Configure SNMP

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

To configure SNMP GETs and traps for each RSA Authentication Manager instance, you must log on to the Security Console on the primary instance. The Security Console of the replica instance allows you to only view SNMP settings.

Changes that you make to one instance do not affect the other instances; However, you can apply the primary instance settings to all instances.

Before you begin 

You must be a Super Admin.

Procedure 

  1. In the Security Console of the primary instance, click Setup > System Settings.

  2. Under Advanced Settings, click Network Monitoring (SNMP).

  3. Select an instance.

  4. Click Next

  5. Under Network Monitoring using SNMP v3, select On. This enables the SNMP agent. If you do not select On, skip the rest of this procedure.

    You can change this setting to temporarily disable SNMP. Selecting Off does not clear the other SNMP settings on this page.

  6. In the Request Port field, enter the port number the SNMP agent listens on for GET requests. The default port number is 161.

    Note:  Do not enter port number 8002. The appliance uses port 8002 for an internal SNMP agent.

  7. In the Security Name field, define a user name for the appliance SNMP agent. The SNMP agent uses this user name to authenticate GET requests and to send traps.

  8. In the Security Level field, select a security level for SNMP communication:

    • No Authentication does not authenticate or encrypt SNMP communication. Go to step 11.

    • Authentication, No Privacy authenticates the sender of a GET or trap, but does not encrypt SNMP data communication.

    • Authentication and Privacy authenticates the sender of a GET or trap and encrypts SNMP data communication.

  9. If you are using authentication, do the following:

    1. In the Authentication Password field, enter a password for authenticating the sender of a GET or trap. Some SNMP clients use the term “passphrase.”

    2. From the Authentication Protocol list, select the protocol for authenticating the sender of a GET or trap.

  10. If you are using encryption, do the following:

    1. In the Privacy Password field, enter the password for encrypting SNMP data communication. Some SNMP clients use the term “passphrase.”

    2. In the Privacy Protocol field, select the algorithm for encrypting SNMP data communication.

  11. Click Download to save the Management Information Base (MIB) .zip file.

    The .zip file contains MIB files for Authentication Manager and the appliance operating system. On a hardware appliance, the .zip file contains MIB filesfor the appliance hardware.

  12. In the Trap Settings section, specify the type and severity of log events to be trapped.

                              

    Log Event Type

    Description

    Severity

    Administrator Activity

    Administrative actions in the deployment, both from the Security Console and through the API.

    Severity levels are cumulative:

    • Success traps success, warning, and error events.

    • Warning traps both warning and error events.

    • Error only traps errors.

    Authentication Activity

    All events related to user authentication, such as User ID, authentication time, authenticating agent, and account lockout.

    System Log Report

    Authentication Manager information related to the environment, internal processes, state or events such as activation, connections made or dropped, and refresh events.

  13. Under Send Traps for Operating Systems events, choose whether to monitor the appliance for resource utilization:

    For all of the OS Attributes, enter threshold values at which the system will send a trap. All attributes require values, but you can set a high threshold value for a specific attribute that you do not want to trap.

  14. Under Traps Receiver Settings, add the IP address or hostname of the machines that receive SNMP trap notifications. You can keep or change the default port number of 162.

    You may enter multiple trap receivers, update existing trap receivers, or remove trap receivers from the list.

  15. If you configured the primary instance and you want to apply these settings to the replica instance, click Apply the above settings to the replica instance(s) upon save to apply the same settings to the replica instance.

  16. Click Save.

 

After you finish 

SNMP configuration changes can require up to 10 minutes to take effect on a replica instance. To replicate the SNMP configuration changes sooner, you can log on to the Operations Console of the replica instance, and flush the cach. For more information, see Flush the Cache.

 

 

 

 


Attachments

    Outcomes