Configuring SNMP Notifications

SNMP notifications will send SNMP traps about monitored nodes being down or out of communications.

To configure SNMP notifications on ArcMC appliance:

  1. Under Administration > System Admin > System > SNMP, enable SNMP. Then, specify values for port, SNMP version, and other required settings for your SNMP environment.

  2. In the rules editor, open the notification rule you wish to trigger an SNMP alert, and under Notify Me, select SNMP. Repeat for each rule you wish to trigger an SNMP alert.

Enabling SNMP on Software 

Software ArcMC does not include UI controls for SNMP configuration. Instead, take these steps to configure Software ArcMC for SNMP notifications and monitoring.

To enable SNMP notifications on a software host:

1. Make sure following RPM packages are installed on the system: net-snmp, net-snmp-utils, net-snmp-libs, lm_sensors-libs.

2. Enable the SNMP service by entering: chkconfig snmpd on

3. Start the SNMP service by entering: service snmpd start

4. In a text editor, create a file /opt/arcsight/userdata/platform/snmp.properties with the following parameters, Items in angle brackets <> indicate you should substitute values appropriate for your own environment.

snmp.enabled=true
snmp.version=V3
snmp.port=161
snmp.v3.authprotocol=SHA
snmp.v3.authpassphrase=<password>
snmp.v3.privacyprotocol=AES128
snmp.v3.privacypassphrase=<password>
snmp.user=<SNMP username>
snmp.community=public
snmp.system.location=<SNMP location>
snmp.system.name=ArcMC Node 247
snmp.system.contact=<your support email address>
snmp.trap.enabled=true
snmp.trap.version=V3
snmp.trap.port=162
snmp.trap.nms=<IP address of NNMI>
snmp.trap.user=<SNMP trap user name>
snmp.trap.community=public
snmp.trap.v3.authprotocol=SHA
snmp.trap.v3.authpassphrase=<password>
snmp.trap.v3.privacyprotocol=AES128
snmp.trap.v3.privacypassphrase=<password>

----------------------------------------

5. Give the file permission: 644 and owner: arcsight.

6. Copy the file ARCSIGHT-EVENT-MIB.txt file from $ARCSIGHT_HOME/current/arcsight/aps/conf/ to location /usr/share/snmp/mibs. Give the file permission: 644 and owner: root:root.

7. Run the script arcsight_snmpconf script as a root user, as follows:

<ArcSight_Home>/current/arcsight/aps/bin/arcsight_snmpconf <ArcSight_Home> /userdata/platform/snmp.properties trap

8. Run the script a second time, as follows:

<ArcSight_Home>/current/arcsight/aps/bin/arcsight_snmpconf <ArcSight_Home> /userdata/platform/snmp.properties poll

This script will setup /etc/snmp/snmpd.conf file and restart the SNMP service.

9. Restart SNMP services: service snmpd restart

Note: To preserve the SNMP V3 Trap oldEngineID persistent in software ArcMC, set the $ARCMC_HOME/userdata/platform/snmp_persist/snmpapp.conf file to be immutable:
#chattr +i $file_path_of_snmpapp.conf

Follow the steps below to create the snmpapp.conf file if it does not exist in the snmp_persist folder:


a) In a text editor, create a file <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf with the following entry: oldEngineID $VALUE

$VALUE: copy the value from the oldEngineID entry to /var/lib/net-snmp/snmpd.conf
For example: oldEngineID 0x80001f888011b5336c8d41895f00000000

b) Give the file permission 600:
chmod 600 <ARCSIGHT HOME>/userdata/platform/snmp_persist/snmpapp.conf

c) Set the owner:
If arcmc is installed as root user: # chown root:root <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf

If arcmc is installed as arcsight user: #chown arcsight:arcsight <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf

d) Set immutable:
chattr +i <ARCSIGHT_HOME>/userdata/platform/snmp_persist/snmpapp.conf

10. In the rules editor, open the notification rule you wish to trigger an SNMP alert, and under Notify Me, select SNMP. Repeat for each rule you wish to trigger an SNMP alert.