If you currently use or have used an SNMP management application, the information in this section may be interesting because SMS 2.0 includes a means of collecting SNMP information. In this section, we will briefly review the concept behind SNMP management and then see how SMS 2.0 can add value to SNMP management.
SNMP is actually part of the TCP/IP protocol suite. Contrary to popular thinking, TCP/IP consists of several protocol components that together provide connection mechanisms among computers and other devices. SNMP is used primarily for monitoring IP-addressable devices such as routers, gateways, hubs, switches, network printers, and mini and mainframe computers as well as Windows NT computers.
Agents running on these devices respond to requests for information or generate information based on events that occur at that device. The information is then forwarded to a configured SNMP management server, which organizes it in a reportable fashion, generating graphical maps of the network infrastructure, notifying administrators of events, and so on. This type of information is known as a trap. For example, when a computer is running low on disk space, or when a switch has experienced a port failure, a trap is generated and forwarded to an SNMP manager for action.
Microsoft does not itself offer an SNMP management application as part of its product line. However, it does provide SNMP services that can be installed on Windows NT computers to generate traps for other SNMP management applications and respond to requests for information from those applications. For example, Windows NT computers can report DHCP lease information or WINS name registrations and resolutions.
NOTE
The SNMP Service must be installed on a Windows NT computer to enable TCP/IP counters in Performance Monitor, even if the computer is not participating in an SNMP community.
So what does all this have to do with SMS 2.0? Plenty, actually. SMS 2.0 provides the Event to Trap Translator, which can translate any configured Windows NT event into an SNMP trap that can then be forwarded to an SNMP management server. Essentially, any Windows NT event recorded by the Windows NT event log can be translated by this utility into an SNMP trap. Because such events can contain large amounts of text, the Event to Trap Translator truncates the string-based trap to 4 KB to avoid using unnecessary bandwidth.
For the Event to Trap Translator to work, the following conditions must be met:
CAUTION
As with any other Windows NT service, after you install the SNMP Service, be sure to reapply the Windows NT Service Pack before restarting your computer, since you added a service from the original Windows NT 4.0 CD. Remember that when you install a new component from the original Windows NT source files, one or more files that were upgraded by the service pack may get overwritten by old files. Also, verify that the SNMP Service is configured to start up automatically. Otherwise, you will have to manually start it each time you restart your system. Refer to the Windows NT 4.0 Administrator's Guide in the Readme file for Windows NT 4.0 for more information about the SNMP Service.
Because the Event to Trap Translator Client Agent (also sometimes referred to as the Event to Trap Translator Agent) is installed on SMS 2.0 clients by default, you need to perform an update configuration or repair installation operation on the client to initiate the client agent. This initiation process is discussed in detail in Chapter 8. For now, here's a brief overview of the procedure to perform on the SMS client:
NOTE
In general, it is incumbent upon you as the SMS administrator to keep the site systems and clients up to date with the most current service packs and fixes appropriate to your particular SMS sites.
REAL WORLD Is the Event to Trap Translator Installed on the Client?If you have not deployed SMS 2.0 Service Pack 1, you may experience a failure in enabling the Event to Trap Translator on some SMS clients. In this case, the Systems Management application in the Control Panel will still show the Event to Trap Translator as uninstalled. The other way to confirm the problem is through the Windows NT registry. In the registry, navigate to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgentsLook for the value SOFTWARE\Microsoft\SNMP_EVENTS\Eventlog, which represents the Event to Trap Translator utility. If this value does not appear, the client agent has not been installed. The first course of action in solving this problem is to perform a repair installation operation as described earlier or to shut down and restart the client to force a client component update.
If this doesn't work, you can enable the agent manually by executing the Stsinstl.exe program to run the SMS NT Event To SNMP Trap Translator Installation Wizard. This program is located in the SMS\Inboxes\Clicomp.src\Snmpelea\platform directory, where platform is either Alpha or i386. Running this simple wizard will ensure that the Event to Trap Translator will be installed on the SMS 2.0 client. If you recheck the registry entry and the Systems Management application in the Control Panel, you will see that the agent has been successfully installed.
To avoid network traffic issues, no Windows NT or SMS events are converted to SNMP traps by default. It is entirely up to the SMS administrator to determine just what events should be configured, and how.
Events are configured on a per-computer basis. More specifically, only computers that have installed the SNMP Service can generate successful SNMP traps. To select these computers and configure trap translation on them through the SMS Administrator Console, follow these steps:
Figure 6-17. The Event To Trap Translator window.
Figure 6-18. The expanded Event To Trap Translator window.
Figure 6-19. The Event Properties window.
This window includes the SNMP mapping for the event object known as the Enterprise OID, the log that the event is written to, the event and trap-specific IDs, and a description of the event. None of these settings can be configured.
Here you can change the default string length limit of 4 KB (4096 bytes) and control how many traps are sent by modifying the Trap Throttle settings. Click OK to close this dialog box.
Figure 6-20. The Settings dialog box.
Unlike SMS 1.2, SMS 2.0 does not provide an SNMP Trap Receiver, which means that you have no way to actually record the trapped event and view it through the SMS 2.0 database. The only way to be certain that the event was generated is to check through the SNMP manager for the trap or to use a traffic analysis tool such as Network Monitor to identify the creation and sending of an SNMP frame from the computer generating the trap to the SNMP manager.
REAL WORLD Configuring Multiple Clients for SNMP Traps RemotelyThe configuration process we've been looking at involves selecting individual clients through the Collections folder and launching the Event to Trap Translator. The Export feature in the Event To Trap Translator window, however, also produces a .CNF file, which can be used to advertise the same event to trap configuration to several clients using SMS advertisements.
To configure multiple clients for SNMP traps, first you need to create the .CNF file. Click the Export button in the Event To Trap Translator window, and save the file as a .CNF file. Next create an SMS package using this file and the Remote Configuration Tool (Eventcmt.exe). This command-line tool can be found in the SMS\Scripts\00000409\Eventcmt folder under the appropriate platform directory; it enables you to automatically configure many clients with the same configuration. The package would be created with the command Eventcmt.exe filename.cnf. Command-line options for Eventcmt.exe include the following:
- /NOMIF Suppresses the creation of a status MIF for SMS
- /NOLOG Suppresses the writing of an Eventcmt log for the client
- /DEFAULT Directs Eventcmt to run only if the configuration file is not designated as Custom
- /SETCUSTOM Changes the current configuration designation to Custom
- /NOSTOPSTART Directs Eventcmt to not stop and restart the SNMP Service on the client when the configuration file is applied.
By default, the Remote Configuration Tool will generate a status MIF for SMS to indicate whether the events were configured successfully as well as write a more detailed log file (Eventcmt.log) in the System Root\MS\SMS\Logs folder on the SMS client.
The configuration files can also be created manually. Like all other script-like files, this process requires learning some additional script commands. If this prospect appeals to you, you can refer to the SMS online help for more information about creating your own configuration files.