000026422 - How to Configure SNMP for RSA Authentication Manager 7.1 or 8.x

To configure the 3.0 Appliance AM 7.1 SNMP:

1. In the Operations Console, click Administration > SNMP > Configure Appliance SNMP.Select Network Management to enable the Appliance SNMP agent.
2. Select Network Management to enable the Appliance SNMP agent.
3. In the SNMP Adapter Port field, enter the SNMP adapter port number. The default port number is 161.
4. In the SNMP Community String field, enter the SNMP community string. This is the password to access the SNMP adapter.
5. In the Access Control List, in the IP Address or Hostname or Subnet field, enter either the IP address, hostname, or subnet ofthe machines that you want to allow to access the SNMP agent, and click Add. When you finish, click Update.
   If you do not enter any information, all of the machines on the network can access the agent.
6. In SNMP Trap Receivers, in the IP Address or Hostname field, enter the IP address or hostname and port numbers of the machines that receive SNMP trap notifications, and click Add. When you finish, click Update.
7. In the System Log Trap Level field, select the level of trapping that you want: None, Error, Warning, or Success.
   The Appliance can send the traps that meet the specified severity level. Each level records all levels above it. For example, if you select Success, the log contains Error, Warning, and Success messages. For a list of available traps and the corresponding levels, see the RSA SecurID Appliance 3.0 SNMP Reference Guide. For a direct link, see "Additional Concepts and Tasks" on page 125.
8. Click Save.

To Configure the Authentication Manager 7.1 SNMP:

1. In the Security Console, click Setup > Instances, pull down the menu for the primary instance and select Network Management SNMP, to enable the Autnetication Manager SNMP agent.
2. In the SNMP Adapter Port field, enter the SNMP adapter port number. The default port number is 8002.
3. In the SNMP Community String field, enter the SNMP community string. This is the password to access the SNMP adapter.
4. In the Access Control List, in the IP Address or Hostname or Subnet field, enter either the IP address, hostname, or subnet ofthe machines that you want to allow to access the SNMP agent, and click Add. When you finish, click Update.
   If you do not enter any information, all of the machines on the network can access the agent.
5. Select to include SNMP adaptor messages in the trace log.
6. In SNMP Trap Receivers, in the IP Address or Hostname field, enter the IP address or hostname and port numbers of the machines that receive SNMP trap notifications, and click Add. When you finish, click Update.
7. In the Administrative Audit Log Trap Level, select the type of administrative audit log events to trap.
8. In the Runtime Audit Log Trap Level, select the the type of runtime audit log events to trap.
9. In the System Log Trap Level, select the type of system log events to trap.
10. Click Save.

To Configure the Authentication Manager 8.X SNMP:

1. In the Security Console, click Setup > System Settings, Under Advanced Settings on lower right select Network Monitoring (SNMP), then select either Primary or Replica, [Next].
2. Under Basics, Network Monitioring using SNMP v3: put a bullet in (*) On
3. Default Request Port is 161, etc... Create Authentication and Privacy Passwords
4. [Download] the MIB for your SNMP Server
5. Optionally configure Trap Settings, for Admin, Authentication and System eventsas swell as OS traps
6. In SNMP Trap Receivers, enter the IP Address or Hostname field, enter the IP address or hostname and port numbers of the machines that receive SNMP trap notifications, and click Add. When you finish, click Update.
7. Optionally Check box to apply same settings to Replica.
8. Click Save.
9. You enable SNMP in the Security Console ? Setup ? System Settings.  Advanced Settings has Network Monitoring.  See p.348 Admin Guide.  This is for things like the default port 161 to be up a listening for your SNMP Gets, so that AM will respond.
   

   The attached SNMP reference Guide for AM 8.0 discusses the need to download the AM MIB so that your SNMP server knows what data RSA has available, and how to configure SNMP Gets or Traps in the Security Console.

   
   MIB objects for SNMP Gets are described in pages 11-29.

  In order for the machines to request Authentication Manager and Appliance hardware data, you must copy the Authentication Manager and Appliance MIB files onto those machines, and load them in a MIB browser.
  In the Operations Console, you can download a .zip file that contains the Authentication Manager and Appliance MIBs, to the necessary machines on your network.
 
To download the MIB files on an appliance:

1. In the Operations Console, click Administration > SNMP > Download MIB Files.
2. Click Download, and browse to the machine where you want to download the file.

1. Navigate to the RSA_INSTALL_HOME\data directory (C:\Program Files\RSA Security\RSA Authentication Manager\data or /usr/local/RSASecurity/RSAAuthenticationManager/data). 
2. Copy the AM.asn1 and IMS.asn1 files and import them to your trap receiver.
3. Configure your trap receiver according to manufacturer documentation.