Page created: 6 Nov 2019 |
Page updated: 25 Mar 2020
Enable the Directory Proxy Server’s SNMP
plugin by using the dsconfig tool. Make sure to specify the
address and port of the SNMP master agent. On each Directory Proxy Server instance,
enable the SNMP subagent. Note that the SNMPv3 context name is limited to 30
bytes maximum. If the default dynamically-constructed instance name is greater
than 30 bytes, there will be an error when attempting to enable the
plugin. Enable the SNMP Subagent Alert Handler so that the sub-agent will send traps
for administrative alerts generated by the server.
$ bin/dsconfig set-alert-handler-prop \ --handler-name "SNMP Subagent Alert Handler" --set enabled:true
View the error log. You will see a message that the master agent is not
connected, because it is not yet online.
The SNMP sub-agent was unable to connect to the master agent at localhost/705: Timeout
Edit the SNMP agent configuration file, snmpd.conf, which
is often located in /etc/snmp/snmpd.conf. Add the directive
to run the agent as an AgentX master agent:
master agentx agentXSocket tcp:localhost:705Note that the use of localhost means that only sub-agents running on the same host can connect to the master agent. This requirement is necessary since there are no security mechanisms in the AgentX protocol.
Add the trap directive to send SNMPv2 traps to localhost
with the community name, public (or whatever SNMP community has been configured
for your environment) and the port.
trap2sink localhost public 162
To create a SNMPv3 user, add the following lines to the
rwuser initial createUser initial MD5 setup_passphrase DES
Run the following command to create the SNMPv3 user.
snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase \ localhost create snmpuser initial
Start the snmpd daemon and after a few seconds you should
see the following message in the Directory Proxy Server error log:
The SNMP subagent connected successfully to the master agent at localhost:705. The SNMP context name is host.example.com:389
Set up a trap client to see the alerts that are generated by the Directory Proxy Server. Create a config file in
/tmp/snmptrapd.conf and add the directive below to it.
The directive specifies that the trap client can process traps using the public
community string, and can log and trigger executable actions.
authcommunity log, execute public
Install the MIB definitions for the Net-SNMP client tools, usually located in
the /usr/share/snmp/mibs directory.
$ cp resource/mib/* /usr/share/snmp/mibs
Then, run the trap client using the snmptrapd command. The
following example specifies that the command should not create a new process
using fork() from the calling shell (-f), do
not read any configuration files (-C) except the one specified
with the -c option, print to standard output
(-Lo), and then specify that debugging output should be
turned on for the User-based Security Module (-Dusm). The path
-Moption is a directory that contains the MIBs shipped with our product (i.e., server-root/resource/mib) .
$ snmptrapd -f -C -c /tmp/snmptrapd.conf -Lf /root/trap.log -Dusm \ -m all -M +/usr/share/snmp/mibs
Run the Net-SNMP client tools to test the feature. The following options are
required: -v <SNMP version>, -u <user
name>, -A <user password>, -l
<security level>, -n <context name (instance
name)> . The -m all option loads all MIBs in the
default MIB directory in /usr/share/snmp/mibs so that MIB names
can be used in place of numeric OIDs.
$ snmpget -v 3 -u snmpuser -A password -l authNoPriv -n host.example.com:389 \ -m all localhost localDBBackendCount.0 $ snmpwalk -v 3 -u snmpuser -A password -l authNoPriv -n host.example.com:389 \ -m all localhost systemStatus