(Implementing SNMP and Performance DLLs on Windows NT 3.51/4.0)
Last updated on: 26Aug2000
PERFMIB.MIB date: 16Aug2000 MIB.BIN date: 26Aug2000
Theory of Operation
Installing SNMP on Windows NT 3.51 Installing SNMP on Windows NT 4
Creating an SNMP Service Account Main SNMP Components
Installing Base SNMP4NT(c) Accessable Statistics
Generating your own PERFMIB.MIB
Do you think SNMP4NT(c) is worthy?
The SNMP service running under Windows NT 3.51 and 4.0 supports SNMP version 1, and provides an SNMP agent that allows remote, centralized SNMP management of one or more of the following:
Some of the information above can be made available by extracting performance counters (as can be seen in the Performance Monitor application) from the Windows NT system, and some information (i.e WINS, DHCP and IIS) must be made available by incorporating MIBS from those services into the SNMP service running on the Windows NT system.
In all cases, the MIBS for performance counters and/or others must be compiled into a binary file (called MIB.BIN) so that when an SNMP GET request is made (either locally or remotely), an intermediate system file (called PERFMIB.DLL) makes a call to MIB.BIN and the appropriate information is returned to the system that made the SNMP request.
Confused? It's really not all that complicated once you have been doing it for 3 years or so (a little humour to break up this boring, monotonous, teckno-geek stuff!).
Here is an hyperlink to an article that (I think) is one of the best descriptions of SNMP under Windows NT. Check it out at http://www.microsoft.com/technet/network/networkm.asp. In particular, there is an excellent section on configuring your system for SNMP Traps!
Before you can do anything, you MUST install the SNMP service! Reapply the service pack when finished!
Install SNMP before any applications!! If you don't, applications may not install SNMP support!
Since you will need to get the SNMP service software off your original NT installation CD, you will have to reboot your system, then re-apply Service Pack 5 (or later) before continuing. BE SURE TO DO THIS!
That's it! After a reboot, you have the SNMP service successfully installed for Windows NT 3.51! Now, see the "Creating an SNMP service account" section. Once you have completed that, you are now ready to install SNMP4NT(c) and are one step away from being able to access these counters using SNMP!
You can also do this (later) by:
- Go into Control Panel.
- Select the Network icon.
- Choose the Services Tab.
- Highlight and double click on the SNMP Service.
Since you will need to get the SNMP service software off your original NT installation CD, you will have to reboot your system, then re-apply Service Pack 6a (or later) before continuing. BE SURE TO DO THIS!
That's it! After a reboot, you have the SNMP service successfully installed for Windows NT 4.0! Now, see the "Creating an SNMP service account" section. Once you have completed that, you are now ready to install SNMP4NT(c) and are one step away from being able to access these counters using SNMP!
Once the SNMP Performance DLL (PERFMIB.DLL) is registerd as an SNMP extension agent, it will "PROBE" all the performance counters, even if you are not asking to GET information from them. If (for example) you have SQL Server installed on a system that has SNMP "hooked" to the performance counters, SNMP will try to log into SQL Server to gather SQL stats. It will try to login continuously (like every 2 seconds), and has the potential to crash SQL. Look in the Security Event Log if you suspect this to be happening. In order to resolve this, the SNMP service must be started with an account that has the permission to access application (i.e. SQL server).
Follow these simple steps and you will see this problem disappear:
PERFMIB.MIB - is a Windows NT Specific Management Information Base). It is a specially formatted text file that contains numeric representations (called OIDs, or Object Identifier Descriptors) of the specific performance counters you have extracted from the Performance Counter application using the utility called perf2mib.exe. Once created, it is copied to the %systemroot%\system32 directory.
PERFMIB.INI - is the corresponding INI file for PERFMIB.MIB. It is also created by perf2mib.exe when Performance Counters are extracted. Once created, it is also copied to the %systemroot%\system32 directory.
SNMP4NT(c) contains pre-extracted PERFMIB.MIB and PERFMIB.INI files. They are generated on the WTCS Corporate Server (built in Edmonton, Alberta, Canada). PERFMIB.MIB contains many base Windows NT Performance Counters (including system and network protocols), as well as extracted Performance Counters from MS Exchange 5.5 and MS Proxy Server 2.0. See the page here for details.
MIB.BIN - is a binary file that gets created once the PERFMIB.MIB and other MIBS for applications or services that may be installed on the Windows NT system are compiled. Once created, it is copied to the %systemroot%\system32 directory along with PERFMIB.MIB and PERFMIB.INI.
SNMP4NT(c) contains a pre-compiled MIB.BIN which includes the Performance Counters extracted into PERFMIB.MIB (above), as well as several others (including WINS, DCHP, IIS, HHTP, FTP, LANMAN and MS SQL Server).
PERFMIB.DLL - is a file provided by Microsoft which gets registered (or "hooked") into SNMP as an extension agent. Its' job (my defintion, I could not find an official one) is to intercept SNMP requests, and make a call to MIB.BIN, whose job it is to look up and provide the information requested. It is copied to the %systemroot%\system32 directory along with MIB.BIN, PERFMIB.MIB and PERFMIB.INI.
Since all the hard work has been done (and SNMP is correctly installed), all you need to do is download the latest SNMP4NT(c) Standard Edition (free!), extract it into a directory (or onto a floppy if you want) and run the batch file called MIBINST.BAT (located in the \MIBINST directory) to install it on the Windows NT system you want to monitor.
You can access the SNMP4NT(c) Download page here.
What MIBINST.BAT does:
Once that has been done, you are ready to roll. If you have a Network Management Station (NMS) you will need to copy the MIBS in the \MIBINST\MIBS directory to the appropriate directory in your NMS. Otherwise, if you know the OIDs to query, you can use SNMPUTIL.EXE and access them from a command prompt. I would suggest that you go to the Testing your implementation Page, and download getif. If you are using getif, follow these instructions:
1) Stop getif if you are using it.
2) Copy ALL the MIBS in the \MIBINST\MIBS subdirectory to the MIBS directory below the getif installation directory.
3) Delete the ".index" file in the MIBS directory
4) Restart getif
Remember that the SNMP MUST have SNMP sucessfully installed and configured (i.e. community name). It does not have to have SNMP4NT(c) installed on it in order to query another system that does have SNMP4NT installed.
If you have a need or desire to add additional counters, see the section called "Generating your own Performance Counter MIB (PERFMIB.MIB)".
This section lists some of the more "meaningful" statistics you will be able to monitor after installing SNMP on your Windows NT server. A short definition accompanies each.
Since SNMP4NT's PERFMIB.MIB is compiled with numerous other MIBs (including HTTP.MIB, FTP.MIB and INETSRV.MIB), the result is that MIB.BIN allows Internet Server (IIS), HTTP and FTP stats to be queried as well (but you must have installed IIS AFTER SNMP!
CPU % Usage - Processor Time is expressed as a percentage of the elapsed time that a processor is busy executing a non-Idle thread. It can be viewed as the fraction of the time spent doing useful work. Each processor is assigned an Idle thread in the Idle process which consumes those unproductive processor cycles not used by any other threads
Memory Available - Available Bytes displays the size of the virtual memory currently on the Zeroed, Free, and Standby lists. Zeroed and Free memory is ready for use, with Zeroed memory cleared to zeros. Standby memory is memory removed from a process's Working Set but still available.
Memory Pages per Second - Pages/sec is the number of pages read from the disk or written to the disk to resolve memory references to pages that were not in memory at the time of the reference. This is the sum of Pages Input/sec and Pages Output/sec. This counter includes paging traffic on behalf of the system Cache to access file data for applications. This value also includes the pages to/from non-cached mapped memory files. This is the primary counter to observe if you are concerned about excessive memory pressure (that is, thrashing), and the excessive paging that may result.
Memory Page Reads per Second - Page Reads/sec is the number of times the disk was read to retrieve pages of virtual memory necessary to resolve page faults. Multiple pages can be read during a disk read operation. Known as "hard faults", sustained rates of 5 or more page reads per second indicate a serious memory shortage.
Memory Page Faults per Second - Page Faults/sec is a count of the Page Faults in the processor. A page fault occurs when a process refers to a virtual memory page that is not in its Working Set in main memory. A Page Fault will not cause the page to be fetched from disk if that page is on the standby list, and hence already in main memory, or if it is in use by another process with whom the page is shared.
Network Statistics - Bytes Total/sec is the rate that bytes are sent and received on the interface, including framing characters. On a 10Mbps syste, this rate is 1,250,000 Bytes Per Second, and on a 100Mbps system this is 12,500,000 Bytes per Second. If you are using full duplex 100Mbps NICs and switches, this value could be as high as 25,000,000 Bytes per Second.
Disk Free (remaining) - Shows how many megabytes (MB) of disk space remain on the servers hard disk(s).
HTTP Statistics - Information on the HTTP server if it is running (i.e. how many anonymous users, etc.).
FTP Statistics - Information on the FTP server if it is running (i.e. how many anonymous users/transfer rate, etc.).
Current Sessions (logins) - Shows how many client sessions are currently active on the server.
NT Redirector - Shows how the redirector is managing data.
NT System - Shows how the Windows NT system (i.e. kernel) is performing.
IP Protocol - Shows Datagram and Fragmentation statistics for the IP protocol (if installed). A datagram is an independent, self-contained message sent over the network whose arrival, arrival time, and content are not guaranteed.
NetBT (NetBIOS over TCP/IP) Protocol - Shows performance statistics on this protocol (if IP installed)
NWLink IPX (NetWare compatible) Protocol - Shows performance statistics on this protocol (if installed)
NWLink SPX (NetWare compatible) Protocol - Shows performance statistics on this protocol (if installed)
NetBEUI Protocol - Shows performance statistics on this protocol (if installed)
Remote Access Service - Shows performance statistics on this protocol (if RAS Service is installed)
Microsoft Exchange 5.5 (MTA/IS/DS) - Shows performance statistics on this protocol (if Exchange Server is installed)
Microsoft Proxy Server 2.0 - Shows users/traffic/etc. for this product (if Proxy Server is installed)
IIS Web Service - Shows users/traffic/etc. for virtual servers on IIS 4.0m (must be installed)
MS SQL Server 6.5/7 - A wide variety of performance stats are opened up!
In order for SNMP to access performance counter and application informaion from your Windows NT server or workstation, the following steps must be performed.
If for some reason, you did not want to extract performance counter information, you could eliminate step 2, and (in step 3) only compile the MIBS you wanted (i.e. WINS/DHCP/SQL) into MIB.BIN. Then carry on on with steps 4 and 5.
So... How is this done?
If you have added a program to your WIndows NT system, and would like to add it's performance counters to PERFMIB.MIB, then you will need to run PERFM.BAT. Specifically, you will need to modify the part of perfm.bat that takes performance counters and adds them to the MIB file (PERFMIB.MIB). This is done by editting the PERF2MIB.EXE line in PERFM.BAT.
PERFM.BAT is a batch file that will create a MIB file (PERFMIB.MIB) from the performance counters, compile it into a binary file (MIB.BIN), stop the SNMP service, copy some files (PERFMIB.MIB, PERFMIB.DLL, PERFMIB.INI and MIB.BIN) to your Windows NT system directory, and restart SNMP.
Here's how it works ...
We will use 2 theoretical counters for examples. Lets say you start Performance Monitor, and you can see 2 counters (in the object field) that you would like to add to PERFMIB.MIB. One is called ProgStat and the other is called Program Statistics (note the space between the words).
In PERFM.BAT (as part of SNMP4NT.EXE - 16Aug2000), the perf2mib.exe line currently looks like this (note that it is a single line!)...
perf2mib PERFMIB.MIB PERFMIB.INI memory 1 memory processor 2 CPU "Network Interface" 3 net PhysicalDisk 4 pdisk LogicalDisk 5 ldisk "Paging File" 6 pagefile Process 7 process Redirector 8 redirector TCP 9 tcp IP 10 ip UDP 11 udp NetBEUI 12 netbeui "NBT Connection" 13 nbtconn "NWLink IPX" 14 nwlinkipx "NWLink SPX" 15 nwlinkspx "RAS Total" 16 rastotal Server 17 server "Server Work Queues" 18 srvrqueues Cache 19 cache MSExchangeMTA 20 ExchMTA "MSExchangeMTA Connections" 21 ExchMTAConn MSExchangeIMC 22 ExchIMC MSExchangeIS 23 ExchIS "MSExchangeIS Public" 24 ExchISPub "MSExchangeIS Private" 25 ExchISPriv MSExchangeDS 26 ExchDS "Web Proxy Server Service" 27 WebProxySrvr "WinSock Proxy Server" 28 WinSockProxySrvr "Web Proxy Server Cache" 29 WebProxySrvrCache Telephony 30 Telephony "RAS Port" 31 RASPort "NWLink NetBIOS" 32 NWNetBIOS System 33 NTSystem "Packet Filtering" 34 PacketFilter "Web Service" 35 WebService
If you want to add the ProgStat counter to PERFMIB.MIB, you would add another counter to the perf2mib line (remember, the last statistic on the perf2mib line is 35!) like so...
ProgStat 36 ProgStat
Note that you have incremented the number from 35 to 36!
If you want to add the Program Statistics counter to PERFMIB.MIB, you would (again) add another counter to the perf2mib line (the last statistic on the perf2mib line is now 36!) like so...
"Program Statistics" 37 ProgramStat
Note that when a counter has 2 or more words, you must surround them with " " characters. The name you insert AFTER the number is up to you. Keep it short and unique.
By the Way, the
number you use DIRECTLY INFLUENCES THE OID. For example, since the last counter is now 35
(the "Program Statistics" counter you just added), the corresponding OID is:
You can test this OID by running the following command:
snmputil walk 127.0.0.1 community .22.214.171.124.4.1.3126.96.36.199.1.1.37.
Pretty Simple, huh?
You can use this tehnique to add counters from (almost) any program that installs them into Performance Monitor.
Then, this MIB must be compiled. A program called MIBCC.EXE joins PERFMIB.MIB and more MIBS (some NT system specific, some may be from other applications) into a binary file called MIB.BIN
This binary file, another one (this one called PERFMIB.DLL) and a file called PERFMIB.INI (a text file listing the OIDs of the Windows NT performance counters are copied to the %SYSTEMROOT%\System32 directory, usually (\WINNT\SYSTEM32).
Finally, the SNMP Performance DLL must be registered. Windows must be "told" that when the SNMP service is queried, it should run the PERFMIB.DLL program (which will execute the MIB.BIN code, and (provided a valid OID is passed to it) access the applicable performance counter to retrieve and return that data to the querying program.
Once perfm.bat has completed, you should be ready to use SNMP from your NMS to access the system performance counters listed above!
See the Testing your implementation page to see if you got it working!
READ BEFORE RUNNING PERFM.BAT!!
|NOTE 1:||The programs required to make this work come as part of the Windows NT Resource Kit. Buy it if you do not already own it!|
Back up your SNMP registry key first!
|NOTE 3:||PERFM.BAT will perform an operation or two, then pause. When it does, it will tell you to edit a file (perfmib.mib) on a:\ or in the current directory. READ THE SCREEN INFORMATION THAT PERFM.BAT PUTS OUT!! Follow the instructions! DO NOT CONTINUE UNTIL YOU EDIT THAT FILE! There is a typo in one of Microsoft's MIBs and it tells you what to edit to fix the Microsoft typo.|
|NOTE 4:||If you reference performance counters in the perf2mib line that do not exist in your system, then perfm.bat will fail! Using the example above, perfm.bat will fail if you do not have IPX/SPX, TCP/IP, RAS or MS Exchange 5.5 installed on your system. Remove the counters that do not exist on your system. Be sure to correctly re-adjust the numbering in the perf2mib line!|
To return the the main page, click the logo!