Configuring SNMP on Tivoli Directory Server.
Configuring SNMP on Tivoli Directory Server.
I was following this link to setup SNMP for TDS. Although, it shows you how to configure TDS for SNMP, I couldn't verify if it really worked.
After lot reading about how SNMP works, I finally managed to get this to work/tested.
[A] Configuration needed on the TDS side:
- Configuring the idssnmp.conf and idssnmp.properties
idssnmp.properties:
server: 127.0.0.1
port: 2389
isSSL: false
ldapbindDN: cn=root
bindDNPwd: mypass
systemuser: Admin
systemuserpwd: mypass
idssnmp.conf:
Port 161
Community public
View 1.3.6.1.4.1.2.6.199
Trap 9.120.98.165 162 public
Poll 60
port: 2389
isSSL: false
ldapbindDN: cn=root
bindDNPwd: mypass
systemuser: Admin
systemuserpwd: mypass
idssnmp.conf:
Port 161
Community public
View 1.3.6.1.4.1.2.6.199
Trap 9.120.98.165 162 public
Poll 60
Some explanation here:
1.3.6.1.4.1.2.6.199 is the enterperise-oid for TDS
9.120.98.165 is the server where your snmptrapd daemon is running (in my case its a RHEL6 box with all snmp related packages installed)
- Configuring TDS to use the installed TDI
You need to edit the sbin/idssnmp file
set IDS_LDAP_TDI_HOME=C:\Progra~1\IBM\TDI\V7.1
- Start the SNMP configuration
C:\Program Files\IBM\LDAP\V6.3\sbin>idssnmp.cmd
-Logging to file: C:\PROGRA~1\IBM\LDAP\V6.3\var\idssnmp.log
-SNMPAgent started
Your TDS SNMP agent is now running on port 161. As soon as it receives snmp request, it will send back a trap to 9.120.98.165 using community string public.
[B] Configuration needed on the SNMP machine (RHEL6)
- Copy the files from to IBM-DIRECTORYSERVER-MIB, INET-ADDRESS-MIB from TDS:
/idstools/snmp to RHEL6:/usr/share/snmp/mibs
- Edit the INET-ADDRESS-MIB to have following entries, just above the final END
InetVersion ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A value representing a version of the IP protocol.
unknown(0) An unknown or unspecified version of the IP
protocol.
ipv4(1) The IPv4 protocol as defined in RFC 791 (STD 5).
ipv6(2) The IPv6 protocol as defined in RFC 2460.
Note that this textual convention SHOULD NOT be used to
distinguish different address types associated with IP
protocols. The InetAddressType has been designed for this
purpose."
REFERENCE "RFC 791, RFC 2460"
SYNTAX INTEGER {
unknown(0),
ipv4(1),
ipv6(2)
}
InetZoneIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"A zone index identifies an instance of a zone of a
specific scope.
The zone index MUST disambiguate identical address
values. For link-local addresses, the zone index will
typically be the interface index (ifIndex as defined in the
IF-MIB) of the interface on which the address is configured.
The zone index may contain the special value 0, which refers
to the default zone. The default zone may be used in cases
where the valid zone index is not known (e.g., when a
management application has to write a link-local IPv6
address without knowing the interface index value). The
default zone SHOULD NOT be used as an easy way out in
cases where the zone index for a non-global IPv6 address
is known."
REFERENCE "RFC4007"
SYNTAX Unsigned32
- Move the original INET-ADDRESS-MIB.txt from /usr/share/snmp/mibs to /root, just to create a backup.
- Add the following line to /etc/snmp/snmptrapd.conf
disableAuthorization yes
- Restart snmpd and snmptrapd
- Send snmp trap message to the TDS machine
snmptrap -v 1 -c public 9.118.46.248 1.3.6.1.4.1.2.6.199 "" 6 1 ""
Some explanation: We're sending the snmptrap message to TDS hosted on 9.118.46.248, using enterprise-oid 1.3.6.1.4.1.2.6.199. Since this is non-standard trap, we send 6 and 1.
Check man snmptrap for more details on this message.
- Check if you got back a trap in /var/log/messages
Apr 7 21:37:31 idiwebworm snmptrapd[8275]: 2014-04-07 21:37:30 idisparks.in.ibm.com [9.118.46.248] (via UDP: [9.118.46.248]:49178->[9.120.98.165]) TRAP, SNMP v1, community public#012#011SNMPv2-SMI::enterprises.2 Enterprise Specific Trap (1) Uptime: 0:00:10.87#012#011SNMPv2-SMI::enterprises.2.6.199.1.1.5.1.1.127.0.0.1.2389 = NULL#011SNMPv2-SMI::enterprises.2.6.199.1.1.7.1.1.127.0.0.1.2389 = NULL#011SNMPv2-SMI::enterprises.2.6.199.1.1.4.1.1.127.0.0.1.2389 = NULL#011SNMPv2-SMI::enterprises.2.6.199.1.1.6.1.1.127.0.0.1.2389 = NULL
- Start the SNMP configuration
C:\Program Files\IBM\LDAP\V6.3\sbin>idssnmp.cmd
-Logging to file: C:\PROGRA~1\IBM\LDAP\V6.3\var\idssnmp.log
-SNMPAgent started
Your TDS SNMP agent is now running on port 161. As soon as it receives snmp request, it will send back a trap to 9.120.98.165 using community string public.
-Logging to file: C:\PROGRA~1\IBM\LDAP\V6.3\var\idssnmp.log
-SNMPAgent started
[B] Configuration needed on the SNMP machine (RHEL6)
- Copy the files from to IBM-DIRECTORYSERVER-MIB, INET-ADDRESS-MIB from TDS:
/idstools/snmp to RHEL6:/usr/share/snmp/mibs - Edit the INET-ADDRESS-MIB to have following entries, just above the final END
InetVersion ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A value representing a version of the IP protocol.
unknown(0) An unknown or unspecified version of the IP
protocol.
ipv4(1) The IPv4 protocol as defined in RFC 791 (STD 5).
ipv6(2) The IPv6 protocol as defined in RFC 2460.
Note that this textual convention SHOULD NOT be used to
distinguish different address types associated with IP
protocols. The InetAddressType has been designed for this
purpose."
REFERENCE "RFC 791, RFC 2460"
SYNTAX INTEGER {
unknown(0),
ipv4(1),
ipv6(2)
}
InetZoneIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"A zone index identifies an instance of a zone of a
specific scope.
The zone index MUST disambiguate identical address
values. For link-local addresses, the zone index will
typically be the interface index (ifIndex as defined in the
IF-MIB) of the interface on which the address is configured.
The zone index may contain the special value 0, which refers
to the default zone. The default zone may be used in cases
where the valid zone index is not known (e.g., when a
management application has to write a link-local IPv6
address without knowing the interface index value). The
default zone SHOULD NOT be used as an easy way out in
cases where the zone index for a non-global IPv6 address
is known."
REFERENCE "RFC4007"
SYNTAX Unsigned32
- Move the original INET-ADDRESS-MIB.txt from /usr/share/snmp/mibs to /root, just to create a backup.
- Add the following line to /etc/snmp/snmptrapd.conf
disableAuthorization yes
- Restart snmpd and snmptrapd
- Send snmp trap message to the TDS machine
snmptrap -v 1 -c public 9.118.46.248 1.3.6.1.4.1.2.6.199 "" 6 1 ""
Some explanation: We're sending the snmptrap message to TDS hosted on 9.118.46.248, using enterprise-oid 1.3.6.1.4.1.2.6.199. Since this is non-standard trap, we send 6 and 1.
Check man snmptrap for more details on this message.
- Check if you got back a trap in /var/log/messages
Apr 7 21:37:31 idiwebworm snmptrapd[8275]: 2014-04-07 21:37:30 idisparks.in.ibm.com [9.118.46.248] (via UDP: [9.118.46.248]:49178->[9.120.98.165]) TRAP, SNMP v1, community public#012#011SNMPv2-SMI::enterprises.2 Enterprise Specific Trap (1) Uptime: 0:00:10.87#012#011SNMPv2-SMI::enterprises.2.6.199.1.1.5.1.1.127.0.0.1.2389 = NULL#011SNMPv2-SMI::enterprises.2.6.199.1.1.7.1.1.127.0.0.1.2389 = NULL#011SNMPv2-SMI::enterprises.2.6.199.1.1.4.1.1.127.0.0.1.2389 = NULL#011SNMPv2-SMI::enterprises.2.6.199.1.1.6.1.1.127.0.0.1.2389 = NULL
Labels: SNMP, Testing snmptrap, Tivoli Directory Server
posted by Chirag Radhakrishnan @ April 08, 2014
1 Comments
