Administer SNMP monitoring

Simple Network Management Protocol (SNMP) allows network administrators to query devices for various information. Access Gateway allows SNMP polling to gather information directly from the appliance. Third-party network monitoring tools, such as Solarwinds or Nagios, can use SNMP to monitor certain parameters.

Access Gateway supports: Simple Network Management Protocol (SNMP) v2

The following information can be polled from the appliance:

  • System

    • Description (.1.3.6.1.2.1.1.1.0)

    • OID (.1.3.6.1.2.1.1.2.0)

    • SysUpTime (.1.3.6.1.2.1.1.3.0)

    • Contact (.1.3.6.1.2.1.1.4.0)

    • Name (.1.3.6.1.2.1.1.5.0)

    • Location (.1.3.6.1.2.1.1.6.0)

  • hrSystem uptime (.1.3.6.1.2.1.25.1.1.0)

  • System load

    • 1 min average (.1.3.6.1.4.1.2021.10.1.3.1)

    • 5 min average (.1.3.6.1.4.1.2021.10.1.3.2)

    • 15 min average (.1.3.6.1.4.1.2021.10.1.3.3)

  • System disk

    • Disk path (/) (.1.3.6.1.4.1.2021.9.1.2)

    • Minimum percentage (.1.3.6.1.4.1.2021.9.1.5)

    • Total size (.1.3.6.1.4.1.2021.9.1.6)

    • Total available (.1.3.6.1.4.1.2021.9.1.7)

    • Percent used (.1.3.6.1.4.1.2021.9.1.9)

  • Swap memory

    • Total size (.1.3.6.1.4.1.2021.4.3.0)

    • Available (.1.3.6.1.4.1.2021.4.4.0)

  • Memory

    • Total installed (.1.3.6.1.4.1.2021.4.5.0)

    • Total used (.1.3.6.1.4.1.2021.4.6.0)

    • Total free (.1.3.6.1.4.1.2021.4.11.0)

    • Total shared (.1.3.6.1.4.1.2021.4.13.0)

    • Total buffered (.1.3.6.1.4.1.2021.4.14.0)

    • Total cached (.1.3.6.1.4.1.2021.4.15.0)

  • Network

    • Interface In (.1.3.6.1.2.1.31.1.1.1.6)

    • Interface Out (.1.3.6.1.2.1.31.1.1.1.10)

  • LogMatch

    • Session cache service connection (.1.3.6.1.4.1.2021.16.2.*.1)

    • Session cache service storing/update of session data (.1.3.6.1.4.1.2021.16.2.*.2)

    • Session cache service get/retrieval of session data (.1.3.6.1.4.1.2021.16.2.*.3)

  • Process Watch

    • Session cache service (.1.3.6.1.4.1.2021.2.*.1)
    • Web service (.1.3.6.1.4.1.2021.2.*.2)
    • Web preprocessor service (.1.3.6.1.4.1.2021.2.*.3)
    • Time service (.1.3.6.1.4.1.2021.2.*.4)
    • HA communication service (.1.3.6.1.4.1.2021.2.*.5)
    • Event log service (.1.3.6.1.4.1.2021.2.*.6)
    • Job scheduler service (.1.3.6.1.4.1.2021.2.*.7)
    • Event scheduler service (.1.3.6.1.4.1.2021.2.*.8)
    • Fields:
      • Process index(INTEGER): .1.3.6.1.4.1.2021.2.1.*.1.3
      • Process name(STRING): .1.3.6.1.4.1.2021.2.1.*.2.3
      • Minimum processes(INTEGER): .1.3.6.1.4.1.2021.2.1.*.3.3
      • Maximum processes(INTEGER): .1.3.6.1.4.1.2021.2.1.*.4.3
      • Current process count(INTEGER): .1.3.6.1.4.1.2021.2.1.*.5.3
      • Error state(INTEGER): .1.3.6.1.4.1.2021.2.1.*.100..3 (0-no error)

Standard MIBs

Access Gateway appliances support OIDs located within the subset of the following MIBs:

These MIBs aren't proprietary and are available on most network monitoring systems.

Proprietary MIB

The Access Gateway appliance doesn't contain any proprietary MIBs.

Configuration

The Okta SNMP monitoring package isn't installed by default.

From version 2020.04.04 and later, SNMP is pre-installed.

To enable SNMP monitoring:

  1. Use the SSH to connect to the Access Gateway Management console.

  2. Enter 5 to enter the System submenu.

  3. Enter 2 to enter the Install submenu.

  4. Enter package okta-monitoring-snmp

  5. When prompted, enter y to install the package or N to abort the installation.

SNMP test tools

There are multiple tools for testing SNMP functionality on various operating systems. The following information outlines the popular operating systems.

Microsoft Windows

On Windows operating systems, you can use an open-source tool called net-snmp. Follow these instructions to install net-snmp and test SNMP polling to the Access Gateway appliance:

  1. Download net-snmp and install it onto your machine.

  2. Copy an snmpwalk command from the sample test commands and paste it into a command prompt and execute it.

Linux (Debian-based)

On a Linux-based operation system, you can install an SNMP package to achieve the same results. Follow these instructions for Debian systems:

  1. Install snmpd. For systems with apt-get:

    sudo apt-get install snmpd

  2. Copy an snmpwalk command from the sample test commands and paste it into a terminal and execute it.

Sample test commands and output

Use snmpwalk to test SNMP for each individual appliance.

Access Gateway Community String

SNMP access requires what's typically known as a community string. Use the -c switch to specify a community string. The actual community string value isn't documented and is replaced in this page by AccessGatewayCommunityString.

The SNMP Community string is provided on request by Okta Access Gateway Support.

Poll all available objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1 .1.3.6.1.2.1.1.1.0 = STRING: Access Gateway Security Appliance .1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.8072.3.2.10 .1.3.6.1.2.1.1.3.0 = Timeticks: (23927) 0:03:59.27 .1.3.6.1.2.1.1.4.0 = STRING: Access Gateway Support .1.3.6.1.2.1.1.5.0 = STRING: Access Gateway dev (Dev node0) .1.3.6.1.2.1.1.6.0 = STRING: Client .1.3.6.1.2.1.25.1.1.0 = Timeticks: (49995062) 5 days, 18:52:30.62 .1.3.6.1.2.1.31.1.1.1.6.1 = Counter64: 1892995 .1.3.6.1.2.1.31.1.1.1.6.2 = Counter64: 197893019 .1.3.6.1.2.1.31.1.1.1.6.3 = Counter64: 36135728 .1.3.6.1.2.1.31.1.1.1.10.1 = Counter64: 1892995 .1.3.6.1.2.1.31.1.1.1.10.2 = Counter64: 2156055 .1.3.6.1.2.1.31.1.1.1.10.3 = Counter64: 7473976 .1.3.6.1.4.1.2021.2.1.1.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.1.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.1.3 = INTEGER: 3 .1.3.6.1.4.1.2021.2.1.1.4 = INTEGER: 4 .1.3.6.1.4.1.2021.2.1.1.5 = INTEGER: 5 .1.3.6.1.4.1.2021.2.1.1.6 = INTEGER: 6 .1.3.6.1.4.1.2021.2.1.1.7 = INTEGER: 7 .1.3.6.1.4.1.2021.2.1.1.8 = INTEGER: 8 .1.3.6.1.4.1.2021.2.1.3.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.3.3 = INTEGER: 6 .1.3.6.1.4.1.2021.2.1.3.4 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.5 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.6 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.3.7 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.8 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.2 = INTEGER: 0 .1.3.6.1.4.1.2021.2.1.4.3 = INTEGER: 51 .1.3.6.1.4.1.2021.2.1.4.4 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.5 = INTEGER: 4 .1.3.6.1.4.1.2021.2.1.4.6 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.4.7 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.8 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.5.3 = INTEGER: 6 .1.3.6.1.4.1.2021.2.1.5.4 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.5 = INTEGER: 3 .1.3.6.1.4.1.2021.2.1.5.6 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.5.7 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.8 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.100.1 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.2 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.3 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.4 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.5 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.6 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.7 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.8 = INTEGER: noError(0) .1.3.6.1.4.1.2021.4.3.0 = INTEGER: 2064380 kB .1.3.6.1.4.1.2021.4.4.0 = INTEGER: 2058428 kB .1.3.6.1.4.1.2021.4.5.0 = INTEGER: 1020072 kB .1.3.6.1.4.1.2021.4.6.0 = INTEGER: 81040 kB .1.3.6.1.4.1.2021.4.11.0 = INTEGER: 2139468 kB .1.3.6.1.4.1.2021.4.14.0 = INTEGER: 105504 kB .1.3.6.1.4.1.2021.4.15.0 = INTEGER: 415860 kB .1.3.6.1.4.1.2021.9.1.2.1 = STRING: / .1.3.6.1.4.1.2021.9.1.5.1 = INTEGER: 10 .1.3.6.1.4.1.2021.9.1.6.1 = INTEGER: 38613644 .1.3.6.1.4.1.2021.9.1.7.1 = INTEGER: 35086828 .1.3.6.1.4.1.2021.9.1.9.1 = INTEGER: 4 .1.3.6.1.4.1.2021.10.1.3.1 = STRING: 0.10 .1.3.6.1.4.1.2021.10.1.3.2 = STRING: 0.04 .1.3.6.1.4.1.2021.10.1.3.3 = STRING: 0.05 .1.3.6.1.4.1.2021.16.2.1.1.1 = INTEGER: 1 .1.3.6.1.4.1.2021.16.2.1.1.2 = INTEGER: 2 .1.3.6.1.4.1.2021.16.2.1.1.3 = INTEGER: 3 .1.3.6.1.4.1.2021.16.2.1.2.1 = STRING: sessionDbConnection .1.3.6.1.4.1.2021.16.2.1.2.2 = STRING: sessionDbStoring .1.3.6.1.4.1.2021.16.2.1.2.3 = STRING: sessionDbGet .1.3.6.1.4.1.2021.16.2.1.5.1 = Counter32: 4 .1.3.6.1.4.1.2021.16.2.1.5.2 = Counter32: 7 .1.3.6.1.4.1.2021.16.2.1.5.3 = Counter32: 8 .1.3.6.1.4.1.2021.16.2.1.7.1 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.7.2 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.7.3 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.9.1 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.9.2 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.9.3 = Counter32: 0

Poll system objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.2.1.1.1.0 = STRING: Access Gateway Security Appliance .1.3.6.1.2.1.1.4.0 = STRING: Access Gateway Support (support@okta.com) .1.3.6.1.2.1.1.5.0 = STRING: Access Gateway dev (Dev node0) .1.3.6.1.2.1.1.6.0 = STRING: Client .1.3.6.1.2.1.25.1.1.0 = Timeticks: (50014182) 5 days, 18:55:41.82 .1.3.6.1.2.1.31.1.1.1.6.1 = Counter64: 1922676 .1.3.6.1.2.1.31.1.1.1.6.2 = Counter64: 197893169 .1.3.6.1.2.1.31.1.1.1.6.3 = Counter64: 36160598 .1.3.6.1.2.1.31.1.1.1.10.1 = Counter64: 1922676 .1.3.6.1.2.1.31.1.1.1.10.2 = Counter64: 2156205 .1.3.6.1.2.1.31.1.1.1.10.3 = Counter64: 7508828

Poll disk objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.9 .1.3.6.1.4.1.2021.9.1.2.1 = STRING: / .1.3.6.1.4.1.2021.9.1.5.1 = INTEGER: 10 .1.3.6.1.4.1.2021.9.1.6.1 = INTEGER: 38613644 .1.3.6.1.4.1.2021.9.1.7.1 = INTEGER: 35086828 .1.3.6.1.4.1.2021.9.1.9.1 = INTEGER: 4

Poll network stats

$ snmpwalk -O n -v2c -c AccessGatewayCommunityString localhost:161 .1.3.6.1.2.1.31.1 .1.3.6.1.2.1.31.1.1.1.6.1 = Counter64: 1940730 .1.3.6.1.2.1.31.1.1.1.6.2 = Counter64: 197893469 .1.3.6.1.2.1.31.1.1.1.6.3 = Counter64: 36218112 .1.3.6.1.2.1.31.1.1.1.10.1 = Counter64: 1940730 .1.3.6.1.2.1.31.1.1.1.10.2 = Counter64: 2156505 .1.3.6.1.2.1.31.1.1.1.10.3 = Counter64: 7615666

Poll load objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.10 .1.3.6.1.4.1.2021.10.1.3.1 = STRING: 0.03 .1.3.6.1.4.1.2021.10.1.3.2 = STRING: 0.08 .1.3.6.1.4.1.2021.10.1.3.3 = STRING: 0.07

Poll memory objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.4 .1.3.6.1.4.1.2021.4.3.0 = INTEGER: 2064380 kB .1.3.6.1.4.1.2021.4.4.0 = INTEGER: 2058428 kB .1.3.6.1.4.1.2021.4.5.0 = INTEGER: 1020072 kB .1.3.6.1.4.1.2021.4.6.0 = INTEGER: 80916 kB .1.3.6.1.4.1.2021.4.11.0 = INTEGER: 2139344 kB .1.3.6.1.4.1.2021.4.14.0 = INTEGER: 105608 kB .1.3.6.1.4.1.2021.4.15.0 = INTEGER: 415916 kB

Poll session cache logwatch objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.16.2 .1.3.6.1.4.1.2021.16.2.1.1.1 = INTEGER: 1 .1.3.6.1.4.1.2021.16.2.1.1.2 = INTEGER: 2 .1.3.6.1.4.1.2021.16.2.1.1.3 = INTEGER: 3 .1.3.6.1.4.1.2021.16.2.1.2.1 = STRING: sessionDbConnection .1.3.6.1.4.1.2021.16.2.1.2.2 = STRING: sessionDbStoring .1.3.6.1.4.1.2021.16.2.1.2.3 = STRING: sessionDbGet .1.3.6.1.4.1.2021.16.2.1.5.1 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.5.2 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.5.3 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.7.1 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.7.2 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.7.3 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.9.1 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.9.2 = Counter32: 0 .1.3.6.1.4.1.2021.16.2.1.9.3 = Counter32: 0

Poll process objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 .1.3.6.1.4.1.2021.2 .1.3.6.1.4.1.2021.2.1.1.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.1.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.1.3 = INTEGER: 3 .1.3.6.1.4.1.2021.2.1.1.4 = INTEGER: 4 .1.3.6.1.4.1.2021.2.1.1.5 = INTEGER: 5 .1.3.6.1.4.1.2021.2.1.1.6 = INTEGER: 6 .1.3.6.1.4.1.2021.2.1.1.7 = INTEGER: 7 .1.3.6.1.4.1.2021.2.1.1.8 = INTEGER: 8 .1.3.6.1.4.1.2021.2.1.3.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.3.3 = INTEGER: 6 .1.3.6.1.4.1.2021.2.1.3.4 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.5 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.6 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.3.7 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.3.8 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.2 = INTEGER: 0 .1.3.6.1.4.1.2021.2.1.4.3 = INTEGER: 51 .1.3.6.1.4.1.2021.2.1.4.4 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.5 = INTEGER: 4 .1.3.6.1.4.1.2021.2.1.4.6 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.4.7 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.4.8 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.1 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.5.3 = INTEGER: 6 .1.3.6.1.4.1.2021.2.1.5.4 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.5 = INTEGER: 3 .1.3.6.1.4.1.2021.2.1.5.6 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.5.7 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.5.8 = INTEGER: 1 .1.3.6.1.4.1.2021.2.1.100.1 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.2 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.3 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.4 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.5 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.6 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.7 = INTEGER: noError(0) .1.3.6.1.4.1.2021.2.1.100.8 = INTEGER: noError(0)

Poll watch objects

$ snmpwalk -O n -v2c -c <AccessGatewayCommunityString> localhost:161 1.3.6.1.4.1.2021.2.1 | grep ".2 " .1.3.6.1.4.1.2021.2.1.1.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.2.2 = STRING: nginx .1.3.6.1.4.1.2021.2.1.3.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.4.2 = INTEGER: 0 .1.3.6.1.4.1.2021.2.1.5.2 = INTEGER: 2 .1.3.6.1.4.1.2021.2.1.100.2 = INTEGER: noError(0)

Keep in mind that you must modify the snmpwalk command based on the version of SNMP that you configured. In the example, SNMP v2c was used with a community string of AccessGateway, and the port was left at the default 161.

After verifying that SNMP is functioning properly, you can configure the network management system (NMS) to poll the Access Gateway appliance. Consult your NMS documentation for configuration steps to add a new managed device.