There are two kinds of data collection used on NetApp Filers: SNMP and the NetApp API. For comprehensive monitoring, both must be configured. This article will walk you through setting up NetApp Filer monitoring:
Note: By default, LogicMonitor will access the NetApp API over port 443, using HTTPS. However, older LogicMonitor accounts may default to accessing the NetApp API over HTTP on port 80, which can prevent data retrieval. If you are experiencing this behavior, set netapp.ssl to "true" at the root folder of the devices tree.
Enabling NetApp SNMP Access:
SSH to a cluster management address. To display the current SNMP configuration:
To create a new SNMP community:
Confirm SNMP configuration:
Enabling NetApp API Access:
To create an API user with the example name of logicmonitor in the context of the cluster:
You should define the snmp.community, netapp.user, and netapp.pass properties for the host to allow access.
Cluster Mode SVMs (vFiler)
In order to get complete monitoring of, and be able delegate access to, Storage Virtual Machines on NetApp Cluster mode, it is necessary to add the SVMs as separate devices, and enable both SNMP and API access on the SVM itself. The steps required to do so are:
- Add an SNMP community for the SVM.
- Ensure SNMP is allowed by the firewall configuration of the interface of the SVM: determine the interface used by the SVM, the firewall policy, and amend if needed.
- Enable API access by allowing API access through the SVM firewall, and creating an API user.
In the following example, we will enable access on the images server.
To enable SNMP
First, we can check the current SNMP configuration:
Add SNMP community for the SVM (server) images:
Confirm SNMP configuration:
You can determine the firewall policy used by the interface for a vserver with the following command:
You can then determine if the policy for the server in question (images, using the data policy in our case) allows snmp:
As the data policy does not allow SNMP, we could either amend the firewall policy, or create a new one. In this case, we will create a new firewall policy:
We can now assign new policy to the interface used by the vserver images (lif1):
To enable API access the SVM, we must allow HTTP/HTTPS access through the firewall policy used by the SVM's interfaces. These commands add HTTP and HTTPS access to the new firewall policy we created above, that is already applied to the interface for the vserver images.
Now we just need to create an API user in the context of this vserver:
You can now add the SVM as a host to LogicMonitor. You should define the snmp.community, netapp.user, and netapp.pass properties for the host to allow access.
Non Cluster Mode (7-mode)
- In OnTap 8 and later, you must explicitly enable HTTP access for the API: options httpd.admin.enable on
- Using GD Collectors 22.0 or 21.0 requires TLS to be enabled (command line "options tls.enable on") to monitor 7-Mode Netapps
Enabling NetApp API access:
It is recommended that you create a new NetApp account with the privileges detailed below.
To create a new user called logicmonitor with only API access, on your NetApp filers perform these operations:
(Note: to create a role with the current minimum API rights required, substitute this command for the command above, or use useradmin role modify if the role already exists:
This grants read only API access sufficient for the current NetApp datasources, but may not be sufficient for future datasources that may use different API calls.).
You would then specify these properties in LogicMonitor:
By default, LogicMonitor will access the NetApp API over port 443, using HTTPS. To change the port that LogicMonitor will connect to the API on, set the property netapp.api.sslport to the appropriate port.
If you wish to access the API using HTTP, instead of SSL:
- Set the netapp.ssl property (globally, per group, or for a host) to "false" to disable SSL access.
- netapp.api.port will default to 80. If you wish to connect via HTTP to another port, set this property appropriately.
Enabling NetApp SNMP access:
Perform these operations from the netapp CLI:
Note: if you have changed the default settings of options trusted.hosts or options snmp.access, ensure that the IP address of the collector for the filer is added to those options. You can check your SNMP settings by simply entering snmp at the command line:
SSH Messages in NetApp Syslog
After enabling LogicMonitor to monitor a NetApp, usually the NetApp will start logging messages similar to:
This is due to the fact that LogicMonitor checks the responsiveness of ssh on the NetApp, but does not complete an actual log in. The messages are harmless, but you can disable LogicMonitor's checking of ssh on the device if you wish to not generate the messages. (Of course, this will also prevent alerting if ssh fails to respond on the device.)