PingDirectory

Configuring SNMP

Because all server instances provide information for a common set of management information bases (MIBs), each server instance provides its information under a unique SNMPv3 context name equal to the server instance name.

About this task

The server instance name is defined in the Global Configuration and is constructed from the host name and the server LDAP port by default. Information must be requested using SNMPv3, specifying the context name that pertains to the desired server instance.

The server supports SNMPv3, and only SNMPv3 can access the MIBs. For systems that implement SNMP v1 and v2c, Net-SNMP provides a proxy function to route requests in one version of SNMP to an agent using a different SNMP version.

Steps

  1. To enable the server’s SNMP plugin, use the dsconfig tool.

    The SNMPv3 context name is limited to 30 bytes maximum. Any context name longer than 30 characters returns an error message when you attempt to enable the plugin.

    The default context server name is the server instance name and the LDAP port number, so take note of the length of the fully-qualified DNS host name.

    1. Specify the address and port of the SNMP primary agent.

    2. On each server instance, enable the SNMP subagent.

    3. Enable the SNMP Subagent Alert Handler so that the sub-agent sends traps for administrative alerts generated by the server.

      Example:

      $ bin/dsconfig set-alert-handler-prop \
        --handler-name "SNMP Subagent Alert Handler" --set enabled:true
  2. View the error log.

    Result:

    A message displays that the primary agent is not connected because it is not yet online.

    The SNMP sub-agent was unable to connect to the master
    agent at localhost/705: Timeout
  3. Edit the SNMP agent snmpd.conf configuration file and add the directive to run the agent as an AgentX primary agent.

    The file is often located in /etc/snmp/snmpd.conf.

    Example:

    master agentx agentXSocket tcp:localhost:705

    Using localhost means that only sub-agents running on the same host can connect to the primary agent. This is necessary because there are no security mechanisms in the AgentX protocol.

  4. Add the trap directive to send SNMPv2 traps to localhost with the community name, public (or whatever SNMP community has been configured for your environment) and the port.

    Example:

    trap2sink localhost public 162
  5. To create a SNMPv3 user, add the following lines to the /etc/snmp/snmpd.conf file.

    Example:

    rwuser initial
    createUser initial MD5 setup_passphrase DES
  6. To create the SNMPv3 user, run snmpusm.

    Example:

    snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase \
    localhost create snmpuser initial
  7. Start the snmpd daemon.

    Result:

    A message displays in the server’s error log.

    The SNMP subagent connected successfully to the master agent
    at localhost:705. The SNMP context name is host.example.com:389
  8. To see the alerts that are generated by the server, set up a trap client.

    1. Create a config file in /tmp/snmptrapd.conf.

    2. Add the authcommunity log, execute public directive to the file.

      The directive specifies that the trap client can process traps using the public community string and can log and trigger executable actions.

  9. Install the MIB definitions for the Net-SNMP client tools in the /usr/share/snmp/mibs directory.

    Example:

    $ cp resource/mib/* /usr/share/snmp/mibs
  10. To run the trap client, run the snmptrapd command.

    Example:

    This example specifies that the command should not create a new process using fork() from the calling shell (-f), should not read any configuration files (-C) except the one specified with the -c option, should print to standard output (-Lo), and then specifies that debugging output should be turned on for the User-based Security Module (-Dusm). The path after the -M option is a directory that contains the MIBs shipped with our product ( server-root/resource/mib).

    $ snmptrapd -f -C -c /tmp/snmptrapd.conf -Lf /root/trap.log -Dusm \
      -m all -M +/usr/share/snmp/mibs
  11. To test the feature, run the Net-SNMP client tools.

    You must use the following options:

    • -v <SNMP version>

    • -u <user name>

    • -l <security level>

    • -n <context name (instance name)>

    • -A <user password>

      Example:

      In this example, the -m alloption loads all MIBs in the default MIB directory in /usr/share/snmp/mibs so that MIB names can be used in place of numeric OIDs.

      $ snmpget -v 3 -u snmpuser -A password -l authNoPriv -n host.example.com:389 \
      -m all localhost localDBBackendCount.0
      
      $ snmpwalk -v 3 -u snmpuser -A password -l authNoPriv -n host.example.com:389 \
      -m all localhost systemStatus