Observability

Configure Simple Network Management Protocol (SNMP)

This section describes how to configure Simple Network Management Protocol (SNMP) on HAProxy ALOHA. It supports SNMPv2c and SNMPv3. With SNMP, you can:

  • Enable the collection of metrics from the HAProxy ALOHA server.
  • Enable SNMP traps, which allows your network monitoring software to get notifications about important events.

Enable SNMP metrics Jump to heading

There are two ways to enable SNMP metrics:

  • During the initial setup of the appliance via the configuration wizard.
  • On a running HAProxy ALOHA from the Services tab.

During the initial setup Jump to heading

When first setting up your HAProxy ALOHA appliance, you can configure SNMP through the initial configuration wizard. Running the wizard will erase all previous network settings you have already saved.

  1. On the web user interface, click the Wizard tab. Then click Next to start.

  2. The wizard guides you through configuring several networking options. One of the final screens is labeled Management and lets you enable SNMP monitoring.

  3. In the SNMP section, configure options to allow an SNMP management server to collect metrics from this HAProxy ALOHA appliance. This uses SNMPv2c.

    • Check the Enable SNMP box.

    • Set the IP address and port on which HAProxy ALOHA should accept SNMP requests. You can also set this to an asterisk to listen on all IP addresses assigned to the server.

    • For Network, enter a subnetwork to restrict the IP addresses from which SNMP requests are allowed to originate. Set this to a network prefix and CIDR, such as 192.168.1.0/24.

    • For Community, enter a community string. This serves as a shared password that the SNMP management server must send with its request.

      Configuration wizard step 7

  4. Click Next to go to the next step.

  5. Review the summary of changes, then click Apply to complete the setup.

  6. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

From the Services tab Jump to heading

From the Services tab, you can configure SNMPv2c or SNMPv3.

  1. In the Services tab, click snmpd setup on the snmpd line. The snmpd service’s setup file displays.

  2. Set the following fields, depending on if you want to use SNMPv2c or SNMPv3. Refer to the examples below:

    SNMPv2c example
    text
    service snmpd
    # no autostart
    listen 192.168.68.119
    port 161
    network 192.168.68.0/24
    community public
    SNMPv2c example
    text
    service snmpd
    # no autostart
    listen 192.168.68.119
    port 161
    network 192.168.68.0/24
    community public
    SNMPv3 example
    text
    service snmpd
    # no autostart
    listen 192.168.68.119
    port 161
    use_v3
    user monitor
    password mypassword
    passphrase mypassphrase
    SNMPv3 example
    text
    service snmpd
    # no autostart
    listen 192.168.68.119
    port 161
    use_v3
    user monitor
    password mypassword
    passphrase mypassphrase
    Setting Description
    no autostart Disables the service from automatically starting.
    listen <ip[@iface]> The IP address and optional network interface at which the SNMP service listens. Network monitoring software will collect data from here. Default: 0.0.0.0
    port <integer> The UDP port at which the SNMP service listens. Default: 161
    network <network> SNMPv2c only. Only clients in this network range are authorized to connect. Default: 0.0.0.0/0
    community <text> SNMPv2c only. The community string. This acts as a password that clients must send when connecting. Default: public
    use_v3 SNMPv3 only. Forces the use of SNMPv3 and disables SNMPv2c.
    user <text> SNMPv3 only. The read-only username. Clients will use this username when connecting. Default: monitor
    password <text> SNMPv3 only. The password, using the SHA algorithm. Clients will use this password when connecting. Default: mypassword
    passphrase <text> SNMPv3 only. The passphrase, using the AES algorithm. Clients will use this passphrase when connecting. Default: mypassphrase
  3. Click OK and Close.

  4. Restart the snmpd service.

  5. Optional: On the LB Layer7 tab, add id directives to your frontend and backend sections. The id directive’s value is an integer that indicates that section’s unique identifier, which will appear in the SNMP output, making it easier to tell one frontend or backend from another. Otherwise, an ID will be set for you. The IDs for a frontend and backend do not need to relate in any way.

    haproxy
    frontend www
    id 1
    backend webservers
    id 10
    backend dbservers
    id 20
    haproxy
    frontend www
    id 1
    backend webservers
    id 10
    backend dbservers
    id 20
  6. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

Verify your setup Jump to heading

Follow these steps to verify your setup. On another Linux machine in the network, not on the HAProxy ALOHA server, test your connection to the HAProxy ALOHA SNMP service:

  1. From the ALOHA MIBS download site, download the file HAPROXYTECH-MIB.mib. For versions older than 16.0, use EXCELIANCE-MIB.txt.

    What is a MIB file?

    A MIB is a Management Information Base. It’s a text file that defines the properties of the device you want to query, with the properties organized into a hierarchical tree. Organizations place their device’s property definitions into a MIB file so that users and software can refer to it when forming queries. It allows you to use a human-readable name instead of a numeric identifier (the object ID) of the property. For example, you can query for HAPROXYTECH-MIB:alProductName instead of 1.3.6.1.4.1.58750.4.2.1.1.1, although both would return the same result.

  2. Copy HAPROXYTECH-MIB.mib to /usr/share/aloha on the Linux machine. For example:

    nix
    sudo mkdir -p /usr/share/aloha/
    sudo cp ~/HAPROXYTECH-MIB.mib /usr/share/aloha/
    nix
    sudo mkdir -p /usr/share/aloha/
    sudo cp ~/HAPROXYTECH-MIB.mib /usr/share/aloha/
  3. Install the SNMP management software package. The SNMP management software provides tools for testing that your SNMP setup works by making SNMP queries.

    nix
    sudo apt update
    sudo apt install snmp
    nix
    sudo apt update
    sudo apt install snmp
    nix
    sudo yum install net-snmp-utils net-snmp
    nix
    sudo yum install net-snmp-utils net-snmp
  4. On Debian and Ubuntu, perform these additional steps:

    • Configure the management software to load Management Information Bases (MIBs) by editing the file /etc/snmp/snmp.conf and commenting out the mibs line so that it looks like this:

      snmp.conf
      text
      # mibs :
      snmp.conf
      text
      # mibs :
    • Append the path to the MIB directory, /usr/share/aloha, to the end of the mibdirs line, and uncomment it if it is commented out:

      snmp.conf
      text
      mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/aloha
      snmp.conf
      text
      mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/aloha
    • Add the non-free repository to the existing line in /etc/apt/sources.list, which will allow you to install the snmp-mibs-downloader package:

      sources.list
      text
      deb https://deb.debian.org/debian bullseye main non-free
      sources.list
      text
      deb https://deb.debian.org/debian bullseye main non-free
    • Add the MIB files by installing the snmp-mibs-downloader package:

      nix
      sudo apt update
      sudo apt install snmp-mibs-downloader
      nix
      sudo apt update
      sudo apt install snmp-mibs-downloader
  5. Use snmpwalk to get information about HAProxy ALOHA.

    • If you downloaded HAPROXYTECH-MIB.mib, query for HAPROXYTECH-MIB:aloha. If you downloaded EXCELIANCE-MIB.txt, query for EXCELIANCE-MIB:aloha instead.

      On Debian/Ubuntu:

      nix
      snmpwalk -c public -v2c 192.168.68.119 HAPROXYTECH-MIB:aloha
      nix
      snmpwalk -c public -v2c 192.168.68.119 HAPROXYTECH-MIB:aloha

      On RHEL:

      nix
      snmpwalk -c public -v2c -M /usr/share/snmp/mibs:/usr/share/aloha 192.168.68.119 HAPROXYTECH-MIB:aloha
      nix
      snmpwalk -c public -v2c -M /usr/share/snmp/mibs:/usr/share/aloha 192.168.68.119 HAPROXYTECH-MIB:aloha
      output
      text
      HAPROXYTECH-MIB::alProductName = STRING: "aloha"
      HAPROXYTECH-MIB::alProductModel = STRING: "albva"
      HAPROXYTECH-MIB::alProductVersion = STRING: "16.0"
      HAPROXYTECH-MIB::alProductSubVersion = STRING: "16.0.0rc2"
      HAPROXYTECH-MIB::alProductBuildVersion = STRING: "1605"
      HAPROXYTECH-MIB::alProductBuildDate = STRING: "2024-03-13 10:24:57"
      ...
      output
      text
      HAPROXYTECH-MIB::alProductName = STRING: "aloha"
      HAPROXYTECH-MIB::alProductModel = STRING: "albva"
      HAPROXYTECH-MIB::alProductVersion = STRING: "16.0"
      HAPROXYTECH-MIB::alProductSubVersion = STRING: "16.0.0rc2"
      HAPROXYTECH-MIB::alProductBuildVersion = STRING: "1605"
      HAPROXYTECH-MIB::alProductBuildDate = STRING: "2024-03-13 10:24:57"
      ...
    • If you downloaded HAPROXYTECH-MIB.mib, query for HAPROXYTECH-MIB:aloha. If you downloaded EXCELIANCE-MIB.txt, query for EXCELIANCE-MIB:aloha instead.

      On Debian/Ubuntu:

      nix
      snmpwalk -v3 -u monitor -a SHA -A mypassword -x AES -X mypassphrase -l authPriv 192.168.68.119 HAPROXYTECH-MIB:aloha
      nix
      snmpwalk -v3 -u monitor -a SHA -A mypassword -x AES -X mypassphrase -l authPriv 192.168.68.119 HAPROXYTECH-MIB:aloha

      On RHEL:

      nix
      snmpwalk -v3 -u monitor -a SHA -A mypassword -x AES -X mypassphrase -l authPriv -M /usr/share/snmp/mibs:/usr/share/aloha -m HAPROXYTECH-MIB 192.168.56.50 HAPROXYTECH-MIB:aloha
      nix
      snmpwalk -v3 -u monitor -a SHA -A mypassword -x AES -X mypassphrase -l authPriv -M /usr/share/snmp/mibs:/usr/share/aloha -m HAPROXYTECH-MIB 192.168.56.50 HAPROXYTECH-MIB:aloha
      output
      text
      HAPROXYTECH-MIB::alProductName = STRING: "aloha"
      HAPROXYTECH-MIB::alProductModel = STRING: "albva"
      HAPROXYTECH-MIB::alProductVersion = STRING: "16.0"
      HAPROXYTECH-MIB::alProductSubVersion = STRING: "16.0.0rc2"
      HAPROXYTECH-MIB::alProductBuildVersion = STRING: "1605"
      HAPROXYTECH-MIB::alProductBuildDate = STRING: "2024-03-13 10:24:57"
      ...
      output
      text
      HAPROXYTECH-MIB::alProductName = STRING: "aloha"
      HAPROXYTECH-MIB::alProductModel = STRING: "albva"
      HAPROXYTECH-MIB::alProductVersion = STRING: "16.0"
      HAPROXYTECH-MIB::alProductSubVersion = STRING: "16.0.0rc2"
      HAPROXYTECH-MIB::alProductBuildVersion = STRING: "1605"
      HAPROXYTECH-MIB::alProductBuildDate = STRING: "2024-03-13 10:24:57"
      ...

Enable SNMP traps Jump to heading

An SNMP trap is a notification that HAProxy ALOHA can send to a remote server when important events occur, such as backend servers stopping and starting. A remote server must be configured to receive these notifications.

This feature supports SNMPv2c.

  1. In the Services tab, click notify setup on the notify line. The notify service’s setup file displays.

  2. Set the following fields:

    text
    service notify
    # no autostart
    snmp_server 192.168.68.120
    snmp_community public
    text
    service notify
    # no autostart
    snmp_server 192.168.68.120
    snmp_community public

    where:

    • no autostart is commented out (has a hash sign in front) to disable it and allow the service to start automatically.
    • snmp_server is the IP address of the remote server that will receive the SNMP notifications.
    • snmp_community is the SNMPv2c community string set on the remote server.
  3. Click OK and Close to return to the Services tab.

  4. On the line notify, click restart.

  5. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

Verify your setup Jump to heading

To demonstrate SNMP traps, we will configure a remote server to receive them. On the remote Linux server:

  1. Install snmptrapd, which is software for receiving SNMP traps. By default, it will listen on UDP port 162.

    nix
    sudo apt update
    sudo apt install snmptrapd
    nix
    sudo apt update
    sudo apt install snmptrapd
    nix
    sudo yum install net-snmp net-snmp-utils
    nix
    sudo yum install net-snmp net-snmp-utils
  2. Create a custom script to handle notifications when they arrive. For example, the script below writes the notification messages to a file:

    logtrap.sh
    #!/bin/bash STDIN=$(cat) FILE=/tmp/trap-messages.txt TIMESTAMP=$(date +"%Y-%m-%d %T") echo "Time: $TIMESTAMP" >> $FILE echo $STDIN >> $FILE
    logtrap.sh
    #!/bin/bash STDIN=$(cat) FILE=/tmp/trap-messages.txt TIMESTAMP=$(date +"%Y-%m-%d %T") echo "Time: $TIMESTAMP" >> $FILE echo $STDIN >> $FILE

    Save this as /usr/local/bin/logtrap.sh and make it executable:

    nix
    sudo chmod +x /usr/local/bin/logtrap.sh
    nix
    sudo chmod +x /usr/local/bin/logtrap.sh
  3. Edit /etc/snmp/snmptrapd.conf to use the example script. For example:

    snmptrapd.conf
    text
    authCommunity log,execute,net public
    traphandle default /usr/local/bin/logtrap.sh
    snmptrapd.conf
    text
    authCommunity log,execute,net public
    traphandle default /usr/local/bin/logtrap.sh

    where:

    • authCommunity sets the community string to public.
    • traphandle invokes the example script when a notification arrives.
  4. Enable and start the service:

    nix
    sudo systemctl enable snmptrapd
    sudo systemctl start snmptrapd
    nix
    sudo systemctl enable snmptrapd
    sudo systemctl start snmptrapd

    Check the /tmp/trap-messages.txt log file for new messages.

    trap-messages.txt
    text
    Time: 2024-04-06 01:56:44
    <UNKNOWN> UDP: [192.168.68.119]:42107->[192.168.68.120]:162 iso.3.6.1.2.1.1.3.0 0:15:16:42.50 iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.4.1.23263.3.1002 iso.3.6.1.4.1.23263.2.1 213 iso.3.6.1.4.1.23263.2.2 "213: Backend webfarm is UP" iso.3.6.1.4.1.23263.2.3 "webfarm"
    Time: 2024-04-06 01:56:44
    <UNKNOWN> UDP: [192.168.68.119]:18902->[192.168.68.120]:162 iso.3.6.1.2.1.1.3.0 0:15:16:42.52 iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.4.1.23263.3.1002 iso.3.6.1.4.1.23263.2.1 211 iso.3.6.1.4.1.23263.2.2 "211: Server webfarm/websrv1 is UP" iso.3.6.1.4.1.23263.2.3 "websrv1"
    trap-messages.txt
    text
    Time: 2024-04-06 01:56:44
    <UNKNOWN> UDP: [192.168.68.119]:42107->[192.168.68.120]:162 iso.3.6.1.2.1.1.3.0 0:15:16:42.50 iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.4.1.23263.3.1002 iso.3.6.1.4.1.23263.2.1 213 iso.3.6.1.4.1.23263.2.2 "213: Backend webfarm is UP" iso.3.6.1.4.1.23263.2.3 "webfarm"
    Time: 2024-04-06 01:56:44
    <UNKNOWN> UDP: [192.168.68.119]:18902->[192.168.68.120]:162 iso.3.6.1.2.1.1.3.0 0:15:16:42.52 iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.4.1.23263.3.1002 iso.3.6.1.4.1.23263.2.1 211 iso.3.6.1.4.1.23263.2.2 "211: Server webfarm/websrv1 is UP" iso.3.6.1.4.1.23263.2.3 "websrv1"

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?