Top
ETERNUS SF Express V15.3/ Storage Cruiser V15.3/ AdvancedCopy Manager V15.3 Installation and Setup Guide
ETERNUS
Chapter 4 Setup of ETERNUS SF Manager > 4.2 Setup of Express's manager > 4.2.3 SNMP Trap setting
PreviousNext

4.2.3 SNMP Trap setting

Set SNMP Trap to receive SNMP traps on the Management Server.

4.2.3.1 SNMP Trap setting (for Windows)

Install a Windows standard SNMP Trap receiver service as follows:
These services are included in the install media of OS.

4.2.3.2 SNMP Trap setting (for Linux)

In SNMP Trap settings of the Management Server, set up according to the operating environment.

If the device is monitored

Install OS standard net-snmp package.

When installing net-snmp package, lm-sensors package may be required. These packages provide in OS installation media.
Edit the setup file for snmptrapd after ETERNUS SF Manager installation.

Note

  • Create text file (snmptrapd.conf) in /etc/snmp directory when /etc/snmp/snmptrapd.conf does not exist.

  • For Express, be sure to set /etc/snmp/snmptrapd.conf as follows:

    forward default unix:/var/opt/FJSVssmgr/trap_socket

  • Normally, the snmptrapd configuration file indicates /etc/snmp/snmptrapd.conf. However other products may use /usr/share/snmp/snmptrapd.conf. Therefore, in this procedure, check both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf. for coexisting with other products.

  • If /usr/share/snmp/snmptrapd.conf is not used on other products, then disable access control by adding "disableAuthorization yes" to "/etc/snmp/snmptrapd.conf".

Edit the snmptrapd configuration file, according to the following procedure.

  1. Confirm that snmptrapd is enabled by executing the following command:

    # chkconfig --list snmptrapd
snmptrapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

    If snmptrapd is disabled, execute the following command to enable snmptrapd:

    # chkconfig --add snmptrapd
# chkconfig snmptrapd on

  2. Confirm snmptrapd access control.
    The setup varies depending on the access control setup status.

    Check the content of the snmptrapd.conf and if the following is set, access control is disabled.

    disableAuthorization yes

    • When access control is disabled.

      Add the following content to /etc/snmp/snmptrapd.conf. SNMP trap reception is set.

      forward default unix:/var/opt/FJSVssmgr/trap_socket

    • When access control is enabled.

      Add the following lines in snmptrapd.conf.

      authCommunity net public
authCommunity net SANMA
forward default unix:/var/opt/FJSVssmgr/trap_socket

      Check both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf, and edit snmptrapd.conf in which authCommunity has been set by other products.
      If authCommunity is not set in either file, edit /etc/snmp/snmptrapd.conf.

      Information

      • authCommunity is an editable item when access control is enabled.

        The format is as follows:

        authCommunity TYPES COMMUNITY [SOURCE [OID | -v VIEW ]]

  TYPES: log,execute,net
  COMMUNITY: SNMP trap community name for a device to be monitored

        Set log, execute and net in the TYPES field.
        Set the SNMP trap community name for a device to be monitored, in the COMMUNITY field.
        Do not set SOURCE, OID and VIEW fields for Express.

        For example, set as follows:

        authCommunity net public
authCommunity net SANMA

      • If an ETERNUS Disk storage system with an SNMP trap community name other than "public" or "SANMA" is to be monitored, add an authCommunity setting.
        For example, if an ETERNUS Disk storage system to be monitored has the community name "common", set this parameter as below. Note that the "public" and "SANMA" settings are mandatory.

        authCommunity net public
authCommunity net SANMA
authCommunity net common
forward default unix:/var/opt/FJSVssmgr/trap_socket

      • If authCommunity log or authCommunity execute has already been set by another product, add a comma and "net".
        For example, if authCommunity execute public is already set, set it as follows:

        authCommunity execute,net public
authCommunity net SANMA
forward default unix:/var/opt/FJSVssmgr/trap_socket

  3. Reflect the configuration file.

    After having changed the snmptrapd.conf, execute the following commands to restart snmptrapd:
    The changed content is reflected to the SNMP trap configuration.

    # /etc/init.d/snmptrapd stop
# /etc/init.d/snmptrapd start

    Note

    After having edited snmptrapd.conf, if you have installed or uninstalled applications using snmptrapd (ServerView AlarmService, etc.) or have changed the configuration, make sure whether the content edited in the snmptrapd.conf is not changed.

    Point

    In an environment using ServerView trap transfer program, execute the following commands to restart:

    # /etc/init.d/snmptrapd stop
# /etc/init.d/trpsrvd stop
# /etc/init.d/snmptrapd start
# /etc/init.d/trpsrvd start

Installation of SELinux policy module for snmptrapd

For environments in which SELinux is set to "enforcing", apply the policy module, according to the following procedure.
Implementing this procedure enables event reception by SNMP Trap.

  1. Run the following command in order to change the setting to "SELinux=Permissive":

    # setenforce 0

  2. Move the directory and apply the policy module.

    # cd /opt/FJSVssmgr/etc/selinux/
# /usr/sbin/semodule -i snmptrapd.pp

  3. Run the following command to check that snmptrapd.pp is displayed:

    # ls /etc/selinux/targeted/modules/active/modules/ | grep snmptrapd.pp
snmptrapd.pp

  4. Run the following command in order to revert the setting to "SELinux=Enforcing":

    # setenforce 1

Note

Check that other products have changed the policy setting for snmptrapd before applying the policy of this product to snmptrapd. Customize the policy setting if necessary.
If the policy is not set correctly, snmptrapd may not work.

Point

Implementing this procedure changes the SELinux policy for snmptrapd.
The policies that are set by applying /opt/FJSVssmgr/etc/selinux/snmptrapd.pp are defined in /opt/FJSVssmgr/etc/selinux/snmptrapd.te.

The contents of /opt/FJSVssmgr/etc/selinux/snmptrapd.te are shown below:

module snmptrapd 1.0;

require {
type unconfined_java_t;
type snmpd_t;
type var_t;
class sock_file write;
class unix_stream_socket connectto;
}

#============= snmpd_t ==============
allow snmpd_t unconfined_java_t:unix_stream_socket connectto;
allow snmpd_t var_t:sock_file write;

In the following cases, apply the policy and create /opt/FJSVssmgr/etc/selinux/snmptrapd.pp again.

  • If you have already changed an SELinux policy for snmptrapd

  • If you are going to change a policy setting for snmptrapd

Implement the following procedure to create snmptrapd.pp:

  1. Modify /opt/FJSVssmgr/etc/selinux/snmptrapd.te.

  2. For changing the definition of the file context, create the snmptrapd.fc file defined the file context.
    Store the created snmptrapd.fc file into the directory that contains the snmptrapd.te file.

  3. Change the directory that contains the modified snmptrapd.te file.

  4. Execute the following command to create snmptrapd.pp in the current directory.

    # make -f /usr/share/selinux/devel/Makefile

Installation of SELinux policy module for nwsnmp-trapd

For environments in which SELinux is set to "enforcing" and if the IPv6 address device is monitored, apply the policy module, according to the following procedure. Implementing this procedure enables event reception by SNMP Trap.

  1. Run the following command in order to change the setting to "SELinux=Permissive":

    # setenforce 0

  2. Move the directory and apply the policy module.

    # cd /opt/FJSVssmgr/etc/selinux/
# /usr/sbin/semodule -i nwsnmp-trapd.pp

  3. Run the following command to check that nwsnmp-trapd.pp is displayed:

    # ls /etc/selinux/targeted/modules/active/modules/ | grep nwsnmp-trapd.pp
nwsnmp-trapd.pp

  4. Run the following command in order to revert the setting to "SELinux=Enforcing":

    # setenforce 1

Note

Check that other products have changed the policy setting for nwsnmp-trapd before applying the policy of this product to nwsnmp-trapd. Customize the policy setting if necessary. Customize the policy setting if necessary.

If the policy is not set correctly, nwsnmp-trapd may not work.

Point

Implementing this procedure changes the SELinux policy for nwsnmp-trapd.

The policies that are set by applying /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.pp are defined in /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te.

The contents of /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te are shown below:

module nwsnmp-trapd 1.0;
require {
type unconfined_java_t;
type snmpd_t;
type var_t;
class sock_file write;
class unix_stream_socket connectto;
}

#============= snmpd_t ==============
allow snmpd_t unconfined_java_t:unix_stream_socket connectto;
allow snmpd_t var_t:sock_file write;

In the following cases, apply the policy and create /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.pp again.

  • If you have already changed an SELinux policy for nwsnmp-trapd

  • If you are going to change a policy setting for nwsnmp-trapd

Implement the following procedure to create nwsnmp-trapd.pp.

  1. Modify /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te.

  2. For changing the definition of the file context, create the nwsnmp-trapd.fc file defined the file context.
    Store the created nwsnmp-trapd.fc file into the directory that contains the nwsnmp-trapd.te file.

  3. Change the directory that contains the modified nwsnmp-trapd.te file.

  4. Execute the following command to create nwsnmp-trapd.pp in the current directory.

    # make -f /usr/share/selinux/devel/Makefile

PreviousNext
Copyright 2012-2013 FUJITSU LIMITED