How can I configure a SNMP trap in RSA authentication manager to give us alerts for the replication status? it would be helpful if we get notified whenever one of the instances (primary or replica) has replication error e.g. out of sync or internal replication error. what is the OID we could and what value would it give us?
I've moved your question to the RSA SecurID Access space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA SecurID Access and click Ask A Question. That way your question will appear in the correct space.
Regards,
Erica
I found article 000031956 - Monitoring replication status using SNMP in RSA Authentication Manager 8.x, which you may find helpful.
Let us know if you need more information.
Regards,
Erica
Replication problems can trap an error, but better, is a pollable OID:
For traps make sure Send traps for System Log events is selected on the SNMP setup page in Security Console
But in my opinion it is better to actively poll, and do GETS on Replication OID 1.3.6.1.4.1.2197.20.21.1.5.x
(a) on the primary, there will be an OID per instance
for primary replication status 1.3.6.1.4.1.2197.20.21.1.5.0
for replica replication status 1.3.6.1.4.1.2197.20.21.1.5.1
and similarly. 21.1.5.x for other replicas
and, a replica has it's own pollable OID's and status as well.
(b) This OID will be a STRING and will report one of several conditions:
ATTACHING
FAILED
OFFLINE
UNHEALTHY
HEALTHY
OUT_OF_SYNC
SYNCHRONIZING
(c) For my lab, my snmp tool only works with numbers, the string values are meaningless, so
I use a basic script to get the string into a value (for this, healthy is 4, anything else is 'not replicating')
example: replica replication status script for mrtg
#/usr/bin/bash
HOME=/root
LOGNAME=root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
LANG=en_US.UTF-8
SHELL=/bin/sh
PWD=/root
OUTPUT2="$(/usr/bin/snmpget -v3 -l noauthnopriv -u snmpuser 10.101.99.150 1.3.6.1.4.1.2197.20.21.1.5.1)"
#echo $OUTPUT2
RESULT2="$(echo $OUTPUT2 | cut -d '"' -f2)"
#echo $RESULT2
if [ $RESULT2 == "HEALTHY" ]; then
echo "4"
elif [ $RESULT2 == "OUT_OF_SYNC" ]; then
echo "3"
elif [ $RESULT2 == "OFFLINE" ]; then
echo "2"
else echo "1"
fi
echo "0"
exit
And, using this script passing numeric values to MRTG [which is the core component of my home-spun grapher]...
I get graphs showing how replication is doing at the moment, and over time...
Replication problems can trap an error, but better, is a pollable OID:
For traps make sure Send traps for System Log events is selected on the SNMP setup page in Security Console
But in my opinion it is better to actively poll, and do GETS on Replication OID 1.3.6.1.4.1.2197.20.21.1.5.x
(a) on the primary, there will be an OID per instance
for primary replication status 1.3.6.1.4.1.2197.20.21.1.5.0
for replica replication status 1.3.6.1.4.1.2197.20.21.1.5.1
and similarly. 21.1.5.x for other replicas
and, a replica has it's own pollable OID's and status as well.
(b) This OID will be a STRING and will report one of several conditions:
Replication Status
ATTACHING
FAILED
OFFLINE
UNHEALTHY
HEALTHY
OUT_OF_SYNC
SYNCHRONIZING
(c) For my lab, my snmp tool only works with numbers, the string values are meaningless, so
I use a basic script to get the string into a value (for this, healthy is 4, anything else is 'not replicating')
example: replica replication status script for mrtg
#/usr/bin/bash
HOME=/root
LOGNAME=root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
LANG=en_US.UTF-8
SHELL=/bin/sh
PWD=/root
OUTPUT2="$(/usr/bin/snmpget -v3 -l noauthnopriv -u snmpuser 10.101.99.150 1.3.6.1.4.1.2197.20.21.1.5.1)"
#echo $OUTPUT2
RESULT2="$(echo $OUTPUT2 | cut -d '"' -f2)"
#echo $RESULT2
if [ $RESULT2 == "HEALTHY" ]; then
echo "4"
elif [ $RESULT2 == "OUT_OF_SYNC" ]; then
echo "3"
elif [ $RESULT2 == "OFFLINE" ]; then
echo "2"
else echo "1"
fi
echo "0"
exit
And, using this script passing numeric values to MRTG [which is the core component of my home-spun grapher]...
I get graphs showing how replication is doing at the moment, and over time...