Set SNMP Trap to receive SNMP Traps on the Management Server.
Management Server SNMP Trap settings differs from when monitoring devices only with SNMPv1 protocol in either of the following cases:
When monitoring devices using only SNMPv3 protocol
When monitoring devices using SNMPv1 protocol and SNMPv3 protocol
Configure according to the operating environment.
When Monitoring Devices Using Only SNMPv1 Protocol
Install a Windows standard SNMP Trap receiver service (SNMP Trap).
This service is included in the install media of OS.
When Monitoring Devices Using Only SNMPv3 Protocol or When Monitoring Devices Using SNMPv1 Protocol and SNMPv3 Protocol
Take the following steps to stop Storage Cruiser's manager.
Open the Services screen.
For Windows Server 2012, click Control Panel > System and Security > Administrative Tools > Services.
For a Windows environment other than listed above, click Control Panel > Administrative Tools > Services.
Select "ETERNUS SF Manager Tomcat Service" to click Stop.
Execute the following command from the command prompt and install the ETERNUS SF SNMP Trap Service. $INS_DIR is "Program Directory" specified at the ETERNUS SF Manager installation.
> powershell -ExecutionPolicy Unrestricted $INS_DIR\ESC\Manager\opt\FJSVssmgr\sbin\swsttctr.ps1 -install
Take the following steps to start ETERNUS SF SNMP Trap Service.
Open the Services screen.
Select "ETERNUS SF SNMP Trap Service" to click Start.
Take the following steps to start Storage Cruiser's manager.
Open the Services screen.
Select "ETERNUS SF Manager Tomcat Service" to click Start.
Note
If other applications using SNMP Traps coexist, use only IPv4 address for IP address of managed devices.
If IPv6 address is included in the IP addresses of managed devices, ETERNUS SF Manager cannot coexist with other applications using SNMP Traps.
Take the following steps to stop Storage Cruiser's manager.
Open the Services screen.
For Windows Server 2012, click Control Panel > System and Security > Administrative Tools > Services.
For a Windows environment other than listed above, click Control Panel > Administrative Tools > Services.
Select "ETERNUS SF Manager Tomcat Service" to click Stop.
Execute the following command from the command prompt and install the ETERNUS SF SNMP Trap Service. $INS_DIR is "Program Directory" specified at the ETERNUS SF Manager installation.
> powershell -ExecutionPolicy Unrestricted $INS_DIR\ESC\Manager\opt\FJSVssmgr\sbin\swsttctr.ps1 -install
Refer to "Appendix J Installation and Configuration of SNMP Trap Transfer Program" to install the SNMP Trap transfer program.
The SNMP Trap settings of the Management Server differ depending on the IP address of devices or the protocol used for fault monitoring. Perform a configuration according to the operating environment by referring to the following table.
IP Address of Managed Device | Protocol to Be Used with Device Fault Monitoring | SNMP Trap Settings |
|---|---|---|
IPv4 address only | SNMPv1 only | Refer to "When Using OS-standard SNMP Trap Monitoring Daemon". |
IPv4 address only | SNMPv3 only, or SNMPv1 and SNMPv3 | Refer to "When Using ETERNUS SF SNMP Trap Monitoring Daemon". |
IPv4 address and IPv6 address |
When Using OS-standard SNMP Trap Monitoring Daemon
Customize the snmptrapd configuration file that is in the OS-standard net-snmp package to receive SNMP Trap in Management Server.
Execute the following commands.
# systemctl enable snmptrapd.service # systemctl start snmptrapd.service
Execute the following command and check whether snmptrapd is activated.
# chkconfig --list snmptrapd snmptrapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
If snmptrapd is not activated, execute the following command to activate it.
# chkconfig --add snmptrapd # chkconfig snmptrapd on
Point
The snmptrapd file is located at /etc/snmp/snmptrapd.conf, but the file /usr/share/snmp/snmptrapd.conf is also used in some other products.
Check the settings in both files to ensure they are correct for the sake of coexistence with other products.
Check the status of the access control settings.
If the following setting is not in snmptrapd.conf, access control is enabled:
disableAuthorization yes |
Note
Check the status of access control settings for both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf.
If there are no requests from other products, set the above "disableAuthorization yes" in /etc/snmp/snmptrapd.conf to disable access control.
Add the following setting to /etc/snmp/snmptrapd.conf:
forward default unix:/var/opt/FJSVssmgr/trap_socket |
Add the following setting:
authCommunity net public authCommunity net SANMA forward default unix:/var/opt/FJSVssmgr/trap_socket |
Note
Check both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf, and edit the snmptrapd.conf in which authCommunity has been set by other products. If it is not set in either file, edit /etc/snmp/snmptrapd.conf.
If a device with an SNMP Trap community name other than "public" or "SANMA" is to be monitored, add an authCommunity setting.
For example, if a device to be monitored has the community name "common", set this parameter as below. Note that the "public" and "SANMA" settings are mandatory.
authCommunity net public authCommunity net SANMA authCommunity net common forward default unix:/var/opt/FJSVssmgr/trap_socket |
If authCommunity log or authCommunity execute has already been set by another product, add a comma and "net".
For example, if authCommunity execute public is already set, set it as follows:
authCommunity execute,net public authCommunity net SANMA forward default unix:/var/opt/FJSVssmgr/trap_socket |
After having changed the snmptrapd.conf, execute the following commands to restart snmptrapd:
The changed content is reflected to the SNMP Trap configuration.
Execute the following command.
# systemctl restart snmptrapd.service
Execute the following commands.
# /etc/init.d/snmptrapd stop # /etc/init.d/snmptrapd start
Point
In an environment using ServerView trap transfer program, restart the snmptrapd daemon and the trpsrvd daemon.
Note
If ServerView AlarmService or any other application that uses snmptrapd has been installed, uninstalled, or had its settings changed after snmptrapd.conf has been customized, check that these procedures have not changed the customized content of snmptrapd.conf.
See
Refer to "snmptrapd.conf Configuration File" in the ETERNUS SF Storage Cruiser Operation Guide for information on the snmptrapd.conf file.
When Using ETERNUS SF SNMP Trap Monitoring Daemon
Immediately after installing ETERNUS SF Manager, the system is set to use the OS-standard SNMP Trap monitoring daemon. For this reason, change from the snmptrapd that contains the OS-standard net-snmp package using the following procedure:
Execute the following command to stop ETERNUS SF Manager.
# /opt/FJSVesfcm/bin/stopesf.sh |
If the OS-standard SNMP Trap daemon (snmptrapd of net-snmp package) has started, execute the following steps to stop it.
For Red Hat Enterprise Linux 7, execute the following command:
# systemctl stop snmptrapd.service
For Red Hat Enterprise Linux 5 or Red Hat Enterprise Linux 6, execute the following command:
# /etc/init.d/snmptrapd stop
Make the settings of the OS-standard SNMP Trap daemon.
Make the following settings depending on the version of the installed ETERNUS SF Manager program.
For Red Hat Enterprise Linux 7:
If the OS-standard SNMP Trap daemon has automatically started when the system started, execute the following command to stop automatic start.
# systemctl disable snmptrapd.service
For Red Hat Enterprise Linux 6:
If the OS-standard SNMP Trap daemon has automatically started when the system started, execute the following command to stop automatic start.
# chkconfig snmptrapd off # chkconfig --list snmptrapd
For Red Hat Enterprise Linux 5:
The settings are performed automatically when installing the package. No special setting is necessary.
Perform an installation and configuration of the SNMP Trap daemon package.
Installation of package
Install the FJSVswstt-XXXX.rpm package in /opt/FJSVssmgr/etc/pkg.
# rpm -i /opt/FJSVssmgr/etc/pkg/FJSVswstt-XXXX.rpmXXXX part of the package file is depending on the platform of the system.
Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 are as shown below:
# rpm -i /opt/FJSVssmgr/etc/pkg/FJSVswstt-V13.7.0-1.x86_64.rpm
Configuration of automatic startup
This procedure is only performed for Red Hat Enterprise Linux 7. Execute the following commands to configure the automatic startup of the SNMP Trap daemon.
# cp -p /opt/FJSVssmgr/etc/pkg/startsc-snmptrapd.service /usr/lib/systemd/system # systemctl enable startsc-snmptrapd.service
Start the OS-standard SNMP Trap daemon
This procedure is only performed for Red Hat Enterprise Linux 5. Execute the following command to restart the OS-standard SNMP Trap daemon.
# /etc/init.d/snmptrapd restart
Execute the following command to start ETERNUS SF Manager.
# /opt/FJSVesfcm/bin/startesf.sh |
Note
It can be mixed with the following products on the same server if monitoring the IPv6 address device:
Systemwalker Centric Manager Management Server (V13.6.0 or later)
Systemwalker Centric Manager Section control server (V13.6.0 or later)
Uninstalling the above products may stop the SNMP Trap daemon. Execute the following when the above products have been uninstalled from the mixed environment.
Execute the following command and confirm that nwsnmp-trapd is running.
For Red Hat Enterprise Linux 7
# systemctl status startsc-snmptrapd.service
For Red Hat Enterprise Linux 5 or Red Hat Enterprise Linux 6
# ps -ef | grep nwsnmp-trapd
If nwsnmp-trapd is not running, restart the system or execute the following command.
For Red Hat Enterprise Linux 7
# systemctl start startsc-snmptrapd.service
For Red Hat Enterprise Linux 5 or Red Hat Enterprise Linux 6
# /opt/FJSVswstt/bin/mpnm-trapd stop # /opt/FJSVswstt/bin/mpnm-trapd start
Installation of SELinux Policy Module for SNMP Trap Daemon
For environments in which SELinux is set to "Enforcing", apply the policy module, according to the following procedure.
If Red Hat Enterprise Linux 7, default is SELinux = Enforcing.
By performing this procedure, the SELinux policy module for the snmptrapd daemon or the nwsnmp-trapd daemon is automatically installed, and event notifications can be received depending on the SNMP Trap.
Note
Check that other products have changed the policy setting for snmptrapd daemon or nwsnmp-trapd daemon before applying the policy of this product to snmptrapd daemon or nwsnmp-trapd daemon. Customize the policy settings if necessary.
If the policy is not set correctly, snmptrapd daemon or nwsnmp-trapd daemon may not work.
If customizations are not made to the SELinux policy module
Execute the following command to apply the SELinux policy module.
# /opt/FJSVssmgr/etc/selinux/esfsepolicy_setup.sh
If customizations are made to the SELinux policy module
By performing this procedure, the SELinux policy for the snmptrapd daemon or the nwsnmp-trapd daemon can be changed.
The policy definition file that corresponds to the SELinux policy module is as follows.
OS | IP Address Environment of Monitoring Device | Protocol Used by Device Fault Monitoring | Policy Definition File | SELinux Policy Module Name | File Context Name |
|---|---|---|---|---|---|
Red Hat Enterprise Linux 6 | IPv4 | SNMPv1 | /opt/FJSVssmgr/etc/selinux/snmptrapd.te | snmptrapd.pp | snmptrapd.fc |
SNMPv3 | /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te | nwsnmp-trapd.pp | nwsnmp-trapd.fc | ||
IPv6 | SNMPv1 | ||||
SNMPv3 |
In Red Hat Enterprise Linux 7, the contents of the default SELinux policy module definition file are as follows.
modulepolicyModuleName1.0;
require {
type unconfined_t;
type snmpd_t;
type var_t;
type initrc_t;
type init_t;
class sock_file write;
class unix_stream_socket connectto;
}
#============= snmpd_t ==============
allow snmpd_t initrc_t:unix_stream_socket connectto;
allow snmpd_t init_t:unix_stream_socket connectto;
allow snmpd_t unconfined_t:unix_stream_socket connectto;
allow snmpd_t var_t:sock_file write;Implement the following procedure to customize:
Refer to "Table 4.6 SELinux Policy Module Customization File" and check the file name to use.
Copy and correct the policy definition file that corresponds to the system in an optional directory.
When changing the file context definition, create a file context.
The created file context is stored in the directory with the corrected policy definition file.
Move to the directory with the corrected policy definition file.
Execute the following command. SELinux policy module is created in the current directory.
# make -f /usr/share/selinux/devel/Makefile
Execute the following command to change the setting to "SELinux=Permissive":
# setenforce 0
Execute the following command to apply the policy module.
# /usr/sbin/semodule -i policyModuleNameExecute the following command to check that the policy module name is displayed:
# ls /etc/selinux/targeted/modules/active/modules/ | grep policyModuleName policyModuleName
Execute the following command to revert the setting to "SELinux=Enforcing":
# setenforce 1
Note
For creating the SELinux policy, selinux-policy-devel package is required.
If a package has not been installed, create a policy after installing the package.
There are no specific settings for receiving the SNMP Trap in Management Server.
Note
This software can be used in the mixed environment with the following software. When uninstalled, the SNMP Trap monitoring daemon may be stopped.
Systemwalker Centric Manager Management Server
Systemwalker Centric Manager Section control server
Systemwalker Network Assist
Systemwalker Network Topology Manager
When above software is uninstalled in the mixed environment, execute the following commands:
Check whether nwsnmp-trapd is running by executing the following command.
# /bin/ps -ef | grep nwsnmp-trapd |
If nwsnmp-trapd is not running, reboot the system or execute the following commands.
# /opt/FJSVswstt/bin/mpnm-trapd stop # /opt/FJSVswstt/bin/mpnm-trapd start |