Configuring SNMP Settings
Configure Simple Network Management Protocol (SNMP) settings for the everRun system to allow SNMP management applications to remotely monitor your systems. (SNMP information pertains only to systems and not individual PMs.) You can enable SNMP requests and SNMP traps:
- SNMP request—A request sent to the system to retrieve the values of objects listed in the Management Information Bases (MIBs) supported by the everRun software. These MIBs include a system-specific MIB that is a collection of objects describing the everRun system. You can download a copy of the MIB file from the Drivers and Tools section of the Downloads page at https://www.stratus.com/services-support/downloads/?tab=everrun.
- SNMP trap—A message initiated by one of the nodes in the everRun system after an event such as an alert that is then sent to an identified list of recipients, typically a network management station (NMS).
Follow the appropriate procedure to enable SNMP requests or traps.
To enable SNMP requests
To enable SNMP requests, perform one of the following actions:
- Enable SNMP requests from the Preferences page:
- Add an SNMPv3 user who can enable SNMPv3 requests and who has read-only access to the full MIB in the everRun system.
- Configure access control for SNMPv1 and SNMPv2 requests, where you allow no users (Restricted) or any user using the default public community (Unrestricted) to send requests.
- Customize SNMP request functionality by editing snmpd.conf files. You can customize access control for SNMPv1 requests and SNMPv2 requests. You can also customize the list of users for SNMPv3 requests. For information, see To customize SNMP request functionality (below).
To enable SNMP requests from the Preferences Page
- Click Preferences in the left-hand navigation panel, to open the Preference page.
- Under Notification, click SNMP Configuration.
-
Activate the check box next to Enable SNMP Requests.
-
The List of Users for SNMP Requests (Version 3) appears.
If a username appears below the List of Users for SNMP Requests (Version 3), the user's security level is displayed and a read-only display of the snmpd.conf file also appears. The user has read-only access to the full MIB. Note that the system supports only one SNMP Requests (Version 3) user.
If a username does not appear, you can add an SNMPv3 user.
To add an SNMPv3 user
- Click the
Add button, which opens the Add a User wizard. -
Enter values for the following:
Username—The name of a user who has access to the SNMPv3 agent. The name must be unique.
Security Level—The user's security level. Valid values are:
- No Authentication and No Privacy: No security is applied to messages; messages are not authenticated or encrypted.
- Authentication and No Privacy: Messages are authenticated, but not encrypted. You must enter values for Authentication Type and Authentication Password.
- Authentication and Privacy: Messages are authenticated and encrypted. You must enter values for Authentication Type, Authentication Password, Encryption Type, and Encryption Password.
When the security level includes authentication or privacy, the following fields appear:
Authentication Type—The user's type of authentication. Valid values are:
- MD5: Configure the message digest algorithm (MD5) as the user's authentication type.
- SHA: Configure the secure hash algorithm (SHA) as the user's authentication type.
Authentication Password—The user's required password, which is used to generate the secret authentication key. The password must be a minimum of eight characters.
Encryption Type—The user's type of encryption. Valid values are:
- AES: Configure the Advanced Encryption Standard (AES) as the user's encryption type.
- DES: Configure the data encryption standard (DES) as the user's encryption type.
Encryption Password—The user's required password, which is used to generate the secret encryption key. The password must be a minimum of eight characters.
-
Click Save to save the changes.
- Click the
-
Restricted (the default)—Allows no users to send SNMPv1 requests and SNMPv2 requests.
Unrestricted—Allows any user using the default public community to send SNMPv1 requests and SNMPv2 requests.
Customized (available when snmpd.conf has been manually edited by a user; see To customize SNMP request functionality, below)—Allows customized access.
- Click Save. (Or click Reset to restore the previously-saved values.)
To customize SNMP request functionality by editing snmpd.conf files
Customize SNMP request functionality by editing snmpd.conf files.
Customize access control for SNMPv1 requests and SNMPv2 requests by editing the /etc/snmp/snmpd.conf file:
- Log in to the host.
- Manually edit the standard /etc/snmp/snmpd.conf file on both nodes.
- Save the file.
- Restart the snmpd process on each node by entering the command systemctl restart snmpd.
Customize the list of users for SNMPv3 requests by editing the /etc/snmp/snmpd.conf and /var/lib/net-snmp/snmpd.conf files.
- Log into the host.
- Manually edit the standard /etc/snmp/snmpd.conf file on both nodes.
- Manually edit the standard /var/lib/net-snmp/snmp/snmpd.conf file on both nodes.
- Save the file.
- Restart the snmpd process on each node by entering the command systemctl restart snmpd.
To enable SNMP traps
- When you add a recipient for SNMP Traps (Version 3), you need to confirm that the engine ID of the trap user on the recipient server is 0x80001370017F000001.
- When you enable or modify the SNMP trap settings, generate a test alert to confirm that traps are received.
- Click Preferences in the left-hand navigation panel, to open the Preference page.
- Under Notification, click SNMP Configuration.
- Activate the check box next to Enable SNMP Traps.
- Type the name of the SNMP Community, or keep the default (public).
-
Below the List of Recipients of SNMP Traps (Version 3) is a list of the trap users, and the IP address of the recipient server where the trap user exists. The everRun system sends SNMPv3 traps to the trap user on the recipient server. Add a recipient, if necessary.
To add a recipient
- Click the Add button, which opens the Add a Recipient wizard.
-
Enter values for the following:
Recipient Address—The host name or the IPv4 address of the recipient server.
Username—The name of a trap user on the recipient server. The name must be unique for the recipient.
Security Level—The user's security level. Valid values are:
- No Authentication and No Privacy: No security is applied to messages; messages are not authenticated or encrypted.
- Authentication and No Privacy: Messages are authenticated, but not encrypted. You must enter values for Authentication Type and Authentication Password.
- Authentication and Privacy: Messages are authenticated and encrypted. You must enter values for Authentication Type, Authentication Password, Encryption Type, and Encryption Password.
When the security level includes authentication or privacy, the following fields appear:
Authentication Type—The user's type of authentication. Valid values are:
- MD5: Configure the message digest algorithm (MD5) as the user's authentication type.
- SHA: Configure the secure hash algorithm (SHA) as the user's authentication type.
Authentication Password—The user's required password, which is used to generate the secret authentication key. The password must be a minimum of eight characters.
Encryption Type—The user's type of encryption. Valid values are:
- AES: Configure the Advanced Encryption Standard (AES) as the user's encryption type.
- DES: Configure the data encryption standard (DES) as the user's encryption type.
Encryption Password—The user's required password, which is used to generate the secret encryption key. The password must be a minimum of eight characters.
-
Click Save to save the changes.
- Click the
- Click Save. (Or click Reset to restore the previously saved values.)
-
Configure your organization's firewall to allow SNMP operations, which enables SNMP management systems to receive alerts from and send traps to the everRun system. To do so, configure your organization's firewall to open the SNMP port:
Message Type: SNMP
Protocol: SNMP
Port: 161 (Get/Walk) 162 (Traps) -
Generate a test alert by clicking Generate Test Alert.
The everRun software generates a test alert and SNMP sends traps to recipients of SNMP traps; e-Alerts send a sample email with the subject "Test Alert" to all email recipients of e-Alerts, if configured (see Configuring e-Alerts); and Support Configuration sends a notification to your authorized Stratus service representative, if configured (see Configuring Remote Support Settings). Watch the Alerts History log (see The Alerts History Page) for delivery status.