Previous Topic: Send Audit Log Records using EmailNext Topic: Migrate User Trace Filters


Configure SNMP Traps

For systems that use the Internet network management protocol SNMP (Simple Network Management Protocol), you can configure selogrd to create SNMP traps using CA ControlMinder audit records.

To implement the SNMP traps, first locate the SNMP shared objects provided in the CA ControlMinder libraries, and then configure selogrd correctly using these shared objects.

Note: If you want to use the SNMP extension of selogrd, and CA ControlMinder is not installed in the default location (/opt/CA/AccessControl), set an environment variable before running selogrd. The environment variables are as follows, where ACInstallDir is the directory where you installed CA ControlMinder:

The shared objects-usually found in the directory ACInstallDir/lib- are called snmp.xx and libsnmp.xx, where the xx extension varies according to the platform. The possible extensions are:

If you want to use the SNMP extension of selogrd, and CA ControlMinder is not installed in the default location, you must set the following environment variables before running selogrd:

where ACInstallDir is the directory where you installed CA ControlMinder.

Follow these steps:

  1. Create a file called ACInstallDir/etc/selogrd.ext.
  2. Define where the SNMP shared objects are by adding a single line to the file ACInstallDir/etc/selogrd.ext with the appropriate path for the snmp.so. (It is enough to specify this shared object for the other to automatically be linked.) For example:
    snmp /opt/CA/AccessControl/lib/snmp.so
    
  3. Finally, you must configure the selogrd.cfg file to specify what type of action should trigger SNMP traps, and which location should be notified when SNMP traps are triggered. Configuration is very similar to that for other auditing notification, with the delivery system specified as snmp.

    For example, suppose you want to have SNMP traps activated when CA ControlMinder starts and shuts down, and have notification of these SNMP traps sent to AuditPC. You can do this by adding the following section to the selogrd.cfg configuration file:

    snmpRule
    snmp AuditPC
    include Class(START).
    include Class(SHUTDOWN).
    .
    

    Note: To send SNMP traps to a gateway with a community name, use the following format:

    snmp gateway[@community name]
    

    Example:

    snmp AuditPC@secure
    

Similarly, you can activate the SNMP traps by other actions or types of access, or have them sent to other locations.