that Plink cannot find the running Pageant.
Here is the steps I have done so far.
Install Windows service to run as particular user
Before starting Windows service, I log in as that user and start Pageant with PuTTY generated key.
Then I start the Windows service (but I can't manage to make it work since Plink cannot find Pageant and server reply as No supported authentication methods available.)
Note: If I run Windows service as console application with that user, everything is working fine.
PLink will be run in Service session (Session\0) while pageant runs in user session (Session\1). Plink uses some interprocess communication which, as it looks from your problem, doesn't work across sessions. Most likely there's MMF communication inside and objects are created without prefix, i.e. they become session-only (not global). You would need to build custom version of plink to solve the problem.
Pageant explicitly allows feeding keys to an application (PuTTY, PSFTP, PSCP, WinSCP, FileZilla) running in the same Windows session only. This is obviously for security reasons, not to allow a different user on the same machine hijack private keys loaded by another users. And even for convenience (ironically), so that you do not inadvertently use keys of a different user (leading possibly to having your account locked due to invalid login attempts).
Also note that the Pageant is not intended for an automation anyway. For the automation, use the private key explicitly, using the -i command-line parameter.
See https://the.earth.li/~sgtatham/putty/latest/htmldoc/Chapter3.html#using-cmdline-identity
Such private key have to be unencrypted. Note that this imposes security risk, if someone gains access to the key. You should consider restricting an access to the unprotected private key file to the local account that runs the script only (using Windows file system permissions).
As #Eugene point out, it is Session 0 Isolation.
I managed to solve the issue by not using agent but directly passed the private key and password to plink.exe. By doing that, I'm able to run without using pageant.
To start plink.exe without agent;
plink.exe -noagent -i private_key.ppk -pw mypassword -P 1234 user#host.com