To use the SNMP Emitter, you must:
The Micro Focus MIB file, mf_audit_snmp.mib, is located in the base\bin directory of your Net Express installation.
Note: Some MIB import tools require specific file extensions such as .mib or .mb, or just .txt. Please ensure that you rename this file to match the requirements of your software before attempting to install the Micro Focus MIB extension.
The WinSNMP emitter will work without any further configuration beyond that contained in the audit configuration file.
Windows systems always have WinSNMP installed unless it has been specifically removed or disabled - although, without a little configuration it is quiescent. This is not the case with Net-SNMP, which you must install by hand.
The installation and configuration of Net-SNMP is beyond the scope of this document. Please refer to the Net-SNMP documentation for details. The main project, along with binary distributions, can be found at www.net-snmp.org (binaries are at www.net-snmp.org/download.html).
Once you have installed Net-SNMP, you must add the Micro Focus MIB definitions to the Net-SNMP MIB database before it will accept any actions from the audit emitter. You do this by running mf_audit_net_snmp_deploy.bat, which is supplied in the base/bin directory of your Micro Focus Net Express installation.
The default installation drive for Net-SNMP is c:\usr. However, this location is used is at the discretion of the installer. Therefore, the mf_audit_net_snmp_deploy.bat file has an optional location parameter for specifying the location in which it will attempt to install the MIB. This parameter takes long and spacey names, provided that they are delimited with quote characters. If no parameter is found, the file will attempt to install the MIB into a Net-SNMP installation located in c:\usr.
When you have installed and configured the Agent software, you can configure the audit emitter (see below).
The configuration of each emitter can be viewed as two separate sections: where do you want the Trap messages to be received, and how do you want to send them. This breaks down into a series of location and format options.
The location information is always the same collection of :
The format options vary widely depending upon the version of SNMP to be used.
In the configuration file for the SNMP emitter, the agent.host and agent.port entries configure the snmp emitter to tell the Agent which of its configured management tools should receive the emitted Audit Events. For example:
mfaudit.emitter.snmp#agent.host = 127.0.0.1
WinSNMP cannot handle DNS (text) names and will only accept dotted decimal notation IP addresses like the one shown in the example above.
Net-SNMP can handle DNS or Dotted Decimal notation for the host location.
The Internet Assigned Names Authority (IANA) defines the standard ports to be used for SNMP traffic. Although it is entirely possible that specific installations may choose to use other ports, the following are the defined standard group of ports:
The SNMP Audit Emitter only uses the SNMPTRAP ports. If any installations require an override of the port definitions, please follow the guidance below for configuring the SNMP agents on your installation, and modify the mfaudit.emitter.snmp#agent.port line in the configuration file. Failure to do both sets of configuration will lead to indeterminate results.
mfaudit.emitter.snmp#agent.port = 162
The transmission method is either UDP or TCP. UDP is widely used as it is fast and has few system overheads. UDP was also the only transmission method available in the early days of SNMP. TCP is slower but it can be used to transmit more than a single IP packet of information, and if audited events are being truncated the user should switch to using TCP. When changing a working system, please remember that both the receiver and sender must share a similar configuration, so the changes must be made at both ends of the link.
To select UDP, set transport = UDP. For TCP, set transport = TCP. The default is to use UDP.
mfaudit.emitter.snmp#agent.transport = UDP
The SNMP Trap versions are set using the "snmp_version" configuration option. Acceptable values are either "2" or "3". The default snmpv value is "2".
If SNMP v3 is selected and you wish to use the authentication and privacy features, several extra parameters are also required and you must have the Net SNMP emitter module that is supplied with the Security Pack. See Working with SNMP v3 for more details.
mfaudit.emitter.snmp#agent.snmp_version= 2
The actual range of events that will be audited through this emitter can be masked using the agent.exclude.events option. For more details of this option, please see the general audit facility documentation. The default behaviour is to exclude events below those at category 9.
mfaudit.emitter.snmp#agent.exclude.events=>9
All SNMP v2 and v3 installations operate within logical communities of installations. If no community name is specified all SNMP installations will use the default community name "public".
To specify the community of your local installations and, in particular, that of the receiver of the SNMP audit events, you will need to add a community option to your configuration file. This name must not be spacey in form.
mfaudit.emitter.snmp#agent.community = community_name
Because audit emitters cannot use the Micro Focus Consolidated Tracing Facility (CTF) to produce diagnostic information, the SNMP emitter supports an alternative logging mechanism. This enables you to send log information to a file and optionally to the screen.
To use the logging mechanism, you use the agent.log_emitter, agent.log_to_screen and agent.logfilename entries in the configuration file. The sample below, illustrates the use of these entries. The comment lines (those preceded with #) document the allowable values.
# Emitters cannot use Micro Focus CTF trace facilities, so # a basic alternative logging method has been provided. # # Logging can go to file and screen, or just to file. # # mfaudit.emitter.snmp#agent.log_emitter options # # on - enable all logging options # off - do not log anything # errors - log only errors # flow - log module process flow # content - log audit message (partial) content # errors_flow - log errors and logic flow # errors_flow_content - log errors and logic flow and content mfaudit.emitter.snmp#agent.log_emitter = errors # mfaudit.emitter.snmp#agent.log_to_screen options # on - log to console screen # off - do not log to screen, log to file mfaudit.emitter.snmp#agent.log_to_screen = on # mfaudit.emitter.snmp#agent.logfilename options # if screen logging is disabled log to file name given here mfaudit.emitter.snmp#agent.logfilename = c:\snmpemitter.log
Related topics