RSA Authentication Manager supports using a third-party network management system (NMS) and Simple Network Management Protocol (SNMP) to remotely query management data. The data is exposed in the form of read-only variables. Authentication Manager does not support SNMP sets.
You configure SNMP using the Security Console. An SNMP agent is embedded in Authentication Manager, and responds to requests from the NMS. The agent can be enabled or disabled during configuration. To request Authentication Manager data, you must download the Authentication Manager management information base objects (MIB) files from the Security Console, and load them in a MIB browser. On the RSA Authentication Manager hardware appliance, the download includes a separate set of hardware-specific MIB files.
Authentication Manager supports SNMP v3.
Authentication Manager Support for SNMP GETS and Traps
You can configure RSA Authentication Manager to accept requests, called GETS, from the NMS, and to send data, called traps, to the NMS. GETS and traps differ in two ways:
A GET requests information, whereas a trap automatically sends information.
A GET contains aggregate data, and can obtain a single value or a tree of values. A trap is an individual piece of data.
Note: Authentication Manager does not support puts.
For example, suppose Authentication Manager is configured to send notifications for each successful authentication. If 100 successful authentications occur, 100 trap messages are sent. If you request a GET for successful authentications, you will receive one message showing a value of 100.
SNMP traps allow you to send Authentication Manager error, warning, or success notifications to the NMS. Notifications can be intercepted and filtered based on the data sent in the trap message (message ID or severity, for example). You can also set traps to monitor disk usage, memory usage, and the CPU system load. You can select an interval at which to check the instance and send a notification to the NMS if too many resources are being used.
The NMS uses the data from traps and GETS to compile statistics for Management Information Base (MIB) objects. You can use a MIB browser to view these statistics.
Interpreting Authentication Manager SNMP Values and MIB Objects
In Authentication Manager, SNMP obtains values only from the internal database, not from external identity sources. For example, suppose you have 2000 users in an external identity source but only 1000 users in the Authentication Manager internal database. If you have a GET for the total number of users, the value returned is 1000.
When SNMP performs a GET to retrieve the total number of policies for a specific type of policy, the system default policy is included in the total, despite the fact that you do not see the default policy in the Security Console. For example, if the Security Console displays three password policies, the GET request returns a total of four policies, because it counts the system default policy.
The PerSec values used in the GETS are calculated over a recent, limited period of time, and not from the time of starting Authentication Manager. For example, the amApsRateSampleTimeS value defines the number of seconds over which the amApsAuthReqPerSec data is sampled. The amApsAuthReqPerSec value is not calculated since startup, but is a dynamic calculation over the last amApsRateSampleTimeS seconds.
Object Identifier Structure for SNMP Traps
SNMP trap messages sent by Authentication Manager to the network management filter use a root-level object identifier (OID) structure that describes the cause of the trap notification. You can configure the NMS to filter trap messages based on this data. You do not have to open the trap message to understand details of the notification.
The root-level OID consists of four segments, as shown in the following example.
Indication that this is an Authentication Manager trap message
Log event type
Five digit numerical value corresponding to the action that the trap is monitoring
For example, the following root-level OID indicates that a user was successfully deleted:
18.104.22.168.4.1.2197.20 indicates that this is an Authentication Manager trap
28 indicates that this trap is for an administrator event
3 indicates that the severity level is Success
10054 is the action ID of the DELETE_PRINCIPAL action key.
Troubleshooting Common Error Messages provides troubleshooting steps for commonly occurring error messages, and a list of all action IDs and corresponding action keys and log messages.