4.3.3 SNMP Trap Setting

The SNMP Trap settings of the Management Server differ depending on the protocol used with the device fault monitoring. Perform a configuration according to the operating environment by referring to the following table.

Combination of Protocols Used with Device Fault Monitoring			SNMP Trap Settings Method
SNMPv1	SNMPv2c	SNMPv3	SNMP Trap Settings Method
Y	N	N	Refer to "When Using OS-standard SNMP Trap Monitoring Service".
N	Y	N
Y	Y	N
N	N	Y	Refer to "When Using ETERNUS SF SNMP Trap Monitoring Service".
Y	N	Y
N	Y	Y
Y	Y	Y

Y: Used. N: Not used.

When Using OS-standard SNMP Trap Monitoring Service

Install a Windows standard SNMP Trap receiver service (SNMP Trap).
This service is included in the install media of OS.

When Using ETERNUS SF SNMP Trap Monitoring Service

When Other Applications (Systemwalker Centric Manager, ServerView Resource Orchestrator, etc.) Using SNMP Traps Do Not Coexist

Take the following steps to stop Storage Cruiser's manager.
1. Click Control Panel > System and Security > Administrative Tools > Services to open the Services screen.
2. Select "ETERNUS SF Manager Tomcat Service" to click Stop.
Check the status of the SNMP Trap monitoring service that is an OS standard service. If the service is started, take the following steps to stop it.
1. Open the Services screen.
2. Check the status of the SNMP Trap monitoring service.
3. If the Status column of the SNMP Trap monitoring service is "Started", select the SNMP Trap monitoring service and click Stop.
Execute the following command from the command prompt and install the ETERNUS SF SNMP Trap Service. $INS_DIR is "Program Directory" specified at the ETERNUS SF Manager installation.
```
> powershell -ExecutionPolicy Unrestricted $INS_DIR\ESC\Manager\opt\FJSVssmgr\sbin\swsttctr.ps1 -install
```
Take the following steps to start ETERNUS SF SNMP Trap Service.
1. Open the Services screen.
2. Select "ETERNUS SF SNMP Trap Service" to click Start.
Take the following steps to start Storage Cruiser's manager.
1. Open the Services screen.
2. Select "ETERNUS SF Manager Tomcat Service" to click Start.

When Other Applications (Systemwalker Centric Manager, ServerView Resource Orchestrator, etc.) Using SNMP Traps Coexist

Note

If other applications using SNMP Traps coexist, use only IPv4 address for IP address of managed devices. If IPv6 address is included in the IP addresses of managed devices, ETERNUS SF Manager cannot coexist with other applications using SNMP Traps.
The SNMP Trap monitoring service is an OS standard service. Make sure that when you stop the SNMP Trap monitoring service, it does not affect other products such as ServerView AlarmService and ServerView Resource Coordinator VE before performing the following procedure.

Take the following steps to stop Storage Cruiser's manager.
1. Click Control Panel > System and Security > Administrative Tools > Services to open the Services screen.
2. Select "ETERNUS SF Manager Tomcat Service" to click Stop.
Check the status of the SNMP Trap monitoring service that is an OS standard service. If the service is started, take the following steps to stop it.
1. Open the Services screen.
2. Check the status of the SNMP Trap monitoring service.
3. If the Status column of the SNMP Trap monitoring service is "Started", select the SNMP Trap monitoring service and click Stop.
Execute the following command from the command prompt and install the ETERNUS SF SNMP Trap Service. $INS_DIR is "Program Directory" specified at the ETERNUS SF Manager installation.
```
> powershell -ExecutionPolicy Unrestricted $INS_DIR\ESC\Manager\opt\FJSVssmgr\sbin\swsttctr.ps1 -install
```
Refer to "Appendix H Installation and Configuration of SNMP Trap Transfer Program" to install the SNMP Trap transfer program.

The SNMP Trap settings of the Management Server differ depending on the IP address of the managed device or the protocol used for device fault monitoring. Perform a configuration according to the operating environment by referring to the following table.

IP Address of Managed Device	Combination of Protocols Used with Device Fault Monitoring			SNMP Trap Settings Method
IP Address of Managed Device	SNMPv1	SNMPv2c	SNMPv3	SNMP Trap Settings Method
IPv4 address only	Y	N	N	Refer to "When Using OS-standard SNMP Trap Monitoring Daemon".
Either of the following: IPv4 address only IPv4 address and IPv6 address	N	Y	N	Refer to "When Using ETERNUS SF SNMP Trap Monitoring Daemon".
	Y	Y	N
	N	N	Y
	Y	N	Y
	N	Y	Y
	Y	Y	Y

Y: Used. N: Not used.

When Using OS-standard SNMP Trap Monitoring Daemon

Customize the snmptrapd configuration file that is in the OS-standard net-snmp package to receive SNMP Trap in Management Server.

For Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7 environments
Execute the following commands.
```
# systemctl enable snmptrapd.service
# systemctl start snmptrapd.service
```
For Red Hat Enterprise Linux 6 environments
Execute the following command and check whether snmptrapd is activated.
```
# chkconfig --list snmptrapd
snmptrapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
```
If snmptrapd is not activated, execute the following command to activate it.
```
# chkconfig --add snmptrapd
# chkconfig snmptrapd on
```

Point

The snmptrapd file is located at the "/etc/snmp/snmptrapd.conf" file, but the "/usr/share/snmp/snmptrapd.conf" file is also used in some other products.
Check the settings in both files to ensure they are correct for the sake of coexistence with other products.

Check Access Control Settings

Check the status of the access control settings.
If the following setting is not in the "snmptrapd.conf" file, access control is enabled.

disableAuthorization yes

Note

Check the status of access control settings for both the "/etc/snmp/snmptrapd.conf" and "/usr/share/snmp/snmptrapd.conf" files.
If there are no requests from other products, set the above "disableAuthorization yes" in the "/etc/snmp/snmptrapd.conf" file to disable access control.

SNMP Trap Reception Settings (If Access Control Is Disabled)

Add the following setting to the "/etc/snmp/snmptrapd.conf" file.

forward default unix:/var/opt/FJSVssmgr/trap_socket

SNMP Trap Reception Settings (If Access Control Is Enabled)

Add the following setting.

authCommunity net public
authCommunity net SANMA
forward default unix:/var/opt/FJSVssmgr/trap_socket

Note

Check both the "/etc/snmp/snmptrapd.conf" and "/usr/share/snmp/snmptrapd.conf" files, and edit the "snmptrapd.conf" file in which authCommunity has been set by other products. If it is not set in either file, edit the "/etc/snmp/snmptrapd.conf" file.
If a device with an SNMP Trap community name other than "public" or "SANMA" is to be monitored, add an authCommunity setting.
For example, if a device to be monitored has the community name "common", set this parameter as below. Note that the "public" and "SANMA" settings are mandatory.
```
authCommunity net public
authCommunity net SANMA
authCommunity net common
forward default unix:/var/opt/FJSVssmgr/trap_socket
```
If authCommunity log or authCommunity execute has already been set by another product, add a comma and "net".
For example, if authCommunity execute public is already set, set it as follows:
```
authCommunity execute,net public
authCommunity net SANMA
forward default unix:/var/opt/FJSVssmgr/trap_socket
```

Reflect Configuration File

After having changed the "snmptrapd.conf" file, execute the following commands to restart snmptrapd:
The changed content is reflected to the SNMP Trap configuration.

For Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7 environments
Execute the following command.
```
# systemctl restart snmptrapd.service
```
For Red Hat Enterprise Linux 6 environments
Execute the following commands.
```
# /etc/init.d/snmptrapd stop
# /etc/init.d/snmptrapd start
```

Point

In an environment using ServerView trap transfer program, restart the snmptrapd daemon and the trpsrvd daemon.

Note

If ServerView AlarmService or any other application that uses snmptrapd has been installed, uninstalled, or had its settings changed after the "snmptrapd.conf" file has been customized, check that these procedures have not changed the customized content of the "snmptrapd.conf" file.

See

Refer to "snmptrapd.conf Configuration File" in the Storage Cruiser Operation Guide for information on the "snmptrapd.conf" file.

Subsequently, perform the task that is described in "Installation of SELinux Policy Module for SNMP Trap Daemon".

When Using ETERNUS SF SNMP Trap Monitoring Daemon

Immediately after installing ETERNUS SF Manager, the system is set to use the OS-standard SNMP Trap monitoring daemon. For this reason, change from the snmptrapd that contains the OS-standard net-snmp package using the following procedure:

Execute the following command to stop ETERNUS SF Manager.
```
# /opt/FJSVesfcm/bin/stopesf.sh
```
If the OS-standard SNMP Trap daemon (snmptrapd of net-snmp package) has started, execute the following command to stop it.
- For Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7 environments
```
# systemctl stop snmptrapd.service
```
- For Red Hat Enterprise Linux 6 environments
```
# /etc/init.d/snmptrapd stop
```
If the OS-standard SNMP Trap daemon has automatically started when the system started, execute the following command to stop automatic start.
- For Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7 environments
```
# systemctl disable snmptrapd.service
```
- For Red Hat Enterprise Linux 6 environments
```
# chkconfig snmptrapd off
# chkconfig --list snmptrapd
```
Perform an installation and configuration of the SNMP Trap daemon package.
1. Installation of package
  Execute the following command to install the FJSVswstt-XXXX.rpm package in the "/opt/FJSVssmgr/etc/pkg" directory.
```
# rpm -i /opt/FJSVssmgr/etc/pkg/FJSVswstt-XXXX.rpm
```
  XXXX part of the package file is depending on the operating system.
  OS
  Name of Package File
  Red Hat Enterprise Linux 8
  FJSVswstt-V15.3.0-1.x86_64.rpm
  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6
  FJSVswstt-V13.7.0-1.x86_64.rpm
2. Configuration of automatic startup
  When the operating system is Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7, execute the following commands to configure the automatic startup of the SNMP Trap daemon.
```
# cp -p /opt/FJSVssmgr/etc/pkg/startsc-snmptrapd.service /usr/lib/systemd/system
# systemctl enable startsc-snmptrapd.service
```
Execute the following command to start ETERNUS SF Manager.
```
# /opt/FJSVesfcm/bin/startesf.sh
```

OS	Name of Package File
Red Hat Enterprise Linux 8	FJSVswstt-V15.3.0-1.x86_64.rpm
Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6	FJSVswstt-V13.7.0-1.x86_64.rpm

Note

It can be mixed with the following products on the same server if monitoring the IPv6 address device:

Systemwalker Centric Manager Management Server (V13.6.0 or later)
Systemwalker Centric Manager Section control server (V13.6.0 or later)

Uninstalling the above products may stop the SNMP Trap daemon. Execute the following when the above products have been uninstalled from the mixed environment.

Execute the following command and confirm that nwsnmp-trapd is running.
- For Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7 environments
```
# systemctl status startsc-snmptrapd.service
```
- For Red Hat Enterprise Linux 6 environments
```
# ps -ef | grep nwsnmp-trapd
```
If nwsnmp-trapd is not running, restart the system or execute the following command.
- For Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7 environments
```
# systemctl start startsc-snmptrapd.service
```
- For Red Hat Enterprise Linux 6 environments
```
# /opt/FJSVswstt/bin/mpnm-trapd stop
# /opt/FJSVswstt/bin/mpnm-trapd start
```

Subsequently, perform the task that is described in "Installation of SELinux Policy Module for SNMP Trap Daemon".

Installation of SELinux Policy Module for SNMP Trap Daemon

For environments in which SELinux is set to "Enforcing", apply the policy module, according to the following procedure.
If the operating system is Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7, default is SELinux = Enforcing.
By performing this procedure, the SELinux policy module for the snmptrapd daemon or the nwsnmp-trapd daemon is automatically installed, and event notifications can be received depending on the SNMP Trap.

Note

Check that other products have changed the policy setting for snmptrapd daemon or nwsnmp-trapd daemon before applying the policy of this product to snmptrapd daemon or nwsnmp-trapd daemon. Customize the policy settings if necessary.
If the policy is not set correctly, snmptrapd daemon or nwsnmp-trapd daemon may not work.

If customizations are not made to the SELinux policy module
Execute the following command to apply the SELinux policy module.
```
# /opt/FJSVssmgr/etc/selinux/esfsepolicy_setup.sh
```

If customizations are made to the SELinux policy module

By performing this procedure, the SELinux policy for the snmptrapd daemon or the nwsnmp-trapd daemon can be changed.
The policy definition file that corresponds to the SELinux policy module is as follows.

Table 4.7 SELinux Policy Module Customization File
IP Address Environment of Monitoring Device	Protocol Used by Device Fault Monitoring	Policy Definition File	SELinux Policy Module Name	File Context Name
IPv4	SNMPv1	/opt/FJSVssmgr/etc/selinux/snmptrapd.te	snmptrapd.pp	snmptrapd.fc
	SNMPv2c	/opt/FJSVssmgr/etc/selinux/nwsnmp-trapd.te	nwsnmp-trapd.pp	nwsnmp-trapd.fc
	SNMPv3
IPv6	SNMPv1
IPv6	SNMPv3

In a Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 7 environment, the contents of the default SELinux policy module definition file are as follows.

modulepolicyModuleName1.0;
require {
type unconfined_t;
type snmpd_t;
type var_t;
type initrc_t;
type init_t;
class sock_file write;
class unix_stream_socket connectto;
}
#============= snmpd_t ==============
allow snmpd_t initrc_t:unix_stream_socket connectto;
allow snmpd_t init_t:unix_stream_socket connectto;
allow snmpd_t unconfined_t:unix_stream_socket connectto;
allow snmpd_t var_t:sock_file write;

Implement the following procedure to customize:

Refer to "Table 4.7 SELinux Policy Module Customization File" and check the file name to use.
Copy and correct the policy definition file that corresponds to the system in an optional directory.
When changing the file context definition, create a file context.
The created file context is stored in the directory with the corrected policy definition file.
Move to the directory with the corrected policy definition file.
Execute the following command. SELinux policy module is created in the current directory.
```
# make -f /usr/share/selinux/devel/Makefile
```
Execute the following command to change the setting to "SELinux=Permissive".
```
# setenforce 0
```
Execute the following command to apply the policy module.
```
# /usr/sbin/semodule -i policyModuleName
```
Execute the following command to check that the policy module name is displayed.
- For Red Hat Enterprise Linux 8 environments
```
# /usr/sbin/semodule -l | grep policyModuleName
```
- For Red Hat Enterprise Linux 7 or Red Hat Enterprise Linux 6 environments
```
# ls /etc/selinux/targeted/modules/active/modules/ | grep policyModuleName
```
Execute the following command to revert the setting to "SELinux=Enforcing".
```
# setenforce 1
```

Note

For creating the SELinux policy, selinux-policy-devel package is required.
If a package has not been installed, create a policy after installing the package.

4.3.3 SNMP Trap Setting

4.3.3.1 SNMP Trap Setting (for Windows)

4.3.3.2 SNMP Trap Setting (for Linux)

4.3.3.3 SNMP Trap Setting (for Solaris)