ā02-27-2020 08:05 AM - edited ā02-28-2020 09:58 AM
A major MSP is looking to provide management for ISE. Part of that is monitoring the health of the appliance and the ISE services. Would you advise on the following?
Are the processes to set up traps for
app-server, rsyslog, redis-server, ad-connector, mnt-collector, mnt-processor, ca-server est-server, and elasticsearch
These are listed here: www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_011000.html#id_17078
If that is correct, then what states do we trap on? The above link has:
Cisco ISE sends traps for the following statuses to the configured SNMP server:
Process Start (monitored state)
Process Stop (not monitored state)
Execution Failed: When the process state changes from Monitored to Execution failed, a trap is sent.
Does Not Exist: When the process state changes from Monitored to Does not exist, a trap is sent.
The host-resources-mib mentioned does not have states that align to this. www.cisco.com/c/en/us/td/docs/voice_ip_comm/pgw/7/mibs/guide/7MIB_Ch4.html
It has:
hrDeviceStatus OBJECT-TYPE
SYNTAX INTEGER {
unknown(1),
running(2),
warning(3),
testing(4),
down(5)
Is there a mapping, or am I looking in the wrong place?
Kind regards, David
Solved! Go to Solution.
ā02-28-2020 06:28 PM
SNMP Traps to Monitor Cisco ISE > Table 2. Process Monitoring SNMP Traps in Cisco ISE says
HOSTRESOURCES- MIB::hrSWRunName = STRING: "redis-server:Running"
Cisco ISE sends traps using the OID of hrSWRunName that belongs to the HOST-RESOURCES MIB and sets the OID value as < PROCESS NAME > - < PROCESS STATUS >, for example, runtime - running.
Looking in the HOST-RESOURCES-MIB that you referenced, I see hrSWRunName is part of a table
hrSWRunTable :
HrSWRunEntry ::= SEQUENCE {
hrSWRunIndex INTEGER,
hrSWRunName InternationalDisplayString,
hrSWRunID ProductID,
hrSWRunPath InternationalDisplayString,
hrSWRunParameters InternationalDisplayString,
hrSWRunType INTEGER,
hrSWRunStatus INTEGER
}
And later in the MIB it says
hrSWRunStatus OBJECT-TYPE
SYNTAX INTEGER {
running(1),
runnable(2), -- waiting for resource (CPU, memory, IO)
notRunnable(3), -- loaded but waiting for event
invalid(4) -- not loaded
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status of this running piece of software. Setting this value to invalid(4) shall cause this software to stop running and to be unloaded."
which looks accurate to me.
You quoted hrDeviceStatus and not hrSWRunStatus.
ā02-27-2020 11:35 AM
Hi,
Never tried looking in the MIB's, but i would say the answer lies in the documentation:
Cisco ISE sends traps using the OID of hrSWRunName that belongs to the HOST-RESOURCES MIB and sets the OID value as < PROCESS NAME > - < PROCESS STATUS>, for example, runtime - running
Regards,
Cristian Matei.
ā02-28-2020 09:56 AM - edited ā02-28-2020 10:02 AM
The fist reply is appreciated but doesn't answer the question: the traps sent, there appears to be a mismatch regarding the states between the documentation and MIB. Also looking for confirmation on the process names. These are from the doc, so already familiar wth the doc.
ā02-28-2020 06:28 PM
SNMP Traps to Monitor Cisco ISE > Table 2. Process Monitoring SNMP Traps in Cisco ISE says
HOSTRESOURCES- MIB::hrSWRunName = STRING: "redis-server:Running"
Cisco ISE sends traps using the OID of hrSWRunName that belongs to the HOST-RESOURCES MIB and sets the OID value as < PROCESS NAME > - < PROCESS STATUS >, for example, runtime - running.
Looking in the HOST-RESOURCES-MIB that you referenced, I see hrSWRunName is part of a table
hrSWRunTable :
HrSWRunEntry ::= SEQUENCE {
hrSWRunIndex INTEGER,
hrSWRunName InternationalDisplayString,
hrSWRunID ProductID,
hrSWRunPath InternationalDisplayString,
hrSWRunParameters InternationalDisplayString,
hrSWRunType INTEGER,
hrSWRunStatus INTEGER
}
And later in the MIB it says
hrSWRunStatus OBJECT-TYPE
SYNTAX INTEGER {
running(1),
runnable(2), -- waiting for resource (CPU, memory, IO)
notRunnable(3), -- loaded but waiting for event
invalid(4) -- not loaded
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status of this running piece of software. Setting this value to invalid(4) shall cause this software to stop running and to be unloaded."
which looks accurate to me.
You quoted hrDeviceStatus and not hrSWRunStatus.
ā03-05-2020 02:39 PM
Thank you. So do we think that any time the state changes the trap is sent? For any of the processes?
I'm trying to understand what the processes do (so that we can properly prioritize these). The documentation lists app-server, rsyslog, redis-server, ad-connector, mnt-collector, mnt-processor, ca-server, est-server, elasticsearch. I can guess with some (rsyslog, ad-connector, ca-server), not the rest.
The states you mention do not match the states in the documentation. Thoughts on that?
Processes:
.1.3.6.1.2.1.25.4.2.1.2 HOST-RESOURCES-MIB::hrSWRunName |
A textual description of this running piece of software, including the manufacturer, revision, and the name by which it is commonly known. If this software was installed locally, this should be the same string as that used in the corresponding hrSWInstalledName. The services taken into consideration are app-server, rsyslog, redis-server, ad-connector, mnt-collector, mnt-processor, ca-server est-server, and elasticsearch. |
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (63692139) 7 days, 8:55:21.39 SNMPv2-MIB::snmpTrapOID.0 = OID: HOSTRESOURCES- MIB::hrSWRunName HOSTRESOURCES- MIB::hrSWRunName = STRING: "redis-server:Running" |
The states are in the mentioned/attached host-resources-mib):
hrDeviceStatus OBJECT-TYPE
SYNTAX INTEGER {
unknown(1),
running(2),
warning(3),
testing(4),
down(5)
My thoughts are that the mapping is:
Cisco ISE sends traps for the following statuses to the configured SNMP server:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide