SNMP contact information does not match across cluster members-radware-alteon-os

error
high-availability
alteon-os
radware
SNMP contact information does not match across cluster members-radware-alteon-os
0

#1

SNMP contact information does not match across cluster members-radware-alteon-os

Vendor: radware

OS: alteon-os

Description:
Indeni will identify when two devices are part of a cluster and alert if the SNMP settings do not match.

Remediation Steps:
Ensure all of the SNMP settings are configured correctly on all cluster members.

How does this work?
Indeni communicates to the Radware Rest API interface to pull all SNMP Configurations.

Why is this important?
If the wrong contact is specified in the SNMP settings, the network monitoring team might contact the wrong person or team when there is an issue.

Without Indeni how would you find this?
A user would access the GUI, select Systems, select the SNMP tree to identify the system contact and other values.

alteon-api-config-SNMP

#! META
name: alteon-api-config-SNMP
description: Determine which loadbalancer features that are enabled
type: monitoring
monitoring_interval: 59 minutes
requires:
    os.name: "alteon-os"
    vendor: "radware"
    or:
        -
            vsx: "true"
        -
            standalone: "true"

#! COMMENTS
snmp-contact:
    why: |
        If the wrong contact is specified in the SNMP settings, the network monitoring team might contact the wrong person or team when there is an issue.
    how: |
        Indeni communicates to the Radware Rest API interface to pull all SNMP Configurations.
    without-indeni: |
        A user would access the GUI, select Systems, select the SNMP tree to identify the system contact and other values.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        Listing SNMP information from WebUI.
snmp-enabled:
    why: |
        Capture whether snmp is enabled on the device.
    how: |
        Indeni communicates to the Radware Rest API interface to pull all SNMP Configurations.
    without-indeni: |
       The administrator would have to manually log in to the device and check if SNMP is enabled.
    can-with-snmp: false
    can-with-syslog: false
snmp-location:
    why: |
        Capture the snmp location information. This field can be used to store real location information for the device.
    how: |
        Indeni communicates to the Radware Rest API interface to pull all SNMP Configurations.
    without-indeni: |
       The administrator would have to manually log in to the device and check the SNMP location.
    can-with-snmp: true
    can-with-syslog: false
snmp-traps-reciever:
    why: |
        SNMP Configurations should be the same across cluster members. indeni retrieves SNMP Configurations to compare between them.
    how: |
        Indeni communicates to the Radware Rest API interface to pull all SNMP Configurations.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        Listing SNMP information is only available from the command line interface and WebUI.
unencrypted-snmp-configured:
    why: |
        If SNMP is not using version 3 only, this means that SNMP communication is not encrypted.
    how: |
        Indeni communicates to the Radware Rest API interface to pull all SNMP Configurations.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        Listing SNMP information is only available from the command line interface and WebUI.

#! REMOTE::HTTP
url: /config?prop=agAccessCurCfgSnmpAccess,agAccessCurCfgSnmpV1V2Access,sysName,sysLocation,sysContact,agAccessNewCfgSnmpTrap1Ipv6Addr,agAccessNewCfgSnmpTrap1,agAccessNewCfgSnmpTrap2Ipv6Addr,agAccessNewCfgSnmpTrap2
protocol: HTTPS

#! PARSER::JSON

_metrics:
    - 
        _tags:
            "im.name":
                _constant: "snmp-contact"
            "display-name":
                _constant: "SNMP Configurations"
            "live-config":
                _constant: "true"
        _value.complex:
            value: 
                _value: sysContact
    -
        _tags:
            "im.name":
                _constant: "snmp-enabled"
            "display-name":
                _constant: "SNMP Configurations"
            "live-config":
                _constant: "true"
        _temp:
            "snmpAccess":
                _value: agAccessCurCfgSnmpAccess
        _transform: 
            _value.complex:
                value: |
                    {
                        if (temp("snmpAccess") < 3) {
                            print "true"
                        } else {
                            print "false"
                        }
                    }
    -
        _tags:
            "im.name":
                _constant: "snmp-location"
            "display-name":
                _constant: "SNMP Configurations"
            "live-config":
                _constant: "true"
        _value.complex:
            value:
                _value: sysLocation
    -
        _tags:
            "im.name":
                _constant: "unencrypted-snmp-configured"
            "display-name":
                _constant: "SNMP Configurations"
            "live-config":
                _constant: "true"
        _temp:
            "snmpUnencrypted":
                _value: agAccessCurCfgSnmpV1V2Access
        _transform: 
            _value.complex:
                value: |
                    {
                        if (temp("snmpUnencrypted") == 1) {
                            print "true"
                        } else {
                            print "false"
                        }
                    }
    -
        _tags:
            "im.name":
                _constant: "snmp-traps-reciever"
            "display-name":
                _constant: "SNMP Configurations"
            "live-config":
                _constant: "true"
        _value.complex:
            "Primary Trap Receiver":
                _value: "agAccessNewCfgSnmpTrap1"
            "Secondary Trap Receiver":
                _value: "agAccessNewCfgSnmpTrap2"

cross_vendor_snmp_contact_comparison

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, SnapshotComparisonTemplateRule}

/**
  *
  */
case class cross_vendor_snmp_contact_comparison(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "cross_vendor_snmp_contact_comparison",
  ruleFriendlyName = "Clustered Devices: SNMP contact information does not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the SNMP settings do not match.",
  metricName = "snmp-contact",
  isArray = false,
  alertDescription = "Devices that are part of a cluster should have the same SNMP configuration. Review the differences below.",
  baseRemediationText = "Ensure all of the SNMP settings are configured correctly on all cluster members.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Ensure all of the SNMP settings are configured correctly on vPC peers.
      |2. Run  the "show snmp" NX-OS command to check the SNMP contact which should be the same across the peer switches.
      |3. Configure the same snmp contacts by using the next "snmp contact" NX-OS command.""".stripMargin
)