Open NMS
OpenNMS
Let's look at our node list as of today. You may be able
to access OpenNMS directly, at http://10.38.2.42:8980/opennms,
with username user and the password announced in class.
host discovery: uses ping, mostly
admin => configure discovery
service detection
which machines do what? Normally this is figured out by port
scanning: a machine with open TCP port 80 is assumed to be an
http server, for example. For some services, such as DHCP, this is slightly
trickier, but the principle is the same: one sends out a DHCP "probe" packet
and see who answers.
Sometimes port scanning is application-specific, eg, to open port 80 and
send a GET request.
data collection
Here is where snmp access gets configured into openNMS. Nodes can also be
queried using http, eg to a "private" web page at port 8888. The OpenNMS
documentation has examples for the following:
- Davis Vantage Pro weather station, which reports its data in the
form of an http table
- NASDAQ.com stock information
- Amazon.com pricing information
See http://www.opennms.org/wiki/HTTP_Collector#The_OpenNMS_Collector_Architecture_Revisited.
"The node's system object ID (sysObjectID) can be used by the SNMP service
collector to associate collection groups with nodes."
Polling and Monitoring
OpenNMS seems to be moving its polling/monitoring code to a
separate package, opennms-remote-poller.
http://www.opennms.org/wiki/Docu-overview#Polling_.2F_Monitoring:
includes discussion of the use of NetSNMP to monitor CPU, memory, disk, etc,
using (among other things) the Host Resources MIB.
http://www.opennms.org/wiki/Category:Service_Pollers:
Index to different pollers (now empty; why?)
See opennms-services/src/main/java/org/opennms/netmgt/poller/monitors in the
source directory to see how these work. The pollers for
various versions are here:
There is a general service poller framework, with plugins
for various services. The goal of any one plugin is to attempt to connect to
a given host and see if the applicable service appears to be working.
The TcpMonitor.java
(old name) is perhaps the most basic. It is supplied with a destination
host, port and regular expression for matching the "banner": the string that
the server responds with when the connection is established. It connects to
the designated host/port, reads the "banner" line, and attempts a regex
match. If the connection or the match fails, this is reported.
Here is a "manual" http access, initiated with telnet
server 80:
GET
/index.html HTTP/1.1
HOST: lukasiewicz.cs.luc.edu ;;
note that this WILL go to the host named!
GET /ebook/index.html HTTP/1.1
HOST: ulam2.cs.luc.edu
GET /ebook/index.html HTTP/4.0
HOST: ulam2.cs.luc.edu
Now look at HttpMonitor.java
(again, old name)
In the current version 1.12.8, see line 563
sb.append("GET
").append(determineUrl(m_parameters)).append(" HTTP/1.1\r\n");
Version 1.3.2:
int response = ParameterMap.getKeyedInteger(parameters,
"response", -1);
// line 141 in v1.3.2.
String responseText =
ParameterMap.getKeyedString(parameters, "response text", null);
Look at how poller-monitor goes through the response
Look at: if (line.startsWith("HTTP/")) {
// line 215 in v1.3.2
parse out the response numeric code
responsetext:
int responseIndex =
line.indexOf(responseText); // line 257
if (responseIndex != -1)
bResponseTextFound
= true;
The newer approach to HTTP monitoring is described at wiki.opennms.org/wiki/HTTP_Collector#The_OpenNMS_Collector_Architecture_Revisited.
DnsMonitor.java
lookup: line 141
build packet: line 158
line 186: request.verifyResponse(incoming.getData(),
incoming.getLength())
no actual verification that DNS value is correct, but we don't NEED that!
We do presumably verify that dns response is for the requested machine.
From the source for DNSAddressRequest.java:
This method only goes so far as to decode the flags in the
response byte array to verify that a DNS server sent the response.
Verifies request ID (sequence # of request)
SmtpMonitor.java
When we connect, other end should send:
220 ulam2.cs.luc.edu ESMTP Postfix
Here is a manual session:
telnet
ulam2 25
220 ulam2.cs.luc.edu ESMTP Postfix
ehlo valhal
250-ulam2.cs.luc.edu
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250 8BITMIME
mail from: pld@valhal
250 Ok
rcpt to:pld@cs.luc.edu
554 <pld@cs.luc.edu>: Relay access denied
rcpt to:peter@cobhill.com
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
here is my message
.
250 Ok: queued as 6FE9B17B6C
quit
Version 1.12.8:
183: String cmd = "HELO "
+ LOCALHOST_NAME + "\r\n";
184:
socket.getOutputStream().write(cmd.getBytes());
197: if
(MULTILINE.matcher(response).find()) {
224: rc =
Integer.parseInt(t.nextToken());
if (rc == 250) {
response = sendMessage(socket, rdr, "QUIT\r\n");
t = new StringTokenizer(response);
rc = Integer.parseInt(t.nextToken());
if (rc == 221) {
serviceStatus = PollStatus.available(responseTime);
}
}
} else if (rc == 554) {
String response = sendMessage(socket, rdr, "QUIT\r\n");
serviceStatus = PollStatus.unavailable("Server rejecting transactions with
554");
Version 1.3.2:
214: read banner
218-240 multiline banner handler
247: check for the 220
251: respond HELO myname
response should be
250 ulam2.cs.luc.edu
Note that EHLO myname would produce somehting like:
250-ulam2.cs.luc.edu
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250 8BITMIME
289: check for 250
290 send QUIT
SshMonitor.java
144: String strBannerMatch = (String)
parameters.get("banner");
185: read a line
195: check for match with banner line
199-200 send our response line
205: see if we get any further response, but don't parse
it
SmbMonitor.java:
SMB is the basis for Microsoft file-sharing, and SNMP information about it
is available under the lanmanager private SNMP group 1.3.6.1.4.1.77.
OpenNMS version 1.3.2: doesn't do anything!!
OpenNMS version 1.12.8: doesn't actually send a packet or open a connection!
We are a long way from testing this by verifying that a
file copied to and then back from an SMB fileshare is unchanged.
OpenNMS does not have any support for expect/send methods;
eg
expect '*220*'
send 'EHLO ...'
expect '250 *'/
send 'QUIT
Everything is done "by hand".