Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
7 (U) CB Server Monitoring with SNMP
(U) The sponsor maintains an SNMP Monitoring system to monitor the health and status
of servers. The CB Server supports this health and status monitoring via SNMP. Each CB
server runs an appropriately configured snmpd daemon (configuration file is
/etc/snmp/snmpd.conf). An SNMP agent (e.g., the net-snmp package) running on a
remote but properly networked/firewalled host can query the server for relevant health
monitoring information. It is expected that the sponsor will maintain a server with an
snmp agent (a.k.a. the SNMP Monitoring Server) that periodically polls the CB server for
health monitoring information. It is also expected that the sponsor will properly network
the SNMP Monitoring Server to give appropriate SNMP access (port 161) through the
relevant firewall(s). What follows is a list of useful commands that can be issued from the
SNMP Monitoring Server to check on the health of the CB Server.
(U) Note the CB system has two servers, a Master and a Slave (a hot spare) – SNMP
health monitoring can and should be performed on both servers.
7.1 (U) Verbose Dump of All SNMP Health Monitoring Information
(U) A verbose dump of all relevant health monitoring information can be retrieved by
issuing the following command from the SNMP Monitoring Server:
snmpwalk –v 1 IP_address_of_CB_Server –c public .1.3.6.1.4.1.2021
7.2 (U) Available Memory in Kilobytes
(U) The available memory (in kilobytes) of the CB Server can be retrieved by issuing the
following command from the SNMP Monitoring Server:
snmpwalk –v 1 IP_address_of_CB_Server –c public .
1.3.6.1.4.1.2021.4.memAvailReal
(U) The suggested “WARN” and “CRITICAL” levels are:
WARN if < 500000 (i.e., 500 Megabytes)
CRITICAL if < 100000 (i.e., 100 Megabytes)
(U) The rationale for these values is as follows: 500 Megabytes is roughly 1/8
th
of the
available 4 Gigabytes of memory. 100 Megabytes is roughly 1/40
th
of the available
memory. 100 Megabytes is still more than adequate to run diagnostic utilities while still
allowing the system to function normally, both with Cherry Web Users performing
typical functions, and with Flytraps beaconing regularly.
(U) This value is the same “MemFree” value reported in the /proc/meminfo file.
7.3 (U) CPU Usage
(U) The percentage of CPU usage devoted to user mode processes averaged over 1
minute can be retrieved by issuing the following command from the SNMP Monitoring
Server:
SECRET//20350112
13

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh