| Current File : //usr/share/doc/proftpd-1.3.5e/contrib/mod_snmp.html |
<!-- $Id: mod_snmp.html,v 1.1 2013-05-15 15:21:44 castaglia Exp $ -->
<!-- $Source: /home/proftpd-core/backup/proftp-cvsroot/proftpd/doc/contrib/mod_snmp.html,v $ -->
<html>
<head>
<title>ProFTPD module mod_snmp</title>
</head>
<body bgcolor=white>
<hr>
<center>
<h2><b>ProFTPD module <code>mod_snmp</code></b></h2>
</center>
<hr><br>
<p>
The <code>mod_snmp</code> module implements SNMPv1 and SNMPv2, for monitoring
of <code>proftpd</code> statistics via SNMP.
<p>
The <code>mod_snmp</code> module does <b>not</b> currently support:
<ul>
<li>SNMPv3
<li>AgentX
<li>SNMP <code>Set</code> requests
</ul>
<p>
The <code>mod_snmp</code> module is contained in the <code>mod_snmp/</code>
directory, is intended for ProFTPD 1.3.4rc3 and later, and is not compiled by
default. Installation instructions are discussed
<a href="#Installation">here</a>.
<p>
The most current version of <code>mod_snmp</code> can be found at:
<pre>
<a href="https://github.com/Castaglia/proftpd-mod_snmp">https://github.com/Castaglia/proftpd-mod_snmp</a>
</pre>
<h2>Author</h2>
<p>
Please contact TJ Saunders <tj <i>at</i> castaglia.org> with any
questions, concerns, or suggestions regarding this module.
<h2>Thanks</h2>
<p>
<i>2013-01-09</i>: Thanks to <cliles <i>at</i> capario.com> for testing
out most of the <code>mod_snmp</code> features, requesting additional useful
functionality, and providing OpenNMS support/examples.
<h2>Directives</h2>
<ul>
<li><a href="#SNMPAgent">SNMPAgent</a>
<li><a href="#SNMPCommunity">SNMPCommunity</a>
<li><a href="#SNMPEngine">SNMPEngine</a>
<li><a href="#SNMPLog">SNMPLog</a>
<li><a href="#SNMPMaxVariables">SNMPMaxVariables</a>
<li><a href="#SNMPNotify">SNMPNotify</a>
<li><a href="#SNMPOptions">SNMPOptions</a>
<li><a href="#SNMPTables">SNMPTables</a>
</ul>
<p>
<hr>
<h2><a name="SNMPAgent">SNMPAgent</a></h2>
<strong>Syntax:</strong> SNMPAgent master|agentx <em>address[:port]</em><br>
<strong>Default:</strong> <em>None</em><br>
<strong>Context:</strong> "server config"<br>
<strong>Module:</strong> mod_snmp<br>
<strong>Compatibility:</strong> 1.3.4rc3 and later
<p>
The <code>SNMPAgent</code> directive configures the <code>mod_snmp</code>
module to act as a "master" SNMP agent/entity, or as an AgentX sub-agent.
(<b>Note</b> that the AgentX capability is not currently implemented.)
<p>
The <em>address</em> parameter can be an IP address or a DNS name; this
parameter configures the address/port on which <code>mod_snmp</code> will listen
for UDP SNMP packets. By default, a port of 161 is assumed, use
<em>address:port</em> to specify an alternate port, <i>e.g.</i>:
<pre>
SNMPAgent master localhost:1161
</pre>
<p>
Note that the <code>SNMPAgent</code> directive is <b>required</b>.
<p>
<hr>
<h2><a name="SNMPCommunity">SNMPCommunity</a></h2>
<strong>Syntax:</strong> SNMPCommunity <em>community</em><br>
<strong>Default:</strong> <em>None</em><br>
<strong>Context:</strong> "server config"<br>
<strong>Module:</strong> mod_snmp<br>
<strong>Compatibility:</strong> 1.3.4rc3 and later
<p>
The <code>SNMPCommunity</code> directive configures the <em>community</em>
string (effectively a passphrase) used for authenticating SNMPv1 and SNMPv2
messages.
<p>
Note that the <code>SNMPCommunity</code> directive is <b>required</b>.
<p>
<hr>
<h2><a name="SNMPEngine">SNMPEngine</a></h2>
<strong>Syntax:</strong> SNMPEngine <em>on|off</em><br>
<strong>Default:</strong> <em>off</em><br>
<strong>Context:</strong> "server config"<br>
<strong>Module:</strong> mod_snmp<br>
<strong>Compatibility:</strong> 1.3.4rc3 and later
<p>
The <code>SNMPEngine</code> directive controls whether the <code>mod_snmp</code>
will run as an SNMP agent, and handle SNMP messages.
<p>
<hr>
<h2><a name="SNMPLog">SNMPLog</a></h2>
<strong>Syntax:</strong> SNMPLog <em>file|"none"</em><br>
<strong>Default:</strong> <em>None</em><br>
<strong>Context:</strong> "server config"<br>
<strong>Module:</strong> mod_snmp<br>
<strong>Compatibility:</strong> 1.3.4rc3 and later
<p>
The <code>SNMPLog</code> directive is used to specify a log file for
<code>mod_snmp</code>'s reporting. The <em>file</em> parameter given must be
the full path to the file to use for logging.
<p>
Note that this path must <b>not</b> be to a world-writable directory and,
unless <code>AllowLogSymlinks</code> is explicitly set to <em>on</em>
(generally a bad idea), the path must <b>not</b> be a symbolic link.
<p>
<hr>
<h2><a name="SNMPNotify">SNMPNotify</a></h2>
<strong>Syntax:</strong> SNMPNotify <em>address[:port]</em><br>
<strong>Default:</strong> <em>None</em><br>
<strong>Context:</strong> "server config", <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_snmp<br>
<strong>Compatibility:</strong> 1.3.4rc3 and later
<p>
The <code>SNMPNotify</code> directive is used to specify the <em>address</em>
of any SNMP manager that should receive <b>any</b> notification (<i>i.e.</i>
SNMPv2 trap) that <code>mod_snmp</code> can generated. Read <a href="#Notifications">here</a> for more details on the types of notifications that
<code>mod_snmp</code> supports.
<p>
The <em>address</em> parameter can be an IP address or DNS name. By default,
a port number of 162 is assumed. To specify the port number, use:
<pre>
SNMPNotify <em>address</em>:<em>port</em>
</pre>
<p>
Multiple <code>SNMPNotify</code> directives can be configured;
<code>mod_snmp</code> will send notifications to <i>all</i> of them.
<p>
<hr>
<h2><a name="SNMPOptions">SNMPOptions</a></h2>
<strong>Syntax:</strong> SNMPOptions <em>opt1 ...</em><br>
<strong>Default:</strong> <em>None</em><br>
<strong>Context:</strong> "server config"<br>
<strong>Module:</strong> mod_snmp<br>
<strong>Compatibility:</strong> 1.3.4rc3 and later
<p>
The <code>SNMPOptions</code> directive is used to configure various optional
behaviors of <code>mod_snmp</code>.
<p>
Example:
<pre>
SNMPOptions RestartClearsCounters
</pre>
<p>
The currently implemented options are:
<ul>
<li><code>RestartClearsCounters</code><br>
<p>
This option will cause <code>mod_snmp</code> to clear/reset every
counter (<i>except</i> for the <code>daemon.restartCount</code> counter)
whenever <code>proftpd</code> is restarted via the SIGHUP signal.
</ul>
<p>
<hr>
<h2><a name="SNMPTables">SNMPTables</a></h2>
<strong>Syntax:</strong> SNMPTables <em>path</em><br>
<strong>Default:</strong> <em>None</em><br>
<strong>Context:</strong> "server config"<br>
<strong>Module:</strong> mod_snmp<br>
<strong>Compatibility:</strong> 1.3.4rc3 and later
<p>
The <code>SNMPTables</code> directive is used to specify a directory that
<code>mod_snmp</code> will use for storing its database files; these files
are used for tracking the various statistics reported via SNMP.
<p>
<hr>
<h2><a name="Installation">Installation</a></h2>
To install <code>mod_snmp</code>, go to the third-party module area in
the proftpd source code and unpack the <code>mod_snmp</code> source tarball:
<pre>
cd <i>proftpd-dir</i>/contrib/
tar zxvf /path/to/mod_snmp-<i>version</i>.tar.gz
</pre>
after unpacking the latest proftpd-1.3.4 (or later) source code. For including
<code>mod_snmp</code> as a staticly linked module:
<pre>
./configure --with-modules=mod_snmp ...
</pre>
Alternatively, <code>mod_snmp</code> can be built as a DSO module:
<pre>
./configure --enable-dso --with-shared=mod_snmp ...
</pre>
Then follow the usual steps:
<pre>
make
make install
</pre>
<p>
<hr>
<h2><a name="Usage">Usage</a></h2>
<p>
<p>
<b>Important Security Considerations</b><br>
Do <b>not</b> configure <code>mod_snmp</code> to listen on a public Internet
address. The information provided via <code>mod_snmp</code> can be used
by attackers to gain more information about your running <code>proftpd</code>,
including being able to determine whether their logins fail due to a wrong
password (in which case, they know that that user name is valid) or not. It
is <b>highly recommended</b> that you configure <code>mod_snmp</code> to only
listen on internal/LAN addresses. Furthermore, you should employ a firewall
rule that <b>rejects</b> any UDP packets from the public Internet to your
<code>proftpd</code> instance.
<p>
<b>SNMP Listening Process</b><br>
When <code>proftpd</code> starts up with <code>mod_snmp</code> enabled, the
<code>mod_snmp</code> module will fork a new process that acts as the SNMP
agent, receiving and responding to all SNMP requests. This SNMP listening
process automatically switches to the privileges configured by the
<code>User</code> and <code>Group</code> directives, and will also automatically
<b>chroot</b> itself to a subdirectory of the <code>SNMPTables</code> directory,
after which all root privileges are permanently dropped.
<p>
<b>Example Configuration</b><br>
The <code>mod_snmp</code> module uses a UDP socket for listening for SNMP
requests. Thus it does not require any separate
<code><VirtualHost></code> sections, and does not interfere with the
normal FTP operations.
<p>
Here is an example configuration for <code>mod_snmp</code>:
<pre>
<IfModule mod_snmp.c>
SNMPEngine on
SNMPLog /etc/proftpd/snmp/snmp.log
# Configure the agent to listen on 1.2.3.4, port 161
SNMPAgent master 1.2.3.4 161
# Configure the SNMP community string
SNMPCommunity MySnmpCommunity
# Configure the directory that mod_snmp will use for its database files
SNMPTables /var/proftpd/snmp
</IfModule>
</pre>
<p>
<b>Access Controls for SNMP Messages</b><br>
Since the SNMPv1/SNMPv2 does not have authentication of "users" as such,
the normal user/group-based ACLs that can be configured in <code>proftpd</code>
have no effect on SNMP messages.
<p>
In order to provide IP-based access control, then, the <code>mod_snmp</code>
module supports a <code><Limit SNMP></code> section, like the following:
<p>
Example:
<pre>
<Limit SNMP>
# Allow SNMP packets from 10.x.x.x and 127.0.0.1 addresses
Allow from 10., 127.0.0.1
DenyAll
</Limit>
</pre>
It is easy to spoof the source address for UDP packets, however. So it is
far better (and more secure) to use a firewall to restrict which UDP packets
can reach the <code>mod_snmp</code> address/port.
<p>
<b>Logging</b><br>
The <code>mod_snmp</code> module supports different forms of logging. The
main module logging is done via the <code>SNMPLog</code> directive. For
debugging purposes, the module also uses <a href="http://www.proftpd.org/docs/howto/Tracing.html">trace logging</a>, via the module-specific "snmp" and
"snmp.db" log channels. Thus for trace logging, to aid in debugging, you
would use the following in your <code>proftpd.conf</code>:
<pre>
TraceLog /path/to/snmp-trace.log
Trace snmp:20
</pre>
This trace logging can generate large files; it is intended for debugging
use only, and should be removed from any production configuration.
<p>
<b><code>mod_snmp</code> OIDs</b><br>
<b>Note</b> that all <code>mod_snmp</code> OIDs begin with
1.3.6.1.4.1.17852.2.2. The <code>ProFTPD</code> column in the table below
contains the ProFTPD versions where the OID is present.
<p>
<table border=1>
<tr>
<td> <b>OID<b> </td>
<td> <b>Name<b> </td>
<td> <b>Type<b> </td>
<td> <b><code>ProFTPD</code><b> </td>
<td> <b>Description<b> </td>
</tr>
<!-- daemon arc -->
<tr>
<td> *.1.1.0 </td>
<td> daemon.software </td>
<td> STRING </td>
<td> 1.3.4rc3+ </td>
<td> Always "proftpd" </td>
</tr>
<tr>
<td> *.1.2.0 </td>
<td> daemon.version </td>
<td> STRING </td>
<td> 1.3.4rc3+ </td>
<td> Version of <code>proftpd</code> </td>
</tr>
<tr>
<td> *.1.3.0 </td>
<td> daemon.admin </td>
<td> STRING </td>
<td> 1.3.4rc3+ </td>
<td> Administrative contact, <i>i.e.</i> the <code>ServerAdmin</code> </td>
</tr>
<tr>
<td> *.1.4.0 </td>
<td> daemon.uptime </td>
<td> TimeTicks </td>
<td> 1.3.4rc3+ </td>
<td> Uptime of the <code>proftpd</code> daemon </td>
</tr>
<tr>
<td> *.1.5.0 </td>
<td> daemon.vhostCount </td>
<td> INTEGER </td>
<td> 1.3.4rc3+ </td>
<td> Number of vhosts (including "server config") configured </td>
</tr>
<tr>
<td> *.1.6.0 </td>
<td> daemon.connectionCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of current connections </td>
</tr>
<tr>
<td> *.1.7.0 </td>
<td> daemon.connectionTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of connections since daemon started </td>
</tr>
<tr>
<td> *.1.8.0 </td>
<td> daemon.connectionRefusedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of connections <b>refused</b> </td>
</tr>
<tr>
<td> *.1.9.0 </td>
<td> daemon.restartCount </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of times daemon has been restarted </td>
</tr>
<tr>
<td> *.1.10.0 </td>
<td> daemon.segfaultCount </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of <code>SIGSEGV</code> occurrences </td>
</tr>
<tr>
<td> *.1.11.0 </td>
<td> daemon.maxInstancesLimitCount </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of times <code>MaxInstances</code> reached </td>
</tr>
<!-- timeouts arc -->
<tr>
<td> *.2.1.0 </td>
<td> timeouts.idleTimeoutTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of times <code>TimeoutIdle</code> was reached </td>
</tr>
<tr>
<td> *.2.2.0 </td>
<td> timeouts.loginTimeoutTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of times <code>TimeoutLogin</code> was reached </td>
</tr>
<tr>
<td> *.2.3.0 </td>
<td> timeouts.noTransferTimeoutTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of times <code>TimeoutNoTransfer</code> was reached </td>
</tr>
<tr>
<td> *.2.4.0 </td>
<td> timeouts.stalledTimeoutTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of times <code>TimeoutStalled</code> was reached </td>
</tr>
<!-- ftp.sessions arc -->
<tr>
<td> *.3.1.1.0 </td>
<td> ftp.sessions.sessionCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of current FTP sessions </td>
</tr>
<tr>
<td> *.3.1.2.0 </td>
<td> ftp.sessions.sessionTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of FTP sessions handled </td>
</tr>
<tr>
<td> *.3.1.3.0 </td>
<td> ftp.sessions.commandInvalidTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of invalid FTP commands received </td>
</tr>
<!-- ftp.logins arc -->
<tr>
<td> *.3.2.1.0 </td>
<td> ftp.logins.loginTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of successful FTP logins </td>
</tr>
<tr>
<td> *.3.2.2.0 </td>
<td> ftp.logins.loginFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of <b>failed</b> FTP logins </td>
</tr>
<tr>
<td> *.3.2.3.0 </td>
<td> ftp.logins.loginBadUserTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed FTP logins due to bad/wrong user name </td>
</tr>
<tr>
<td> *.3.2.4.0 </td>
<td> ftp.logins.loginBadPasswordTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed FTP logins due to bad password </td>
</tr>
<tr>
<td> *.3.2.5.0 </td>
<td> ftp.logins.loginGeneralErrorTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed FTP logins due to config/other issues </td>
</tr>
<tr>
<td> *.3.2.6.0 </td>
<td> ftp.logins.anonLoginCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of current anonymous FTP logins </td>
</tr>
<tr>
<td> *.3.2.7.0 </td>
<td> ftp.logins.anonLoginTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of anonymous FTP logins </td>
</tr>
<!-- ftp.dataTransfers arc -->
<tr>
<td> *.3.3.1.0 </td>
<td> ftp.dataTransfers.dirListCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of directories currently being listed via FTP </td>
</tr>
<tr>
<td> *.3.3.2.0 </td>
<td> ftp.dataTransfers.dirListTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of directories listed via FTP </td>
</tr>
<tr>
<td> *.3.3.3.0 </td>
<td> ftp.dataTransfers.dirListFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of directory list failures via FTP </td>
</tr>
<tr>
<td> *.3.3.4.0 </td>
<td> ftp.dataTransfers.fileUploadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being uploaded via FTP </td>
</tr>
<tr>
<td> *.3.3.5.0 </td>
<td> ftp.dataTransfers.fileUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files uploaded via FTP </td>
</tr>
<tr>
<td> *.3.3.6.0 </td>
<td> ftp.dataTransfers.fileUploadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file upload failures via FTP </td>
</tr>
<tr>
<td> *.3.3.7.0 </td>
<td> ftp.dataTransfers.fileDownloadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being downloaded via FTP </td>
</tr>
<tr>
<td> *.3.3.8.0 </td>
<td> ftp.dataTransfers.fileDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files downloaded via FTP </td>
</tr>
<tr>
<td> *.3.3.9.0 </td>
<td> ftp.dataTransfers.fileDownloadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file download failures via FTP </td>
</tr>
<tr>
<td> *.3.3.10.0 </td>
<td> ftp.dataTransfers.kbUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB uploaded via FTP </td>
</tr>
<tr>
<td> *.3.3.11.0 </td>
<td> ftp.dataTransfers.kbDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB downloaded via FTP </td>
</tr>
<!-- snmp arc -->
<tr>
<td> *.4.1.0 </td>
<td> snmp.packetsReceivedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of SNMP packets received </td>
</tr>
<tr>
<td> *.4.2.0 </td>
<td> snmp.packetsSentTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of SNMP packets sent </td>
</tr>
<tr>
<td> *.4.3.0 </td>
<td> snmp.trapsSentTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of SNMP traps/notifications sent </td>
</tr>
<tr>
<td> *.4.4.0 </td>
<td> snmp.packetsAuthFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of SNMP packets failing authentication check </td>
</tr>
<tr>
<td> *.4.5.0 </td>
<td> snmp.packetsDroppedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of SNMP packets dropped </td>
</tr>
<!-- ftps.tlsSessions arc -->
<tr>
<td> *.5.1.1.0 </td>
<td> ftps.tlsSessions.sessionCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of current FTPS sessions </td>
</tr>
<tr>
<td> *.5.1.2.0 </td>
<td> ftps.tlsSessions.sessionTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of FTPS sessions handled </td>
</tr>
<tr>
<td> *.5.1.3.0 </td>
<td> ftps.tlsSessions.ctrlHandshakeFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc1+ </td>
<td> Total number of failed control connection SSL/TLS handshakes </td>
</tr>
<tr>
<td> *.5.1.4.0 </td>
<td> ftps.tlsSessions.dataHandshakeFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc1+ </td>
<td> Total number of failed data connection SSL/TLS handshakes </td>
</tr>
<tr>
<td> *.5.1.5.0 </td>
<td> ftps.tlsSessions.clearCommandChannelTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of successful CCC (Clear Command Channel) FTP commands </td>
</tr>
<tr>
<td> *.5.1.6.0 </td>
<td> ftps.tlsSessions.clearCommandChannelFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed CCC (Clear Command Channel) FTP commands </td>
</tr>
<tr>
<td> *.5.1.7.0 </td>
<td> ftps.tlsSessions.verifyClientTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of successful client cert verifications </td>
</tr>
<tr>
<td> *.5.1.8.0 </td>
<td> ftps.tlsSessions.verifyClientFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed client cert verifications </td>
</tr>
<!-- ftps.tlsLogins -->
<tr>
<td> *.5.2.1.0 </td>
<td> ftps.tlsLogins.loginTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of successful FTPS logins </td>
</tr>
<tr>
<td> *.5.2.2.0 </td>
<td> ftps.tlsLogins.loginFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of <b>failed</b> FTPS logins </td>
</tr>
<tr>
<td> *.5.2.3.0 </td>
<td> ftps.tlsLogins.loginBadUserTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed FTPS logins due to bad/wrong user name </td>
</tr>
<tr>
<td> *.5.2.4.0 </td>
<td> ftps.tlsLogins.loginBadPasswordTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed FTPS logins due to bad password </td>
</tr>
<tr>
<td> *.5.2.5.0 </td>
<td> ftps.tlsLogins.loginGeneralErrorTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of failed FTPS logins due to config/other issues </td>
</tr>
<tr>
<td> *.5.2.6.0 </td>
<td> ftps.tlsLogins.loginCertTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of FTPS logins succeeding due to the client cert (<i>e.g.</i> AllowDotLogin <code>TLSOption</code>, <code>TLSUserName</code>, <i>etc</i>) </td>
</tr>
<!-- ftps.tlsDataTransfers -->
<tr>
<td> *.5.3.1.0 </td>
<td> ftps.tlsDataTransfers.dirListCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of directories currently being listed via FTPS </td>
</tr>
<tr>
<td> *.5.3.2.0 </td>
<td> ftps.tlsDataTransfers.dirListTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of directories listed via FTPS </td>
</tr>
<tr>
<td> *.5.3.3.0 </td>
<td> ftps.tlsDataTransfers.dirListFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of directory list failures via FTPS </td>
</tr>
<tr>
<td> *.5.3.4.0 </td>
<td> ftps.tlsDataTransfers.fileUploadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being uploaded via FTPS </td>
</tr>
<tr>
<td> *.5.3.5.0 </td>
<td> ftps.tlsDataTransfers.fileUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files uploaded via FTPS </td>
</tr>
<tr>
<td> *.5.3.6.0 </td>
<td> ftps.tlsDataTransfers.fileUploadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file upload failures via FTPS </td>
</tr>
<tr>
<td> *.5.3.7.0 </td>
<td> ftps.tlsDataTransfers.fileDownloadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being downloaded via FTPS </td>
</tr>
<tr>
<td> *.5.3.8.0 </td>
<td> ftps.tlsDataTransfers.fileDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files downloaded via FTPS </td>
</tr>
<tr>
<td> *.5.3.9.0 </td>
<td> ftps.tlsDataTransfers.fileDownloadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file download failures via FTPS </td>
</tr>
<tr>
<td> *.5.3.10.0 </td>
<td> ftps.tlsDataTransfers.kbUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB uploaded via FTPS </td>
</tr>
<tr>
<td> *.5.3.11.0 </td>
<td> ftps.tlsDataTransfers.kbDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB downloaded via FTPS </td>
</tr>
<!-- ssh.sshSessions arc -->
<tr>
<td> *.6.1.1.0 </td>
<td> ssh.sshSessions.keyExchangeFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SSH2 key exchange failures </td>
</tr>
<tr>
<td> *.6.1.2.0 </td>
<td> ssh.sshSessions.clientCompressionTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SSH2 sessions using client-to-server compression </td>
</tr>
<tr>
<td> *.6.1.3.0 </td>
<td> ssh.sshSessions.serverCompressionTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SSH2 sessions using server-to-client compression </td>
</tr>
<!-- ssh.sshLogins arc -->
<tr>
<td> *.6.2.1.0 </td>
<td> ssh.sshLogins.hostbasedAuthTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SSH2 hostbased authentications </td>
</tr>
<tr>
<td> *.6.2.2.0 </td>
<td> ssh.sshLogins.hostbasedAuthFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of <b>failed</b> SSH2 hostbased authentications </td>
</tr>
<tr>
<td> *.6.2.3.0 </td>
<td> ssh.sshLogins.keyboardInteractiveAuthTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SSH2 keyboard-interactive authentications </td>
</tr>
<tr>
<td> *.6.2.4.0 </td>
<td> ssh.sshLogins.keyboardInteractiveAuthFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of <b>failed</b> SSH2 keyboard-interactive authentications </td>
</tr>
<tr>
<td> *.6.2.5.0 </td>
<td> ssh.sshLogins.passwordAuthTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SSH2 password authentications </td>
</tr>
<tr>
<td> *.6.2.6.0 </td>
<td> ssh.sshLogins.passwordAuthFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of <b>failed</b> SSH2 password authentications </td>
</tr>
<tr>
<td> *.6.2.7.0 </td>
<td> ssh.sshLogins.publickeyAuthTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SSH2 publickey authentications </td>
</tr>
<tr>
<td> *.6.2.8.0 </td>
<td> ssh.sshLogins.publickeyAuthFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of <b>failed</b> SSH2 publickey authentications </td>
</tr>
<!-- sftp.sftpSessions arc -->
<tr>
<td> *.7.1.1.0 </td>
<td> sftp.sftpSessions.sessionCount </td>
<td> Gauge32 </td>
<td> 1.3.4c+ </td>
<td> Number of current SFTP sessions </td>
</tr>
<tr>
<td> *.7.1.2.0 </td>
<td> sftp.sftpSessions.sessionTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SFTP sessions handled </td>
</tr>
<!-- sftp.sftpDataTransfers arc -->
<tr>
<td> *.7.2.1.0 </td>
<td> sftp.sftpDataTransfers.dirListCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of directories currently being listed via SFTP </td>
</tr>
<tr>
<td> *.7.2.2.0 </td>
<td> sftp.sftpDataTransfers.dirListTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of directories listed via SFTP </td>
</tr>
<tr>
<td> *.7.2.3.0 </td>
<td> sftp.sftpDataTransfers.dirListFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of directory list failures via SFTP </td>
</tr>
<tr>
<td> *.7.2.4.0 </td>
<td> sftp.sftpDataTransfers.fileUploadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being uploaded via SFTP </td>
</tr>
<tr>
<td> *.7.2.5.0 </td>
<td> sftp.sftpDataTransfers.fileUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files uploaded via SFTP </td>
</tr>
<tr>
<td> *.7.2.6.0 </td>
<td> sftp.sftpDataTransfers.fileUploadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file upload failures via SFTP </td>
</tr>
<tr>
<td> *.7.2.7.0 </td>
<td> sftp.sftpDataTransfers.fileDownloadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being downloaded via SFTP </td>
</tr>
<tr>
<td> *.7.2.8.0 </td>
<td> sftp.sftpDataTransfers.fileDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files downloaded via SFTP </td>
</tr>
<tr>
<td> *.7.2.9.0 </td>
<td> sftp.sftpDataTransfers.fileDownloadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file download failures via SFTP </td>
</tr>
<tr>
<td> *.7.2.10.0 </td>
<td> sftp.sftpDataTransfers.kbUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB uploaded via SFTP </td>
</tr>
<tr>
<td> *.7.2.11.0 </td>
<td> sftp.sftpDataTransfers.kbDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB downloaded via SFTP </td>
</tr>
<!-- scp.scpSessions arc -->
<tr>
<td> *.8.1.1.0 </td>
<td> scp.scpSessions.sessionCount </td>
<td> Gauge32 </td>
<td> 1.3.4c+ </td>
<td> Number of current SCP sessions </td>
</tr>
<tr>
<td> *.8.1.2.0 </td>
<td> scp.scpSessions.sessionTotal </td>
<td> Counter32 </td>
<td> 1.3.4c+ </td>
<td> Total number of SCP sessions handled </td>
</tr>
<!-- scp.scpDataTransfers arc -->
<tr>
<td> *.8.2.1.0 </td>
<td> scp.scpDataTransfers.fileUploadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being uploaded via SCP </td>
</tr>
<tr>
<td> *.8.2.2.0 </td>
<td> scp.scpDataTransfers.fileUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files uploaded via SCP </td>
</tr>
<tr>
<td> *.8.2.3.0 </td>
<td> scp.scpDataTransfers.fileUploadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file upload failures via SCP </td>
</tr>
<tr>
<td> *.8.2.4.0 </td>
<td> scp.scpDataTransfers.fileDownloadCount </td>
<td> Gauge32 </td>
<td> 1.3.4rc3+ </td>
<td> Number of files currently being downloaded via SCP </td>
</tr>
<tr>
<td> *.8.2.5.0 </td>
<td> scp.scpDataTransfers.fileDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of files downloaded via SCP </td>
</tr>
<tr>
<td> *.8.2.6.0 </td>
<td> scp.scpDataTransfers.fileDownloadFailedTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of file download failures via SCP </td>
</tr>
<tr>
<td> *.8.2.7.0 </td>
<td> scp.scpDataTransfers.kbUploadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB uploaded via SCP </td>
</tr>
<tr>
<td> *.8.2.8.0 </td>
<td> scp.scpDataTransfers.kbDownloadTotal </td>
<td> Counter32 </td>
<td> 1.3.4rc3+ </td>
<td> Total number of KB downloaded via SCP </td>
</tr>
<!-- ban.connections arc -->
<tr>
<td> *.9.1.1.0 </td>
<td> ban.connections.connectionBannedTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of connections rejected by bans </td>
</tr>
<tr>
<td> *.9.1.2.0 </td>
<td> ban.connections.userBannedTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of connections rejected by user-specific bans </td>
</tr>
<tr>
<td> *.9.1.3.0 </td>
<td> ban.connections.hostBannedTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of connections rejected by host-specific bans </td>
</tr>
<tr>
<td> *.9.1.4.0 </td>
<td> ban.connections.classBannedTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of connections rejected by class-specific bans </td>
</tr>
<!-- ban.bans arc -->
<tr>
<td> *.9.2.1.0 </td>
<td> ban.bans.banCount </td>
<td> Gauge32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of bans currently in effect </td>
</tr>
<tr>
<td> *.9.2.2.0 </td>
<td> ban.bans.banTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of bans that were ever in effect </td>
</tr>
<tr>
<td> *.9.2.3.0 </td>
<td> ban.bans.userBanCount </td>
<td> Gauge32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of user-specific bans currently in effect </td>
</tr>
<tr>
<td> *.9.2.4.0 </td>
<td> ban.bans.userBanTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of user-specific bans that were ever in effect </td>
</tr>
<tr>
<td> *.9.2.5.0 </td>
<td> ban.bans.hostBanCount </td>
<td> Gauge32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of host-specific bans currently in effect </td>
</tr>
<tr>
<td> *.9.2.6.0 </td>
<td> ban.bans.hostBanTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of host-specific bans that were ever in effect </td>
</tr>
<tr>
<td> *.9.2.7.0 </td>
<td> ban.bans.classBanCount </td>
<td> Gauge32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of class-specific bans currently in effect </td>
</tr>
<tr>
<td> *.9.2.8.0 </td>
<td> ban.bans.classBanTotal </td>
<td> Counter32 </td>
<td> 1.3.5rc2+ </td>
<td> Total number of class-specific bans that were ever in effect </td>
</tr>
</table>
<p>
<b>SNMP MIB</b><br>
The MIB provided for <code>proftpd</code> is distributed with the
<code>mod_snmp</code> module source code, and will be installed by default.
It is contained in the "PROFTPD-MIB.txt" file, and uses SMIv2.
<p>
<b>Suggested Future Features</b><br>
The following lists the features I hope to add to <code>mod_snmp</code>,
according to need, demand, inclination, and time:
<ul>
<li>AgentX support
<li>SNMPv3 support
<li>Controls support (<i>e.g.</i> for "ftpdctl snmp" action)
</ul>
<p><a name="Notifications">
<b>Notifications</b><br>
The <code>mod_snmp</code> module supports sending notifications (via SNMP
<i>traps</i>) whenever certain events occur or conditions are met. Note
that only SNMPv2 traps are generated; there is currently no support for
SNMPv1 traps.
<p>
Currently supported notifications:
<ul>
<li><code>MaxInstances</code> limit exceeded
<li>Failed FTP login due to bad/wrong password
<li>Failed FTP login due to bad/unknown user name
</ul>
<p>
To enable notifications, simply configure the address of an SNMP manager
that should be notified via the
<a href="#SNMPNotify"><code>SNMPNotify</code></a> directive.
<p><a name="FAQ">
<b>Frequently Asked Questions</b></a><br>
<font color=red>Question</font>: How can I query the <code>mod_snmp</code>
Agent process?<br>
<font color=blue>Answer</font>: You can test if your <code>proftpd</code>
supports SNMP with the <code>snmpwalk</code> program (<code>snmpwalk</code> is
a part of the <a href="http://net-snmp.sourceforge.net">Net-SNMP</code></a>
project). Note that you have to specify the SNMP port, which in
<code>mod_snmp</code> is configured via the
<a href="#SNMPAgent"><code>SNMPAgent</code></a> directive.
<p>
For example, you might try:
<pre>
# snmpwalk -m /path/to/PROFTPD-MIB.txt -v2c -Cc -c communitystring hostname:161 .1.3.6.1.4.1.17852.2.2
</pre>
If it gives output like:
<pre>
enterprises.proftpd.modules.snmp.daemon.software = proftpd
enterprises.proftpd.modules.snmp.daemon.softwareVersion = ProFTPD Version 1.3.4rc4 (built at Sat Oct 22 2011 11:50:38 PDT)
enterprises.proftpd.modules.snmp.daemon.admin = root@127.0.0.1
</pre>
or
<pre>
PROFTPD-MIB::software.0 = String: proftpd
PROFTPD-MIB::softwareVersion.0 = STRING: ProFTPD Version 1.3.4rc4 (built at Sat Oct 22 2011 11:50:38 PDT)
PROFTPD-MIB::admin.0 = STRING: root@127.0.0.1
</pre>
or
<pre>
SNMPv2-SMI::enterprises.17852.2.2.1.1.0 = STRING: "proftpd"
SNMPv2-SMI::enterprises.17852.2.2.1.2.0 = STRING: "ProFTPD Version 1.3.4rc4 (built at Sat Oct 22 2011 11:50:38 PDT)"
SNMPv2-SMI::enterprises.17852.2.2.1.3.0 = STRING: "root@127.0.0.1"
</pre>
then your <code>proftpd</code> was compiled with the <code>mod_snmp</code>
module and it is working properly; you should be able to make nice statistics
out of it.
<p>
<font color=red>Question</font>: Why doesn't the
<code>scp.scpDataTransfers</code> arc have any directory listing
counters/gauges, such as the <code>ftp.dataTransfers</code> and
<code>sftp.sftpDataTransfers</code> arcs do?<br>
<font color=blue>Answer</font>: The SCP protocol does not have the ability
to get <i>just</i> a directory listing; the protocol only transfers files.
<p>
<hr><br>
Author: <i>$Author: castaglia $</i><br>
Last Updated: <i>$Date: 2013-05-15 15:21:44 $</i><br>
<br><hr>
<font size=2><b><i>
© Copyright 2011-2013 TJ Saunders<br>
All Rights Reserved<br>
</i></b></font>
<hr><br>
</body>
</html>