sexta-feira, 30 de maio de 2008

Windows Client Network Traffic Monitoring with SNMP and Zabbix

Portuguese Version

1st Step - Enable SNMP support for windows:
Start // Control Panel // Addd or Remove Programs // Add/Remove Widows Components

Management and Monitoring Tools // Details

Select the option Simple Network Management Protocol // Ok

2nd Step - Configure Clients to answer the Server´s requests:

The SNMP agents must be implemented as READING-ONLY (RO) because the SNMP collector only needs to read the data on remote machines. Limiting his permission to access the remote devices increasing security.

Never forget that the SNMP data is crossing the network in clear text and can be easily intercepted using tools like WireShark (former Ethereal).

Start // Run // Type "services.msc"

Right Click in SNMP Service // Properties

Configure Security tab as below:

The public is the name of SNMP community with read only rights and is the Zabbix Server.

3rd Step - Find the network card identifier in the Server:
Run in Zabbix Server the following comand:
[root@monitor ~]# snmpwalk -On -v 2c -c public IP .

The answer will be as show below:
[root@monitor ~]# snmpwalk -On -v 2c -c public .
. = INTEGER: 1
. = INTEGER: 65541
. = STRING: MS TCP Loopback interface
. = STRING: 3Com 3C996B Gigabit Server NIC
. = INTEGER: softwareLoopback(24)
. = INTEGER: ethernetCsmacd(6)
. = INTEGER: 1520

Our concern is 4rd Line:
. = STRING: 3Com 3C996B Gigabit Server NIC

Example for 4 different NICs:
. = STRING: 3Com Gigabit NIC (3C2000)
. = STRING: SMC EZ Card 10/100 PCI (SMC1211TX)
. = STRING: 3Com 3C996B Gigabit Server NIC
. = STRING: Intel(R) PRO Adapter

4rd Step - create a item to be monitored by Zabbix:
At Zabbix
Click in Configuration // Items
Choose your Windows Server // Click in Create Item


You must create one item for each server, because the value will be different for each network interface.

Configure like the following images:

The returned value of the comand snmp is the values that we will use in the two fields:
SNMP OID IF-MIB::ifInOctets.65541
Key ifInput.65541


Now just create a graphic using these items. The image below shows an example of generated grap:

3 comentários:

Rafael Tomelin disse...


Gostaria de saber como posso fazer para que o meu agente do windows e linux fique como ativo e o servidor como passivo, ou seja, ao invés de o servidor se conectar no cliente e buscar as informações o cliente irá se conectar no servidor e mandar as infomações.

Muito bom os seus artigos sobre Zabbix!!

Unknown disse...


-- lulyis

Mahesh disse...

I appreciate your post. It was incredibly insightful and fascinating.
Network Vigilance: Comprehensive Network Monitoring Services