Hi All,  Just exploring how this integration of ISAM SNMP with Slunk is done.
Once the SNMP monitoring is enabled on ISAM - it  is ready to accept the SNMP queries. do we have to configure the 3rd party monitoring tool ( I am planning to use Splunk)  to query the ISAM to fetch the SNMP trap data? It's not the other way round - like Can ISAM send the SNMP trap data directly to the monitoring tool IP(splunk instance IP)? From the below Splunk documentation can you tell me if  splunk can be used for querying ISAM or the expectation is that ISAM should send the data to splunk?- https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/SendSNMPeventstoSplunk

Thanks.

------------------------------
Rajkumar
------------------------------

I guess I got the answer to my question from Jack in ab old post in here:
https://www.ibm.com/mysupport/s/question/0D50z000062ksrbCAA/can-the-native-snmp-monitoring-agent-on-the-isam-9x-appliance-integrate-with-the-enterprise-monitoring-tools?language=en_US

I learn that ISAM can send the SNMP data to any monitoring tool (SNMP Manager) and vice versa.

1) SNMP Agentless Monitoring - you can query the appliance using SNMP manager/monitoring tools
2) SNMP System Alerts - ISAM can send the SNMP trap data to SNMP manager.

I am curious to know which method would be best if I specifically interested in monitoring the memory and CPU utilization of the appliance.

Thanks!

------------------------------
Rajkumar
------------------------------

Original Message:
Sent: Wed May 27, 2020 03:28 PM
From: Rajkumar Godi
Subject: ISAM SNMP and Splunk

Hi All,  Just exploring how this integration of ISAM SNMP with Slunk is done.
Once the SNMP monitoring is enabled on ISAM - it  is ready to accept the SNMP queries. do we have to configure the 3rd party monitoring tool ( I am planning to use Splunk)  to query the ISAM to fetch the SNMP trap data? It's not the other way round - like Can ISAM send the SNMP trap data directly to the monitoring tool IP(splunk instance IP)? From the below Splunk documentation can you tell me if  splunk can be used for querying ISAM or the expectation is that ISAM should send the data to splunk?- https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/SendSNMPeventstoSplunk

Thanks.

------------------------------
Rajkumar
------------------------------

Hi

 

Some are using both methods.

SNMP Monitoring can report more performance metrics that are available in the ISAM LMI Monitoring section. We are extracting with SNMP Monitoring CPU, Load metric, Context Switch, Process Count, Memory, Swap, Appliance uptime, Network metrics, File System usage (boot vs root), etc. …. In fact, you can consider pretty much the Appliance as a Linux server which it is, but striped down. Here the challenge is more to know which SNMP metrics are of interest to you (with their IDs) and ask SNMP Manager folks to extract them.

On the other end, SNMP Trap are useful to send events to your SNMP Manager that in turn will have the proper event -> criticality mapping configured to determine which event should be "promoted" to incident. Be careful, the Appliance can generate lots of events that sometime maybe of significant importance from a security perspective (SIEM) but insignificant from performance perspective. So, flooding of SNMP Traps can happen from ISAM Appliances towards your SNMP Manager more particularly if you do lots of Automation using the ISAM RESTAPI. The good news is that eventually (case & rfe opened) there will be a mean to configure at the source (ISAM Appliance) some events that should be discarded. But I would not encourage anyone of abusing this facility (discard) as eventually you would loose sight completely of critical events that are going on in the Appliance.

Once you integrate ISAM Appliance with SNMP Trap and SNMP Monitoring, and assuming you use some graphical tools (such as Grafana just to name one possibility or other) it will change your life as administrator for ever. It can become one of the little wheels that spins in your Continuous Monitoring DevOps loop (right to left), and keep your team continuously improving your solution capacity, configuration and availability.

 

Cheers

 

------------------------------
Sylvain Gilbert
------------------------------

Original Message:
Sent: Thu May 28, 2020 09:21 AM
From: Rajkumar Godi
Subject: ISAM SNMP and Splunk

I guess I got the answer to my question from Jack in ab old post in here:
https://www.ibm.com/mysupport/s/question/0D50z000062ksrbCAA/can-the-native-snmp-monitoring-agent-on-the-isam-9x-appliance-integrate-with-the-enterprise-monitoring-tools?language=en_US

I learn that ISAM can send the SNMP data to any monitoring tool (SNMP Manager) and vice versa.

1) SNMP Agentless Monitoring - you can query the appliance using SNMP manager/monitoring tools
2) SNMP System Alerts - ISAM can send the SNMP trap data to SNMP manager.

I am curious to know which method would be best if I specifically interested in monitoring the memory and CPU utilization of the appliance.

Thanks!

------------------------------
Rajkumar

Original Message:
Sent: Wed May 27, 2020 03:28 PM
From: Rajkumar Godi
Subject: ISAM SNMP and Splunk

Hi All,  Just exploring how this integration of ISAM SNMP with Slunk is done.
Once the SNMP monitoring is enabled on ISAM - it  is ready to accept the SNMP queries. do we have to configure the 3rd party monitoring tool ( I am planning to use Splunk)  to query the ISAM to fetch the SNMP trap data? It's not the other way round - like Can ISAM send the SNMP trap data directly to the monitoring tool IP(splunk instance IP)? From the below Splunk documentation can you tell me if  splunk can be used for querying ISAM or the expectation is that ISAM should send the data to splunk?- https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/SendSNMPeventstoSplunk

Thanks.

------------------------------
Rajkumar
------------------------------

Thank you Sylvain for this exhaustive write up on SNMP. This is very informative and helpful to my current work. I am not sure why, many have not explored a lot on this feature of ISAM. I am planning to enable SNMP trap in ISAM to send the events to SNMP Manager ( thinking of splunk or Nagios- I am yet decide which one to use). As of now, I assume I cannot configure ISAM to discard certain events before sending to SNMP manager and by default it sends all the events. With that, I can have a very exhaustive dashboard than that I see in LMI and as I send data from all my appliances from all environments to the SNMP manager / monitoring tool, I can have the ability to view dashboards of all my appliances at one place without logging on to individual appliances. This is fun and exciting to know ! As you rightly said, it will indeed change the life as an administrator for ever.

Thanks again for taking time to respond! 


------------------------------
Rajkumar
------------------------------

Original Message:
Sent: Thu May 28, 2020 10:12 AM
From: Sylvain Gilbert
Subject: ISAM SNMP and Splunk

Hi

 

Some are using both methods.

SNMP Monitoring can report more performance metrics that are available in the ISAM LMI Monitoring section. We are extracting with SNMP Monitoring CPU, Load metric, Context Switch, Process Count, Memory, Swap, Appliance uptime, Network metrics, File System usage (boot vs root), etc. …. In fact, you can consider pretty much the Appliance as a Linux server which it is, but striped down. Here the challenge is more to know which SNMP metrics are of interest to you (with their IDs) and ask SNMP Manager folks to extract them.

On the other end, SNMP Trap are useful to send events to your SNMP Manager that in turn will have the proper event -> criticality mapping configured to determine which event should be "promoted" to incident. Be careful, the Appliance can generate lots of events that sometime maybe of significant importance from a security perspective (SIEM) but insignificant from performance perspective. So, flooding of SNMP Traps can happen from ISAM Appliances towards your SNMP Manager more particularly if you do lots of Automation using the ISAM RESTAPI. The good news is that eventually (case & rfe opened) there will be a mean to configure at the source (ISAM Appliance) some events that should be discarded. But I would not encourage anyone of abusing this facility (discard) as eventually you would loose sight completely of critical events that are going on in the Appliance.

Once you integrate ISAM Appliance with SNMP Trap and SNMP Monitoring, and assuming you use some graphical tools (such as Grafana just to name one possibility or other) it will change your life as administrator for ever. It can become one of the little wheels that spins in your Continuous Monitoring DevOps loop (right to left), and keep your team continuously improving your solution capacity, configuration and availability.

 

Cheers

 

------------------------------
Sylvain Gilbert

Original Message:
Sent: Thu May 28, 2020 09:21 AM
From: Rajkumar Godi
Subject: ISAM SNMP and Splunk

I guess I got the answer to my question from Jack in ab old post in here:
https://www.ibm.com/mysupport/s/question/0D50z000062ksrbCAA/can-the-native-snmp-monitoring-agent-on-the-isam-9x-appliance-integrate-with-the-enterprise-monitoring-tools?language=en_US

I learn that ISAM can send the SNMP data to any monitoring tool (SNMP Manager) and vice versa.

1) SNMP Agentless Monitoring - you can query the appliance using SNMP manager/monitoring tools
2) SNMP System Alerts - ISAM can send the SNMP trap data to SNMP manager.

I am curious to know which method would be best if I specifically interested in monitoring the memory and CPU utilization of the appliance.

Thanks!

------------------------------
Rajkumar

Original Message:
Sent: Wed May 27, 2020 03:28 PM
From: Rajkumar Godi
Subject: ISAM SNMP and Splunk

Hi All,  Just exploring how this integration of ISAM SNMP with Slunk is done.
Once the SNMP monitoring is enabled on ISAM - it  is ready to accept the SNMP queries. do we have to configure the 3rd party monitoring tool ( I am planning to use Splunk)  to query the ISAM to fetch the SNMP trap data? It's not the other way round - like Can ISAM send the SNMP trap data directly to the monitoring tool IP(splunk instance IP)? From the below Splunk documentation can you tell me if  splunk can be used for querying ISAM or the expectation is that ISAM should send the data to splunk?- https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/SendSNMPeventstoSplunk

Thanks.

------------------------------
Rajkumar
------------------------------