MDS 05-6632A01, Rev. F
MDS Orbit MCR/ECR Technical Manual
317
Sending all system events as SNMP v3 traps (w/ Authentication and Encryption)
Following example shows how to configure the unit to send v3 traps with authentication and encryption
for all the events in the system to a specified SNMP target via the CLI command line:
Ensure version v3 is enabled.
1.
% set services snmp agent version
v3
Configure SNMP manager as a target that listens on port 5000, has IP address of 192.168.1.2, can
2.
receive v3 traps (tag “std_v3_trap”) using user name “User1” (Please refer to the section on
configuring SNMP v3-only to see how to configure local user “User1”).
% set services snmp target
TARGET-1-v3
ip
192.168.1.2
% set services snmp target
TARGET-1-v3
port
5000
% set services snmp target
TARGET-1-v3
tag
std_v3_trap
% set services snmp target
TARGET-1-v3
usm user-name
User1
% set services snmp target
TARGET-1-v3
usm sec-level
auth-priv
Give the VACM group named “secure” (as configured in example on SNMP v3-only configuration)
3.
notify access to “internet” view.
% set services snmp vacm group
secure
access
usm
auth-priv notify-view
internet
Commit configuration.
4.
% commit
To test above configuration, start an SNMP trap receiver (like “snmptrapd” with configuration file as
shown below) and generate “ssh_login” event by logging into the Orbit via SSH.
NOTE
When using SNMPv3 traps, the Orbit is the authoritative engine since it is the one sending the
trap. Therefore, the user created in snmptrapd.conf must be tied to the EngineID of Orbit. The
EngineID of Orbit can be obtained by running following command:
% run show SNMP-FRAMEWORK-MIB snmpEngine
snmpEngineID
SNMP-FRAMEWORK-MIB snmpEngine snmpEngineID 80:00:10:22:03:00:06:3d:06:ea:96
snmptrapd.conf:
engineID testing
snmpTrapdAddr 0.0.0.0:5000
createUser -e 800010220300063d06ea96 User1 SHA shaPassword AES aesPassword
doNotFork yes
authUser log,execute,net User1
$ snmptrapd -M +./ -Lo -c
snmptrapd.conf
NET-SNMP version 5.4.3
2014-04-22 13:59:13 192.168.1.1 [UDP: [192.168.1.1]:161->[192.168.1.2]]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (883103) 2:27:11.03
SNMPv2-MIB::snmpTrapOID.0 = OID: MDS-EVENT-MIB::mdsEvent
MDS-EVENT-MIB::mdsEventName.0 = STRING: "ssh_login"
MDS-EVENT-MIB::mdsEventInfoInCee.0 = STRING:
"@cee:{\"host\":\"(none)\",\"pname\":\"loggingmgr\",\"time\":\"2014-04-
15T02:22:48.00:00\",\"action\":\"login\",\"service\":\"ssh\",\"domain\":\"os\",\"o
bject\":\"session\",\"status\":\"success\",\"src_ipv4\":\"192.168.1.2\",\"src_port\":42156,\
"user_name\":\"admin\",\"event\":\"ssh_login\",\"profile\":\"http://gemds.com/cee_profil
e/1.0beta1.xsd\"}"
As can be seen above, the SNMP agent sent a v3 trap for “ssh_login” event. If the authentication or
encryption password for user “User1” as set in snmptrapd.conf file does not match as that configured in
the unit, snmptrapd will not display the received trap.
Содержание MDS ORBIT ECR
Страница 15: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 15 ...
Страница 35: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 35 ...
Страница 145: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 145 ...
Страница 188: ...188 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F ...
Страница 302: ...302 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F Figure 3 224 SNMP Main Page ...
Страница 380: ...380 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F ...
Страница 389: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 389 ...
Страница 393: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 393 ...
Страница 407: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 407 ...
Страница 449: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 449 ...
Страница 451: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 451 ...
Страница 452: ...452 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F ...
Страница 453: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 453 ...
Страница 459: ...MDS 05 6632A01 Rev F MDS Orbit MCR ECR Technical Manual 459 NOTES ...
Страница 460: ...460 MDS Orbit MCR ECR Technical Manual MDS 05 6632A01 Rev F ...
Страница 461: ......
Страница 463: ...GE MDS LLC Rochester NY 14620 Telephone 1 585 242 9600 FAX 1 585 242 9620 www gemds com 175 Science Parkway ...