Set SNMP Trap to receive SNMP Traps on the Management Server.
Management Server SNMP Trap settings differs from when monitoring devices only with SNMPv1 protocol in either of the following cases:
When monitoring devices using only SNMPv3 protocol
When monitoring devices using SNMPv1 protocol and SNMPv3 protocol
Configure according to the operating environment.
When Monitoring Devices Using Only SNMPv1 Protocol
Install a Windows standard SNMP Trap receiver service (SNMP Trap).
This service is included in the install media of OS.
When Monitoring Devices Using Only SNMPv3 Protocol or When Monitoring Devices Using SNMPv1 Protocol and SNMPv3 Protocol
Take the following steps to stop Express's manager.
Open the Services screen.
For Windows Server 2012 or later, click Control Panel > System and Security > Administrative Tools > Services.
For a Windows environment other than listed above, click Control Panel > Administrative Tools > Services.
Select "ETERNUS SF Manager Tomcat Service" to click Stop.
Execute the following command from the command prompt and install the ETERNUS SF SNMP Trap Service. $INS_DIR is "Program Directory" specified at the ETERNUS SF Manager installation.
> powershell -ExecutionPolicy Unrestricted $INS_DIR\ESC\Manager\opt\FJSVssmgr\sbin\swsttctr.ps1 -install
Take the following steps to start ETERNUS SF SNMP Trap Service.
Open the Services screen.
Select "ETERNUS SF SNMP Trap Service" to click Start.
Take the following steps to start Express's manager.
Open the Services screen.
Select "ETERNUS SF Manager Tomcat Service" to click Start.
Note
If other applications using SNMP Traps coexist, use only IPv4 address for IP address of managed devices.
If IPv6 address is included in the IP addresses of managed devices, ETERNUS SF Manager cannot coexist with other applications using SNMP Traps.
Take the following steps to stop Express's manager.
Open the Services screen.
For Windows Server 2012 or later, click Control Panel > System and Security > Administrative Tools > Services.
For a Windows environment other than listed above, click Control Panel > Administrative Tools > Services.
Select "ETERNUS SF Manager Tomcat Service" to click Stop.
Execute the following command from the command prompt and install the ETERNUS SF SNMP Trap Service. $INS_DIR is "Program Directory" specified at the ETERNUS SF Manager installation.
> powershell -ExecutionPolicy Unrestricted $INS_DIR\ESC\Manager\opt\FJSVssmgr\sbin\swsttctr.ps1 -install
Refer to "Appendix I Installation and Configuration of SNMP Trap Transfer Program" to install the SNMP Trap transfer program.
Management Server SNMP Trap settings differs from when monitoring devices only with SNMPv1 protocol in either of the following cases:
When monitoring devices using only SNMPv3 protocol
When monitoring devices using SNMPv1 protocol and SNMPv3 protocol
Configure according to the operating environment.
When Monitoring Devices Using Only SNMPv1 Protocol
Customize the snmptrapd configuration file that is in the OS-standard net-snmp package to receive SNMP Trap in Management Server.
Execute the following commands.
# systemctl enable snmptrapd.service # systemctl start snmptrapd.service
Execute the following command and check whether snmptrapd is activated.
# chkconfig --list snmptrapd snmptrapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
If snmptrapd is not activated, execute the following commands to activate it.
# chkconfig --add snmptrapd # chkconfig snmptrapd on
Point
The snmptrapd file is located at /etc/snmp/snmptrapd.conf, but the file /usr/share/snmp/snmptrapd.conf is also used in some other products.
Check the settings in both files to ensure they are correct for the sake of coexistence with other products.
Check the status of the access control settings.
If the following setting is not in snmptrapd.conf, access control is enabled:
disableAuthorization yes |
Note
Check the status of access control settings for both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf.
If there are no requests from other products, set the above "disableAuthorization yes" in /etc/snmp/snmptrapd.conf to disable access control.
Add the following setting to /etc/snmp/snmptrapd.conf:
forward default unix:/var/opt/FJSVssmgr/trap_socket |
Add the following setting:
authCommunity net public authCommunity net SANMA forward default unix:/var/opt/FJSVssmgr/trap_socket |
Check both /etc/snmp/snmptrapd.conf and /usr/share/snmp/snmptrapd.conf, and edit the snmptrapd.conf in which authCommunity has been set by other products. If it is not set in either file, edit /etc/snmp/snmptrapd.conf.
Information
authCommunity is an editable item when access control is enabled.
The format is as follows:
authCommunity TYPES COMMUNITY [SOURCE [OID | -v VIEW ]] TYPES: log,execute,net COMMUNITY: SNMP trap community name for a device to be monitored |
Set log, execute and net in the TYPES field.
Set the SNMP Trap community name for a device to be monitored, in the COMMUNITY field.
Do not set SOURCE, OID and VIEW fields for Express.
For example, set as follows:
authCommunity net public authCommunity net SANMA |
If an ETERNUS Disk storage system with an SNMP Trap community name other than "public" or "SANMA" is to be monitored, add an authCommunity setting.
For example, if an ETERNUS Disk storage system to be monitored has the community name "common", set this parameter as below. Note that the "public" and "SANMA" settings are mandatory.
authCommunity net public authCommunity net SANMA authCommunity net common forward default unix:/var/opt/FJSVssmgr/trap_socket |
If authCommunity log or authCommunity execute has already been set by another product, add a comma and "net".
For example, if authCommunity execute public is already set, set it as follows:
authCommunity execute,net public authCommunity net SANMA forward default unix:/var/opt/FJSVssmgr/trap_socket |
After having changed the snmptrapd.conf, execute the following commands to restart snmptrapd:
The changed content is reflected to the SNMP Trap configuration.
Execute the following command.
# systemctl restart snmptrapd.service
Execute the following commands.
# /etc/init.d/snmptrapd stop # /etc/init.d/snmptrapd start
Note
If ServerView AlarmService or any other application that uses snmptrapd has been installed, uninstalled, or had its settings changed after snmptrapd.conf has been customized, check that these procedures have not changed the customized content of snmptrapd.conf.
Point
In an environment using ServerView trap transfer program, reactivate the snmptrapd daemon and the trpsrvd daemon.
See
Refer to "snmptrapd.conf Configuration File" in the ETERNUS SF Storage Cruiser Operation Guide for information on the snmptrapd.conf file.
When Monitoring Devices Using Only SNMPv3 Protocol or When Monitoring Devices Using SNMPv1 Protocol and SNMPv3 Protocol
Immediately after ETERNUS SF Manager is installed, the setting is to monitor only SNMPv1 protocol devices. For this reason, change from the snmptrapd that contains the OS-standard net-snmp package using the following procedure:
Execute the following command to stop ETERNUS SF Manager.
# /opt/FJSVesfcm/bin/stopesf.sh |
If the OS-standard SNMP Trap daemon (snmptrapd of the net-snmp package) has started, execute the following step to stop it.
For Red Hat Enterprise Linux 7, execute the following command.
# systemctl stop snmptrapd.service
For Red Hat Enterprise Linux 5 or Red Hat Enterprise Linux 6, execute the following command.
# /etc/init.d/snmptrapd stop
Perform a configuration of the OS-standard SNMP Trap daemon.
Perform the following settings according to the ETERNUS SF Manager program that is installed.
For Red Hat Enterprise Linux 7:
If the OS-standard SNMP Trap daemon automatically starts when the system starts, execute the following command to stop automatic start.
# systemctl disable snmptrapd.service
For Red Hat Enterprise Linux 6:
If the OS-standard SNMP Trap daemon automatically starts when the system starts, execute the following command to stop automatic start.
# chkconfig snmptrapd off # chkconfig --list snmptrapd
For Red Hat Enterprise Linux 5:
The settings are performed automatically when installing the package. No special setting is necessary.
Perform an installation and configuration of the SNMP Trap daemon package.
Installation of the package
Install the FJSVswstt-XXXX.rpm package to /opt/FJSVssmgr/etc/pkg.
# rpm -i /opt/FJSVssmgr/etc/pkg/FJSVswstt-XXXX.rpmThe XXXX part of the package file is depends on the platform of the system.
The command for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 is as follows:
# rpm -i /opt/FJSVssmgr/etc/pkg/FJSVswstt-V13.7.0-1.x86_64.rpm
Configuring automatic startup
Perform this procedure only for Red Hat Enterprise Linux 7. Configure the automatic startup of the SNMP Trap daemon by executing the following commands.
# cp -p /opt/FJSVssmgr/etc/pkg/startsc-snmptrapd.service /usr/lib/systemd/system # systemctl enable startsc-snmptrapd.service
Start the OS-standard SNMP Trap daemon
Perform this procedure only for Red Hat Enterprise Linux 5. Restart the OS-standard SNMP Trap daemon by executing the following command.
# /etc/init.d/snmptrapd restart
Execute the following command to start ETERNUS SF Manager.
# /opt/FJSVesfcm/bin/startesf.sh |
Note
For environments mixed with Systemwalker Centric Manager on the same server, the SNMP Trap daemon may stop if Systemwalker Centric Manager is uninstalled.
If Systemwalker Centric Manager was uninstalled from the mixed environment, take the following actions:
Execute the following command to confirm that nwsnmp-trapd is running.
For Red Hat Enterprise Linux 7
# systemctl status startsc-snmptrapd.service
For Red Hat Enterprise Linux 5 or Red Hat Enterprise Linux 6
# ps -ef | grep nwsnmp-trapd
If nwsnmp-trapd is not running, restart the system or execute the following command.
For Red Hat Enterprise Linux 7
# systemctl start startsc-snmptrapd.service
For Red Hat Enterprise Linux 5 or Red Hat Enterprise Linux 6
# /opt/FJSVswstt/bin/mpnm-trapd stop # /opt/FJSVswstt/bin/mpnm-trapd start
Installation of SELinux Policy Module for SNMP Trap Daemon
For SELinux is set to "enforcing", apply the policy module, according to the following procedure.
If Red Hat Enterprise Linux 7, default is SELinux = Enforcing.
By executing this procedure, the SELinux policy module for the snmptrapd daemon is automatically installed, and it is possible to receive events via SNMP Traps.
Note
Check that other products have changed the policy setting for snmptrapd daemon before applying the policy of this product to snmptrapd daemon. Customize the policy setting if necessary.
If the policy is not set correctly, snmptrapd daemon may not work.
If customizations are not made to the SELinux policy module
Execute the following command to apply the SELinux policy module.
# /opt/FJSVssmgr/etc/selinux/esfsepolicy_setup.sh
If customizations are made to the SELinux policy module
By performing this procedure, the SELinux policy for the snmptrapd daemon can be changed.
The policy definition file that corresponds to the SELinux policy module is as follows.
OS | IP Address Environment of Monitoring Device | Protocol Used by Device Fault Monitoring | Policy Definition File | SELinux Policy Module Name | File Context Name |
|---|---|---|---|---|---|
Red Hat Enterprise Linux 6 | IPv4 | SNMPv1 | /opt/FJSVssmgr/etc/selinux/snmptrapd.te | snmptrapd.pp | snmptrapd.fc |
SNMPv3 | /opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te | nwsnmp-trapd.pp | nwsnmp-trapd.fc |
In Red Hat Enterprise Linux 7, the contents of the default SELinux policy module definition file are as follows:
modulepolicyModuleName1.0;
require {
type unconfined_t;
type snmpd_t;
type var_t;
type initrc_t;
type init_t;
class sock_file write;
class unix_stream_socket connectto;
}
#============= snmpd_t ==============
allow snmpd_t initrc_t:unix_stream_socket connectto;
allow snmpd_t init_t:unix_stream_socket connectto;
allow snmpd_t unconfined_t:unix_stream_socket connectto;
allow snmpd_t var_t:sock_file write;Implement the following procedure to customize:
Refer to "Table 4.5 SELinux Policy Module Customization File" and check the file name to use.
Copy and correct the policy definition file that corresponds to the system in an optional directory.
When changing the file context definition, create a file context.
Store the file context that was created in the directory with the corrected policy definition file.
Move to the directory with the corrected policy definition file.
Execute the following command. SELinux policy module is created in the current directory.
# make -f /usr/share/selinux/devel/Makefile
Execute the following command to change the setting to "SELinux=Permissive":
# setenforce 0
Execute the following command to apply the policy module.
# /usr/sbin/semodule -i policyModuleNameExecute the following command to check that the policy module name is displayed:
# ls /etc/selinux/targeted/modules/active/modules/ | grep policyModuleName policyModuleName
Execute the following command to revert the setting to "SELinux=Enforcing":
# setenforce 1
Note
For creating the SELinux policy, selinux-policy-devel package is required.
If a package has not been installed, create a policy after installing the package.