Top
ETERNUS SF Express V15.3/ Storage Cruiser V15.3/ AdvancedCopy Manager V15.3 Installation and Setup Guide
ETERNUS
Chapter 4 Setup of ETERNUS SF Manager > 4.3 Setup of Storage Cruiser's manager > 4.3.3 SNMP Trap setting
PreviousNext

4.3.3 SNMP Trap setting

Set SNMP Trap to receive SNMP traps on the Management Server

4.3.3.1 SNMP Trap setting (for Windows)

Install a Windows standard SNMP Trap receiver service as follows:
These services are included in the install media of OS.

Note

Notes in combination with products using the SNMP trap reception function

As with ServerView AlarmService, Express use OS standard SNMP trap reception service for fault management with SNMP Trap reception. Therefore, if any of the following products is mixed, take the same setting procedure as ServerView AlarmService is mixed.

  • Systemwalker Centric Manager

Refer to each product's manual for specific setting method.

4.3.3.2 SNMP Trap setting (for Linux)

SNMP Trap settings of the Management Server differ depending on whether only the IPv4 address device is monitored or whether the IPv4 address and IPv6 address devices are monitored. Set up according to the operating environment.

If only the IPv4 address device is monitored

Customize the snmptrapd configuration file that is in the OS standard net-snmp package to receive SNMP trap in Management Server.

Check snmptrapd status

Check if snmptrapd is activated with the following command:

# chkconfig --list snmptrapd
snmptrapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

If snmptrapd is not activated, execute the following command to activate it:

# chkconfig --add snmptrapd
# chkconfig snmptrapd on

Point

The snmptrapd file is located at /etc/snmp/snmptrapd.conf, but the file /usr/share/snmp/snmptrapd.conf is also used in some other products.
Check the settings in both files to ensure they are correct for the sake of coexistence with other products.

Check access control settings

Check the status of the access control settings.
If the following setting is not in snmptrapd.conf, access control is enabled:

disableAuthorization yes

Note

  • Check the status of access control settings for both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf.

  • If there are no requests from other products, set the above "disableAuthorization yes" in /etc/snmp/snmptrapd.conf to disable access control.

SNMP trap reception settings (if access control is disabled)

Add the following setting to /etc/snmp/snmptrapd.conf:

forward default unix:/var/opt/FJSVssmgr/trap_socket
SNMP trap reception settings (if access control is enabled)

Add the following setting:

authCommunity net public
authCommunity net SANMA
forward default unix:/var/opt/FJSVssmgr/trap_socket

Note

  • Check both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf, and edit the snmptrapd.conf in which authCommunity has been set by other products. If it is not set in either file, edit /etc/snmp/snmptrapd.conf.

  • If a device with an SNMP trap community name other than "public" or "SANMA" is to be monitored, add an authCommunity setting.
    For example, if a device to be monitored has the community name "common", set this parameter as below. Note that the "public" and "SANMA" settings are mandatory.

    authCommunity net public
authCommunity net SANMA
authCommunity net common
forward default unix:/var/opt/FJSVssmgr/trap_socket

  • If authCommunity log or authCommunity execute has already been set by another product, add a comma and "net".
    For example, if authCommunity execute public is already set, set it as follows: 

    authCommunity execute,net public
authCommunity net SANMA
forward default unix:/var/opt/FJSVssmgr/trap_socket
Reflect the configuration file

After having changed the snmptrapd.conf, execute the following commands to restart snmptrapd:
The changed content is reflected to the SNMP trap configuration.

# /etc/init.d/snmptrapd stop
# /etc/init.d/snmptrapd start

Note

After having edited snmptrapd.conf, if you have installed or uninstalled applications using snmptrapd (ServerView AlarmService, etc.) or have changed the configuration, make sure whether the content edited in the snmptrapd.conf is not changed.

Point

In an environment using ServerView trap transfer program, execute the following commands to restart:

# /etc/init.d/snmptrapd stop
# /etc/init.d/trpsrvd stop
# /etc/init.d/snmptrapd start
# /etc/init.d/trpsrvd start

Note

If ServerView AlarmService or any other application that uses snmptrapd has been installed, uninstalled, or had its settings changed after snmptrapd.conf has been customized, check that these procedures have not changed the customized content of snmptrapd.conf.

See

Refer to "snmptrapd.conf Configuration File" in the ETERNUS SF Storage Cruiser Operation Guide for information on the snmptrapd.conf file.

If the IPv6 address device is monitored

Only the IPv4 address device is monitored immediately after ETERNUS SF Manager installation.

As such, change from snmptrapd included in the OS standard net-snmp package by following the procedure below.

  1. Execute the following command to stop ETERNUS SF Manager.

    # /opt/FJSVesfcm/bin/stopesf.sh

  2. If the OS standard SNMP trap daemon (snmptrapd of net-snmp package) has started, execute the following command to stop it.

    # /etc/init.d/snmptrapd stop

  3. Make the settings of the OS standard SNMP trap daemon.

    Make the following settings depending on the version of the installed ETERNUS SF Manager program.

    • If the Manager Program for Linux 32-bit has been installed.
      If the OS standard SNMP trap daemon has automatically started when the system started, execute the following command to stop automatic start.

      # chkconfig snmptrapd off
# chkconfig --list snmptrapd

    • If the Manager Program for Linux 64-bit has been installed.
      The settings are performed automatically when installing the package. No special setting is necessary.

  4. Install the SNMP trap daemon package.

    Install the FJSVswstt-XXXX.rpm package in /opt/FJSVssmgr/etc/pkg.

    # rpm -i /opt/FJSVssmgr/etc/pkg/FJSVswstt-XXXX.rpm

    XXXX part of the package file is depending on the platform of the system.

    For Red Hat Enterprise Linux 5 (for x86), it is as follows:

    # rpm -i /opt/FJSVssmgr/etc/pkg/FJSVswstt-13.6.0-1.i386.rpm

    If the Manager Program for Linux 64-bit has been installed, execute the following command to restart the OS standard SNMP trap daemon after install the package.

    # /etc/init.d/snmptrapd restart

  5. Execute the following command to rename the file.

    # mv /opt/FJSVssmgr/bin/cimserver /opt/FJSVssmgr/bin/cimserver.ipv4
# mv /opt/FJSVssmgr/lib/librcxtrphdl.so /opt/FJSVssmgr/lib/librcxtrphdl.so.ipv4
# mv /opt/FJSVssmgr/sys/cruisermgr /opt/FJSVssmgr/sys/cruisermgr.ipv4

  6. Execute the following command to create a symbolic link.

    # ln -s /opt/FJSVssmgr/bin/cimserver.ipv6 /opt/FJSVssmgr/bin/cimserver
# ln -s /opt/FJSVssmgr/sys/cruisermgr.ipv6 /opt/FJSVssmgr/sys/cruisermgr
# ln -s /opt/FJSVssmgr/lib/libSNMPMHCmnctr.so.ipv6 /opt/FJSVssmgr/lib/libSNMPMHCmnctr.so

  7. Execute the following command to start ETERNUS SF Manager.

    # /opt/FJSVesfcm/bin/startesf.sh

Note

It can be mixed with the following products on the same server if monitoring the IPv6 address device.

  • Systemwalker Centric Manager Management Server (V13.6.0 or later)

  • Systemwalker Centric Manager Section control server (V13.6.0 or later)

Uninstalling the above products may stop the SNMP trap daemon. Execute the following when the above products have been uninstalled from the mixed environment.

  1. Execute the following command and confirm that nwsnmp-trapd is running.

    # ps -ef | grep nwsnmp-trapd

  2. If nwsnmp-trapd is not running, restart the system or execute the following command.

    # /opt/FJSVswstt/bin/mpnm-trapd stop
# /opt/FJSVswstt/bin/mpnm-trapd start

Installation of SELinux policy module for snmptrapd

For environments in which SELinux is set to "enforcing", apply the policy module, according to the following procedure.
Implementing this procedure enables event reception by SNMP Trap.

  1. Run the following command in order to change the setting to "SELinux=Permissive":

    # setenforce 0

  2. Move the directory and apply the policy module.

    # cd /opt/FJSVssmgr/etc/selinux/
# /usr/sbin/semodule -i snmptrapd.pp

  3. Run the following command to check that snmptrapd.pp is displayed:

    # ls /etc/selinux/targeted/modules/active/modules/ | grep snmptrapd.pp
snmptrapd.pp

  4. Run the following command in order to revert the setting to "SELinux=Enforcing":

    # setenforce 1

Note

Check that other products have changed the policy setting for snmptrapd before applying the policy of this product to snmptrapd. Customize the policy setting if necessary.
If the policy is not set correctly, snmptrapd may not work.

Point

Implementing this procedure changes the SELinux policy for snmptrapd.
The policies that are set by applying /opt/FJSVssmgr/etc/selinux/snmptrapd.pp are defined in /opt/FJSVssmgr/etc/selinux/snmptrapd.te.

The contents of /opt/FJSVssmgr/etc/selinux/snmptrapd.te are shown below:

module snmptrapd 1.0;

require {
type unconfined_java_t;
type snmpd_t;
type var_t;
class sock_file write;
class unix_stream_socket connectto;
}

#============= snmpd_t ==============
allow snmpd_t unconfined_java_t:unix_stream_socket connectto;
allow snmpd_t var_t:sock_file write;

In the following cases, apply the policy and create /opt/FJSVssmgr/etc/selinux/snmptrapd.pp again.

  • If you have already changed an SELinux policy for snmptrapd

  • If you are going to change a policy setting for snmptrapd

Implement the following procedure to create snmptrapd.pp:

  1. Modify /opt/FJSVssmgr/etc/selinux/snmptrapd.te.

  2. For changing the definition of the file context, create the snmptrapd.fc file defined the file context.
    Store the created snmptrapd.fc file into the directory that contains the snmptrapd.te file.

  3. Change the directory that contains the modified snmptrapd.te file.

  4. Execute the following command to create snmptrapd.pp in the current directory.

    # make -f /usr/share/selinux/devel/Makefile

Installation of SELinux policy module for nwsnmp-trapd

For environments in which SELinux is set to "enforcing" and if the IPv6 address device is monitored, apply the policy module, according to the following procedure. Implementing this procedure enables event reception by SNMP Trap.

  1. Run the following command in order to change the setting to "SELinux=Permissive":

    # setenforce 0

  2. Move the directory and apply the policy module.

    # cd /opt/FJSVssmgr/etc/selinux/
# /usr/sbin/semodule -i nwsnmp-trapd.pp

  3. Run the following command to check that nwsnmp-trapd.pp is displayed:

    # ls /etc/selinux/targeted/modules/active/modules/ | grep nwsnmp-trapd.pp
nwsnmp-trapd.pp

  4. Run the following command in order to revert the setting to "SELinux=Enforcing":

    # setenforce 1

Note

Check that other products have changed the policy setting for nwsnmp-trapd before applying the policy of this product to nwsnmp-trapd. Customize the policy setting if necessary. Customize the policy setting if necessary.

If the policy is not set correctly, nwsnmp-trapd may not work.

Point

Implementing this procedure changes the SELinux policy for nwsnmp-trapd.

The policies that are set by applying /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.pp are defined in /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te.

The contents of /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te are shown below:

module nwsnmp-trapd 1.0;
require {
type unconfined_java_t;
type snmpd_t;
type var_t;
class sock_file write;
class unix_stream_socket connectto;
}

#============= snmpd_t ==============
allow snmpd_t unconfined_java_t:unix_stream_socket connectto;
allow snmpd_t var_t:sock_file write;

In the following cases, apply the policy and create /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.pp again.

  • If you have already changed an SELinux policy for nwsnmp-trapd

  • If you are going to change a policy setting for nwsnmp-trapd

Implement the following procedure to create nwsnmp-trapd.pp.

  1. Modify /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te.

  2. For changing the definition of the file context, create the nwsnmp-trapd.fc file defined the file context.
    Store the created nwsnmp-trapd.fc file into the directory that contains the nwsnmp-trapd.te file.

  3. Change the directory that contains the modified nwsnmp-trapd.te file.

  4. Execute the following command to create nwsnmp-trapd.pp in the current directory.

    # make -f /usr/share/selinux/devel/Makefile

4.3.3.3 SNMP Trap setting (for Solaris)

There are no specific settings for receiving the SNMP trap in Management Server.

Note

This software can be used in the mixed environment with the following software. When uninstalled, the SNMP Trap monitoring daemon may be stopped.

  • Systemwalker Centric Manager Management Server

  • Systemwalker Centric Manager Section control server

  • Systemwalker Network Assist

  • Systemwalker Network Topology Manager

When above software is uninstalled in the mixed environment, execute the following commands:

  1. Check if nwsnmp-trapd is running by executing the following command:

    # /bin/ps -ef | grep nwsnmp-trapd

  2. If nwsnmp-trapd is not running, reboot the system or execute the following commands:

    # /opt/FJSVswstt/bin/mpnm-trapd stop
# /opt/FJSVswstt/bin/mpnm-trapd start
PreviousNext
Copyright 2012-2013 FUJITSU LIMITED