Configure SNMP Traps

For systems that use the Internet network management protocol SNMP (Simple Network Management Protocol), you can configure selogrd to create SNMP traps using  audit records.
capamsc141
For systems that use the Internet network management protocol SNMP (Simple Network Management Protocol), you can configure selogrd to create SNMP traps using 
Privileged Access Manager
audit records.
To implement the SNMP traps, first locate the SNMP shared objects provided in the 
Privileged Access Manager
libraries, and then configure selogrd correctly using these shared objects.
Note
: If you want to use the SNMP extension of selogrd, and 
Privileged Access Manager
is not installed in the default location (/opt/CA/PAMSC), set an environment variable before running selogrd. The environment variables are as follows, where
ACInstallDir
is the directory where you installed
Privileged Access Manager
:
  • In AIX, set LIBPATH to
    ACInstallDir
    /lib
  • In Solaris, set LD_LIBRARY_PATH to
    ACInstallDir
    /lib
  • In LINUX, set LD_LIBRARY_PATH to
    ACInstallDir
    /lib
  • In HP, set SHLIB_PATH to
    ACInstallDir
    /lib
The shared objects-usually found in the directory
ACInstallDir
/lib- are called snmp.
xx
and libsnmp.
xx
, where the
xx
extension varies according to the platform. The possible extensions are:
  • .o
    AIX platform
  • .sl
    HP platform
  • .so
    All other platforms
If you want to use the SNMP extension of selogrd, and 
Privileged Access Manager
is not installed in the default location, you must set the following environment variables before running selogrd:
  • In AIX, set LIBPATH to
    ACInstallDir
    /lib
  • In Solaris, set LD_LIBRARY_PATH to
    ACInstallDir
    /lib
  • In Linux, set LD_LIBRARY_PATH to
    ACInstallDir
    /lib
  • In HP, set SHLIB_PATH to
    ACInstallDir
    /lib
where
ACInstallDir
is the directory where you installed
Privileged Access Manager
.
Follow these steps:
  1. Create a file called
    ACInstallDir
    /etc/selogrd.ext.
  2. Define where the SNMP shared objects are by adding a single line to the file
    ACInstallDir
    /etc/selogrd.ext with the appropriate path for the snmp.so. (It is enough to specify this shared object for the other to automatically be linked.) For example:
    snmp /opt/CA/PAMSC/lib/snmp.so
  3. Finally, you must configure the selogrd.cfg file to specify what type of action should trigger SNMP traps, and which location should be notified when SNMP traps are triggered. Configuration is very similar to that for other auditing notification, with the delivery system specified as snmp.
    For example, suppose you want to have SNMP traps activated when 
    Privileged Access Manager
    starts and shuts down, and have notification of these SNMP traps sent to AuditPC. You can do this by adding the following section to the selogrd.cfg configuration file:
    snmpRule
    snmp AuditPC
    include Class(START).
    include Class(SHUTDOWN).
    .
    To send SNMP traps to a gateway with a community name, use the following format:
    snmp gateway[@community name]
    Example
    snmp AuditPC@secure
Similarly, you can activate the SNMP traps by other actions or types of access, or have them sent to other locations.