Previous Topic: Monitoring CA SiteMinder® Using SNMPNext Topic: SiteMinder Reports


Configure the CA SiteMinder® Event Manager

The Event Manager application (supplied as a library file, EventSNMP.dll) that captures Policy Server events, determines whether SNMP traps are to be generated for those events (as specified by a configuration file) and if so, generates SNMP traps to specified NMS(s).

To configure the Event library (EventSNMP.dll), see Add Event Handler Libraries.

You configure the CA SiteMinder® Event Manager by defining the Event Configuration File (SM_Install_Directory\config\snmptrap.conf), which defines what events are to be processed and the addresses of the NMSs to which the traps should be sent.

Event Configuration File Syntax

The snmptrap.conf is an editable ASCII file, with a simple one line per event syntax:

Event_Name    Destination_Address
Event_Name

The name of a MIB event object (or a comma-separated group of names of event objects).

Examples:

serverUP

serverUp,serverDown

serverUp,serverDown,serverInitFail

Destination_Address

The address of an NMS (or a comma-separated group of the addresses of NMSs) to which generated traps should be sent. Each address should be of the form: HostID:port:community

HostID

(mandatory) Either a hostname or IP address.

Port

(optional) IP port number.

Default: 162.

Community

(optional) An SNMP community. Note that if community is specified, Port must also be specified.

Default: “public”

Example: 100.132.5.166

Example: 100.132.5.166:162

Example: victoria:162:public

Note: Be careful to avoid event duplication. That is, you should avoid putting the same event in multiple entries. Also, comment lines can be added lines, prefixed with a “#” character.

Event Configuration File Examples
ServerDown,serverUp    111.123.0.234:567:public

This entry configures the Event Manager to send serverDown and serverUp SNMP traps to the NMS at IP address 111.123.0.234, port 567, community public.

agentConnectionFailed   111.123.0.234,victoria

This entry configures the Event Manager to send SNMP traps of agentConnectionFailed type will be sent to IP address 111.123.0.234, port 567, community public and to host “victoria”, port 567, community public.

azReject

This entry configures the Event Manager to discard all events of the azReject type so that no traps are sent.

Start and Stop SiteMinder SNMP Support

If you chose to install CA SiteMinder® SNMP support when you installed the Policy Server, the CA SiteMinder® SNMP Agent service should start automatically whenever the Policy Server initializes.

This section describes how to manually start and stop the CA SiteMinder® SNMP subagent on Windows and UNIX Policy Servers.

Start and Stop the Windows Netegrity SNMP Agent Service

To start the CA SiteMinder® SNMP subagent on Windows Policy Servers

  1. Open the Services control panel:
  2. Select the Netegrity SNMP Agent service.
  3. Click Start.

    Note: When you restart the Windows SNMP service, also manually restart the Netegrity SNMP Agent service.

To stop the CA SiteMinder® SNMP subagent on Windows Policy Servers

  1. Open the Services control panel:
  2. Select the Netegrity SNMP Agent service.
  3. Click Stop.

    Note: If you stop the Windows SNMP service, the Netegrity SNMP Agent service is not generally available, but can then be accessed through port 801.

Start and Stop SNMP support on UNIX Policy Servers

On UNIX Policy Servers, the CA SiteMinder® service can only be started or stopped by starting or stopping the Sun Solstice Enterprise Master agent (snmpdx) daemon.

To start the Netegrity SNMP Agent service on UNIX Policy Servers

  1. Login as super user (root)
  2. Type cd /etc/rc3.d
  3. Type sh SXXsnmpdx (S76snmpdx) start

To stop the Netegrity SNMP Agent service on UNIX Policy Servers

  1. Login as super user (root)
  2. Type cd /etc/rc3.d
  3. Type sh SXXsnmpdx (S76snmpdx) stop

    Note: Stopping the Sun Solstice Enterprise Master agent operation will disable all SNMP services on the UNIX host.

Troubleshooting the SiteMinder SNMP Module

This section provides some advice and describes some tools that CA SiteMinder® provides to help you isolate the point of failure if you have trouble establishing a management connection to, or receiving SNMP traps from CA SiteMinder®.

SNMP Traps Not Received After Event

Symptom:

I am not receiving SNMP traps when events that should have generated them occur.

Solution:

  1. Check network connectivity between the NMS and monitored Policy Server.
  2. Check that the CA SiteMinder® SNMP subagent and SNMP master agent are running on the Policy Server.
  3. Enable trap logging by setting the NETE_SNMPLOG_ENABLED system environment variable.

    CA SiteMinder® generates the following log files in sminstalldir/log:

    Windows:

    SmServAuth_snmptrap.log
    SmServAz_snmptrap.log
    SmServAcct_snmptrap.log
    SmServAdm_snmptrap.log
    

    UNIX:

    smservauth_snmptrap.log
    smservaz_snmptrap.log
    smservacct_snmptrap.log
    smservadm_snmptrap.log
    

Important! The log files generated can grow very rapidly. You should disable trap logging and delete the file as soon as you have resolved your trap receipt issues.