Configuring Snmptrapd on Solaris
To setup Snmptrapd on Solaris, do the following:
- In Solaris, the Snmptrapd package comes bundled along with the eG agent package. Therefore, first, install the eG agent.
- Upon agent installation, the /opt/egurkha/agent/snmptrapd directory will be automatically created. This directory will contain the files check_trapd, start_trapd, and cron_trapd, and a sub-directoy named log.
- To start the Snmptrapd process, execute the command crontab cron_trapd from the /opt/egurkha/agent/snmptrapd directory.
The start_trapd file will contain the port at which the Snmptrapd process listens for SNMP traps from SNMP agents. The default SNMP trap port is 162. However, in Solaris environments, a default Snmptrapd process already runs at this port. Therefore, for Unix environments, the port has been set to 6667. This default port setting can be modified by editing the port parameter of the start_trapd file. Similarly, you can change the default –c public specification in the file to reflect the community string that snmptrapd should use in your environment. If more than one community strings are available in your environment, then, you can specify the same as a comma-separated list. For example, if you have two community strings named public and private, then can specify -c public, private in the file to reflect the community strings that the snmptrad should use.
Ensure that the port number and community string (default: public) specified in the start_trapd file is the same as the SNMP port of the application or network device from which the SNMP traps originate.
To configure the SNMP Trap Receiver with SNMP v3 support, follow the steps discussed below:
- Edit the start_trapd file in the /opt/egurkha/agent/snmptrapd directory.
- Ensure that -v parameter is set to 3 to support SNMP version 3. Also, since SNMP v3 does not support a community string, make sure that the -c parameter is set to none.
Then, ensure that valid values are provided for the following parameters in the start_trapd file:
Security level; this can be noAuthNoPriv, authNoPriv, or authPriv
Security name or user name; where multiple Security name or user names are available in an environment, you can specify a comma-separated list of Security names or user names
Authentication protocol; this can be MD5 (for Message Digest Algorithm) or SHA (for Secure Hash Algorithm) - you can specify a comma-separated list of Authentication protocols
Authentication protocol pass phrase; you can specify a comma-separated list of Authentication protocol pass phrase if a comma-separated list of Authentication protocols were specified
Privacy protocol; this can be des (for Data Encryption Standard) or AES (for Advanced Encryption Standard) or AES256; you can specify a comma -separated list of Privacy protocols if multiple Privacy protocols are supported in your environment
Privacy protocol pass phrase; you can specify a comma-separated list of Privacy protocol pass phrase if a comma-separated list of Privacy protocols were specified
A sample entry has been provided below:
-p 6667 -v 3 -c none -e 80.00.08.1c.04.46.64 -l authNoPriv -u Kevin,John -a MD5,SHA -A kvn1234,john@1234 -x DES,AES -X kvn12345,john@2341
- Finally, save the file.