Configuring SNMP Notifications
SNMP notifications will send SNMP traps about monitored nodes being down or out of communications.
To configure SNMP notifications on ArcMC appliance:
-
Under Administration > System Admin > System > SNMP, enable SNMP. Then, specify values for port, SNMP version, and other required settings for your SNMP environment.
- In the rules editor, open the notification rule you wish to trigger an SNMP alert, and under Notify Me, select SNMP. Repeat for each rule you wish to trigger an SNMP alert.
Enabling SNMP on Software
Software ArcMC does not include UI controls for SNMP configuration. Instead, take these steps to configure Software ArcMC for SNMP notifications and monitoring.
To enable SNMP notifications on a software host:
1. Make sure following RPM packages are installed on the system: net-snmp, net-snmp-utils, net-snmp-libs, lm_sensors-libs.
2. Enable the SNMP service by entering: chkconfig snmpd on
3. Start the SNMP service by entering: service snmpd start
4. In a text editor, create a file /opt/arcsight/userdata/platform/snmp.properties
with the following parameters, Items in angle brackets <> indicate you should substitute values appropriate for your own environment.
snmp.enabled=true
snmp.version=V3
snmp.port=161
snmp.v3.authprotocol=SHA
snmp.v3.authpassphrase=<password>
snmp.v3.privacyprotocol=AES128
snmp.v3.privacypassphrase=<password>
snmp.user=<SNMP username>
snmp.community=public
snmp.system.location=<SNMP location>
snmp.system.name=ArcMC Node 247
snmp.system.contact=<your support email address>
snmp.trap.enabled=true
snmp.trap.version=V3
snmp.trap.port=162
snmp.trap.nms=<IP address of NNMI>
snmp.trap.user=<SNMP trap user name>
snmp.trap.community=public
snmp.trap.v3.authprotocol=SHA
snmp.trap.v3.authpassphrase=<password>
snmp.trap.v3.privacyprotocol=AES128
snmp.trap.v3.privacypassphrase=<password>
----------------------------------------
5. Give the file permission: 644 and owner: arcsight.
6. Copy the file ARCSIGHT-EVENT-MIB.txt
file from $ARCSIGHT_HOME/current/arcsight/aps/conf/
to location /usr/share/snmp/mibs
. Give the file permission: 644 and owner: root:root.
7. Run the script arcsight_snmpconf
script as a root user, as follows:
<ArcSight_Home>/current/arcsight/aps/bin/arcsight_snmpconf <ArcSight_Home> /userdata/platform/snmp.properties trap
8. Run the script a second time, as follows:
<ArcSight_Home>/current/arcsight/aps/bin/arcsight_snmpconf <ArcSight_Home> /userdata/platform/snmp.properties poll
This script will setup /etc/snmp/snmpd.conf
file and restart the SNMP service.
9. Restart SNMP services: service snmpd restart
SNMP V3 Trap oldEngineID
persistent in software ArcMC, set the $ARCMC_HOME/userdata/platform/snmp_persist/snmpapp.conf
file to be immutable:#chattr +i $file_path_of_snmpapp.conf
Follow the steps below to create the
snmpapp.conf
file if it does not exist in the snmp_persist folder:
a) In a text editor, create a file <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf
with the following entry:
oldEngineID $VALUE
$VALUE: copy the value from the oldEngineID
entry to /var/lib/net-snmp/snmpd.conf
For example:
oldEngineID 0x80001f888011b5336c8d41895f00000000
b) Give the file permission 600:chmod 600 <ARCSIGHT HOME>/userdata/platform/snmp_persist/snmpapp.conf
c) Set the owner:
If arcmc is installed as root user: # chown root:root <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf
If arcmc is installed as arcsight user: #chown arcsight:arcsight <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf
d) Set immutable:chattr +i <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf
10. In the rules editor, open the notification rule you wish to trigger an SNMP alert, and under Notify Me, select SNMP. Repeat for each rule you wish to trigger an SNMP alert.