Lastline SNMP Monitoring

This is just a small post on how to enable SNMP on a Lastline Advanced Malware Protection appliance in order to query the basic host and network MIBs from an SNMP monitoring server. Note that this is not the preferred method of monitoring a Lastline device. The Product API (PAPI) should be used instead such as shown in the online docs. However, basic SNMP gives access to the CPU, memory, load average and the network interface statistics incl. the anonymous VPN tunnel interface.

Since all Lastline devices are basically a Ubuntu server, the basic setup for SNMP is quite similar to my tutorial for a generic Linux. The only step missing there is the allow statement for the Uncomplicated Firewall (ufw).

The basic steps are the following. Install the snmpd package and verify that it is running. (Please note that you should NOT use the sudo apt-get upgrade  command since it could break packages that are required for Lastline!)

Note that the snmpd is only listening on the localhost (127.0.0.1) IPv4 address so far. Change the following settings within the conf file in order to listen on any IPv4 address and to be able to read out everything with the configured community string:

Now, the daemon is listening on every local IPv4 address (0.0.0.0).

The Lastline Ubuntu image uses an uncomplicated firewall (ufw) whose policy looks like that:

That is: SNMP is not yet permitted. To allow it, simply add the following rule via:

A basic try with snmpwalk on the machine itself looks like this:

Now use your SNMP monitoring software such as I am using MRTG with Routers2 (old but stable) such as shown here. To my mind, at least the interface statistics for the anonymous VPN tunnels (llanonvpn0 and llanonvpn1) are interesting because you don’t see them in the GUI under Appliance -> Metrics. Here are some sample graphs from my Lastline pinbox in the monthly view:

Cheers.

Featured image: “Dell” by Craig Rodway is licensed under CC BY-NC-ND 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *