Configure SNMP Traps
For systems that use the Internet network management protocol SNMP (Simple Network Management Protocol), you can configure selogrd to create SNMP traps using audit records.
capamsc141
For systems that use the Internet network management protocol SNMP (Simple Network Management Protocol), you can configure selogrd to create SNMP traps using
PAM Server Control
audit records.To implement the SNMP traps, first locate the SNMP shared objects provided in the
PAM Server Control
libraries, and then configure selogrd correctly using these shared objects.Note
: If you want to use the SNMP extension of selogrd, and PAM Server Control
is not installed in the default location (/opt/CA/PAMSC), set an environment variable before running selogrd. The environment variables are as follows, where ACInstallDir
is the directory where you installed PAM Server Control
:- In AIX, set LIBPATH toACInstallDir/lib
- In Solaris, set LD_LIBRARY_PATH toACInstallDir/lib
- In LINUX, set LD_LIBRARY_PATH toACInstallDir/lib
- In HP, set SHLIB_PATH toACInstallDir/lib
The shared objects-usually found in the directory
ACInstallDir
/lib- are called snmp.xx
and libsnmp.xx
, where the xx
extension varies according to the platform. The possible extensions are:- .oAIX platform
- .slHP platform
- .soAll other platforms
If you want to use the SNMP extension of selogrd, and
PAM Server Control
is not installed in the default location, you must set the following environment variables before running selogrd:- In AIX, set LIBPATH toACInstallDir/lib
- In Solaris, set LD_LIBRARY_PATH toACInstallDir/lib
- In Linux, set LD_LIBRARY_PATH toACInstallDir/lib
- In HP, set SHLIB_PATH toACInstallDir/lib
where
ACInstallDir
is the directory where you installed PAM Server Control
.Follow these steps:
- Create a file calledACInstallDir/etc/selogrd.ext.
- Define where the SNMP shared objects are by adding a single line to the fileACInstallDir/etc/selogrd.ext with the appropriate path for the snmp.so. (It is enough to specify this shared object for the other to automatically be linked.) For example:snmp /opt/CA/PAMSC/lib/snmp.so
- Finally, you must configure the selogrd.cfg file to specify what type of action should trigger SNMP traps, and which location should be notified when SNMP traps are triggered. Configuration is very similar to that for other auditing notification, with the delivery system specified as snmp.For example, suppose you want to have SNMP traps activated whenPAM Server Controlstarts and shuts down, and have notification of these SNMP traps sent to AuditPC. You can do this by adding the following section to the selogrd.cfg configuration file:snmpRulesnmp AuditPCinclude Class(START).include Class(SHUTDOWN)..To send SNMP traps to a gateway with a community name, use the following format:snmp gateway[@community name]Examplesnmp AuditPC@secure
Similarly, you can activate the SNMP traps by other actions or types of access, or have them sent to other locations.