The Event Manager application (supplied as a library file, EventSNMP.dll) that captures Policy Server events, determines whether SNMP traps are to be generated for those events (as specified by a configuration file) and if so, generates SNMP traps to specified NMS(s).
To configure the Event library (EventSNMP.dll), see Add Event Handler Libraries.
You configure the CA SiteMinder® Event Manager by defining the Event Configuration File (SM_Install_Directory\config\snmptrap.conf), which defines what events are to be processed and the addresses of the NMSs to which the traps should be sent.
The snmptrap.conf is an editable ASCII file, with a simple one line per event syntax:
Event_Name Destination_Address
The name of a MIB event object (or a comma-separated group of names of event objects).
Examples:
serverUP
serverUp,serverDown
serverUp,serverDown,serverInitFail
The address of an NMS (or a comma-separated group of the addresses of NMSs) to which generated traps should be sent. Each address should be of the form: HostID:port:community
(mandatory) Either a hostname or IP address.
(optional) IP port number.
Default: 162.
(optional) An SNMP community. Note that if community is specified, Port must also be specified.
Default: “public”
Example: 100.132.5.166
Example: 100.132.5.166:162
Example: victoria:162:public
Note: Be careful to avoid event duplication. That is, you should avoid putting the same event in multiple entries. Also, comment lines can be added lines, prefixed with a “#” character.
ServerDown,serverUp 111.123.0.234:567:public
This entry configures the Event Manager to send serverDown and serverUp SNMP traps to the NMS at IP address 111.123.0.234, port 567, community public.
agentConnectionFailed 111.123.0.234,victoria
This entry configures the Event Manager to send SNMP traps of agentConnectionFailed type will be sent to IP address 111.123.0.234, port 567, community public and to host “victoria”, port 567, community public.
azReject
This entry configures the Event Manager to discard all events of the azReject type so that no traps are sent.
If you chose to install CA SiteMinder® SNMP support when you installed the Policy Server, the CA SiteMinder® SNMP Agent service should start automatically whenever the Policy Server initializes.
This section describes how to manually start and stop the CA SiteMinder® SNMP subagent on Windows and UNIX Policy Servers.
To start the CA SiteMinder® SNMP subagent on Windows Policy Servers
Note: When you restart the Windows SNMP service, also manually restart the Netegrity SNMP Agent service.
To stop the CA SiteMinder® SNMP subagent on Windows Policy Servers
Note: If you stop the Windows SNMP service, the Netegrity SNMP Agent service is not generally available, but can then be accessed through port 801.
On UNIX Policy Servers, the CA SiteMinder® service can only be started or stopped by starting or stopping the Sun Solstice Enterprise Master agent (snmpdx) daemon.
To start the Netegrity SNMP Agent service on UNIX Policy Servers
To stop the Netegrity SNMP Agent service on UNIX Policy Servers
Note: Stopping the Sun Solstice Enterprise Master agent operation will disable all SNMP services on the UNIX host.
This section provides some advice and describes some tools that CA SiteMinder® provides to help you isolate the point of failure if you have trouble establishing a management connection to, or receiving SNMP traps from CA SiteMinder®.
Symptom:
I am not receiving SNMP traps when events that should have generated them occur.
Solution:
CA SiteMinder® generates the following log files in sminstalldir/log:
Windows:
SmServAuth_snmptrap.log SmServAz_snmptrap.log SmServAcct_snmptrap.log SmServAdm_snmptrap.log
UNIX:
smservauth_snmptrap.log smservaz_snmptrap.log smservacct_snmptrap.log smservadm_snmptrap.log
Important! The log files generated can grow very rapidly. You should disable trap logging and delete the file as soon as you have resolved your trap receipt issues.
Copyright © 2013 CA.
All rights reserved.
|
|