Question & Answer
Question
How do you find what SNMP MIBS are available in Guardium?
Answer
SQL Guard SNMP Polling
Polling is the process of obtaining SNMP information actively, by querying the SNMP agent that runs on the SQL Guard appliance. You can also receive SNMP information via traps, which are alerts generated by SQL Guard under conditions that you define.
List of standard Guardium SNMP OID
A full list of Guardium SNMP OIDs is available in the SNMP section of the Self Monitoring Help Book.Connect to your Guardium appliance GUI and click on the "?" icon on the top right corner to access the online help books. Select "Self Monitoring" from the main menu and navigate to "Monitoring via SNMP"/"Guardium SNMP OID".
Definitions
Guardiumsnmp | The SNMP community for Guardium SQL Guard appliances |
port 161 | The port used to query SQL Guard appliances via SNMP |
UCD-SNMP-MIB | A widely-used Management Information Base (MIB), which can be used to query for many SQL Guard metrics |
HOST-RESOURCES-MIB | Another MIB that can be used to query SQL Guard |
Polling
In a polling scenario, the user queries the SQL Guard appliance using standard SNMP commands. These can be entered manually from a command line window, or more easily from an SNMP management system. An SNMP management system usually provides many additional capabilities, like alerting on user-defined thresholds.
For standard information about the general health of the machine, SQL Guard provides standard metrics using the two MIBs described above. For information specific to SQL Guard, custom metrics are provided via extensions to UCD-SNMP-MIB.
Standard Metrics
Displaying data relevant to network devices, these metrics measure key performance statistics, such as Memory usage, Disk utilization, and CPU usage.
The following examples illustrate the use of the snmpget and snmpwalk commands to query an appliance using Net-SNMP. To retrieve information on one metric, use the snmpget command supplying the complete numeric object identifier (OID) for that metric:
#snmpget -v 1 -c guardiumsnmp supp8.mydomain.com .1.3.6.1.4.1.2021.9.1.7.1
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 472296
You can obtain same result using used a “human readable” version of the OID:
#snmpget -v 1 -c guardiumsnmp supp8.mydomain.com dskAvail.1
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 472296
To obtain multiple metrics, use snmpwalk instead of snmpget, and remove one or more nodes from the end of the OID. For example, to obtain the same information returned by the above command, but for all of the available disks, remove the 1 at the end of the OID:
# snmpwalk -v 1 -c guardiumsnmp supp8.mydomain.com dskAvail
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 472296
UCD-SNMP-MIB::dskAvail.2 = INTEGER: 60494636
Finally, just querying on dsk will provide all metrics in this subsection of the MIB:
# snmpwalk -v 1 -c guardiumsnmp supp8.mydomain.com dsk
UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1
UCD-SNMP-MIB::dskIndex.2 = INTEGER: 2
UCD-SNMP-MIB::dskPath.1 = STRING: /
UCD-SNMP-MIB::dskPath.2 = STRING: /var
UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/sda5…
Other useful snmpwalk commands include:
snmpwalk -v 1 -c guardiumsnmp supp9.mydomain.com memory
snmpwalk -v 1 -c guardiumsnmp supp9.mydomain.com system
Memory Note
The memAvailReal metric does not provide a true measurement of free memory because of SQL Guard’s caching method. SQL Guard uses cached memory to provide better performance. The cached memory appears to be unavailable (to the operating system), which reduces the memAvailReal value, making it appear that the system is running out of memory. However, this cached memory (memCached) is instantly available to any process that requests it and should be considered ‘Available’.
So a better measurement of available memory is:
memAvailReal + memCached
To express available memory as a percentage, use this formula:
100 * (memAvailReal + memCached) / memTotalReal
Custom Metrics
SQL Guard uses extensions within the UCD-SNMP-MIB to provide custom statistics on the SQL Guard software itself. This refers to actual inspection engine activity, not the health of the operating statistics. For example, open monitored session count refers to the number of open sessions on the databases being monitored by SQL Guard, not the number of users logged in to the appliance.
These statistics are displayed below using snmpwalk on extOutput. If you would like information on one specific metric, add the specific number to an snmpget query (snmpget -v 1 -c guardiumsnmp supp7.mydomain.com extOutput.3
). Definitions of each measurement are included in parentheses.
snmpwalk -v 1 -c guardiumsnmp supp7.mydomain.com extOutput
UCD-SNMP-MIB::extOutput.1 = STRING: 14 (open database session counts)
UCD-SNMP-MIB::extOutput.2 = STRING: 49398 (Requests logged by the current sniffer process, reset to zero for each restart)
UCD-SNMP-MIB::extOutput.3 = STRING: 2006-09-12 09:26:48 (Last session timestamp)
UCD-SNMP-MIB::extOutput.4 = STRING: 2006-09-12 07:58:58 (Last construct timestamp)
UCD-SNMP-MIB::extOutput.5 = STRING: 390856 (Memory used by the sniffer process)
UCD-SNMP-MIB::extOutput.6 = STRING: - (unused)
UCD-SNMP-MIB::extOutput.7 = STRING: 2235879695/0 (Packets in on ETH 1/ out on ETH 2; usually only one number (inbound) when a SPAN port or TAP is used)
UCD-SNMP-MIB::extOutput.8 = STRING: 0/0 (Same as above, for ETH 3 / ETH 4)
UCD-SNMP-MIB::extOutput.9 = STRING: 0/0 (Same as above, for ETH 5 / ETH 6)
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21560585