IBM Support

How to find what SNMP MIBs are available in Guardium

Question & Answer


Question

How do you find what SNMP MIBS are available in Guardium?

Answer

SQL Guard SNMP Polling

Polling is the process of obtaining SNMP information actively, by querying the SNMP agent that runs on the SQL Guard appliance. You can also receive SNMP information via traps, which are alerts generated by SQL Guard under conditions that you define.

List of standard Guardium SNMP OID

A full list of Guardium SNMP OIDs is available in the SNMP section of the Self Monitoring Help Book.Connect to your Guardium appliance GUI and click on the "?" icon on the top right corner to access the online help books. Select "Self Monitoring" from the main menu and navigate to "Monitoring via SNMP"/"Guardium SNMP OID".

Definitions

GuardiumsnmpThe SNMP community for Guardium SQL Guard appliances
port 161The port used to query SQL Guard appliances via SNMP
UCD-SNMP-MIBA widely-used Management Information Base (MIB), which can be used to query for many SQL Guard metrics
HOST-RESOURCES-MIBAnother MIB that can be used to query SQL Guard

Polling

In a polling scenario, the user queries the SQL Guard appliance using standard SNMP commands. These can be entered manually from a command line window, or more easily from an SNMP management system. An SNMP management system usually provides many additional capabilities, like alerting on user-defined thresholds.

For standard information about the general health of the machine, SQL Guard provides standard metrics using the two MIBs described above. For information specific to SQL Guard, custom metrics are provided via extensions to UCD-SNMP-MIB.

Standard Metrics

Displaying data relevant to network devices, these metrics measure key performance statistics, such as Memory usage, Disk utilization, and CPU usage.

The following examples illustrate the use of the snmpget and snmpwalk commands to query an appliance using Net-SNMP. To retrieve information on one metric, use the snmpget command supplying the complete numeric object identifier (OID) for that metric:


    #snmpget -v 1 -c guardiumsnmp supp8.mydomain.com .1.3.6.1.4.1.2021.9.1.7.1
    UCD-SNMP-MIB::dskAvail.1 = INTEGER: 472296

You can obtain same result using used a “human readable” version of the OID:

    #snmpget -v 1 -c guardiumsnmp supp8.mydomain.com dskAvail.1
    UCD-SNMP-MIB::dskAvail.1 = INTEGER: 472296

To obtain multiple metrics, use snmpwalk instead of snmpget, and remove one or more nodes from the end of the OID. For example, to obtain the same information returned by the above command, but for all of the available disks, remove the 1 at the end of the OID:

    # snmpwalk -v 1 -c guardiumsnmp supp8.mydomain.com dskAvail
    UCD-SNMP-MIB::dskAvail.1 = INTEGER: 472296
    UCD-SNMP-MIB::dskAvail.2 = INTEGER: 60494636

Finally, just querying on dsk will provide all metrics in this subsection of the MIB:

    # snmpwalk -v 1 -c guardiumsnmp supp8.mydomain.com dsk
    UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1
    UCD-SNMP-MIB::dskIndex.2 = INTEGER: 2
    UCD-SNMP-MIB::dskPath.1 = STRING: /
    UCD-SNMP-MIB::dskPath.2 = STRING: /var
    UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/sda5…

Other useful snmpwalk commands include:

    snmpwalk -v 1 -c guardiumsnmp supp9.mydomain.com memory
    snmpwalk -v 1 -c guardiumsnmp supp9.mydomain.com system

Memory Note

The memAvailReal metric does not provide a true measurement of free memory because of SQL Guard’s caching method. SQL Guard uses cached memory to provide better performance. The cached memory appears to be unavailable (to the operating system), which reduces the memAvailReal value, making it appear that the system is running out of memory. However, this cached memory (memCached) is instantly available to any process that requests it and should be considered ‘Available’.

So a better measurement of available memory is:


    memAvailReal + memCached

To express available memory as a percentage, use this formula:
    100 * (memAvailReal + memCached) / memTotalReal

Custom Metrics

SQL Guard uses extensions within the UCD-SNMP-MIB to provide custom statistics on the SQL Guard software itself. This refers to actual inspection engine activity, not the health of the operating statistics. For example, open monitored session count refers to the number of open sessions on the databases being monitored by SQL Guard, not the number of users logged in to the appliance.

These statistics are displayed below using snmpwalk on extOutput. If you would like information on one specific metric, add the specific number to an snmpget query (snmpget -v 1 -c guardiumsnmp supp7.mydomain.com extOutput.3). Definitions of each measurement are included in parentheses.


    snmpwalk -v 1 -c guardiumsnmp supp7.mydomain.com extOutput
    UCD-SNMP-MIB::extOutput.1 = STRING: 14 (open database session counts)
    UCD-SNMP-MIB::extOutput.2 = STRING: 49398 (Requests logged by the current sniffer process, reset to zero for each restart)
    UCD-SNMP-MIB::extOutput.3 = STRING: 2006-09-12 09:26:48 (Last session timestamp)
    UCD-SNMP-MIB::extOutput.4 = STRING: 2006-09-12 07:58:58 (Last construct timestamp)
    UCD-SNMP-MIB::extOutput.5 = STRING: 390856 (Memory used by the sniffer process)
    UCD-SNMP-MIB::extOutput.6 = STRING: - (unused)
    UCD-SNMP-MIB::extOutput.7 = STRING: 2235879695/0 (Packets in on ETH 1/ out on ETH 2; usually only one number (inbound) when a SPAN port or TAP is used)
    UCD-SNMP-MIB::extOutput.8 = STRING: 0/0 (Same as above, for ETH 3 / ETH 4)
    UCD-SNMP-MIB::extOutput.9 = STRING: 0/0 (Same as above, for ETH 5 / ETH 6)

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.0;8.0;8.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21560585

Page Feedback