TEC SNMP adapter

If a  router detects a trap it generates an SNMP event. The SNMP event can be sent directly to Tivoli SNMP adapter. There are two files that should be configured in order the Tivoli SNMP adapter be able to capture and forward the events:

• tecad_snmp.cds
• tecad_snmp.oid

For example Cisco documents the mibs, traps, oid, and other information at this Cisco Web site:

http://www.cisco.com

Tivoli Enterprise Console Correlation

The Tivoli Enterprise Console SNMP adapter recognizes the SNMP traps that are sent by the Cisco routers and maps these SNMP events into Tivoli Enterprise Console events. The SNMP adapter sends the Tivoli Enterprise Console events to the event server for correlation.

Tivoli Risk Manager correlates Cisco router events with other events that come from other types of sensors to provide the Tivoli Risk Manager administrator with a total view of intrusion-detection events.

The SNMP-related classes depend on the classes in the sensor_abstract.baroc and riskmgr.baroc files. The crouter_snmp.baroc file contains the Cisco router class derivatives.

Installation and Configuration

Follow these steps to install and configure the Adapter for Cisco Routers.

1. Install the Tivoli Enterprise Console SNMP Adapter. See the Tivoli Enterprise Console Adapters Guide for specific instructions.
2. Edit the Adapter for Cisco Routers class definition statement file (tecad_snmp.cds). The adapter may be tuned by selectively commenting out unneeded entries in this file.
3. Configure the SNMP adapter by applying the tecad_snmp.cds and tecad_snmp.oid files provided with the Risk Manager Adapter for Cisco Routers package.
4. Configure the Cisco Router to send traps as SNMP events.

Setting up the Non-TME SNMP Adapter for UNIX

For complete instructions on how to install the Tivoli SNMP adapter, refer to the Tivoli Enterprise Console Adapters Guide. When installed, ensure that the adapter can route packets to the event server or Risk Manager Client.

To set up the non-TME SNMP adapter:

1. Install the SNMP adapter. For example, you might install the SNMP adapter on a Solaris system to the following directory using pkgadd: /test/riskmgr/snmp/
2. Change to the directory where you installed the SNMP adapter:

   cd /test/riskmgr/snmp/etc 
   

3. Edit the tecad_snmp.conf configuration file, and look for the line containing ServerLocation. Change this line to:

   ServerLocation=1.2.3.4 
   

   Where 1.2.3.4 is the IP address of the event server or the IP address of the Tivoli Risk Manager Client. The Tivoli Risk Manager Client will typically be installed on the same host as the SNMP Adapter.

4. If the event server is a Windows NT system or if sending events to the Tivoli Risk Manager Client, also add this line:

   ServerPort=5529 
   

5. Change the following entry in the /etc/services file to receive SNMP traps. Add the following lines to the /etc/services file:

   snmp-trap 162/tcp 
   snmp-trap 162/udp 
   

6. Replace the event server tecad_snmp.cds and tecad_snmp.oid files with the ones provided by Tivoli Risk Manager (after any desired updates for tuning).

   Note:

   Both the adapter for ISS RealSecure IDS and the adapter for Cisco Routers use the Tivoli SNMP adapter and Risk Manager adapter files (tecad_snmp.cds, tecad_snmp.oid). If capturing traps from Cisco Routers this procedure does not need to be repeated.

Adapter Management Tasks

This section describes tasks for the adapter for Cisco Routers.

Starting the SNMP Adapter

Both the adapter for Internet Security System (ISS) RealSecure and the adapter for Cisco Routers use the Tivoli SNMP adapter. Starting the SNMP adapter for ISS RealSecure IDS, also starts the SNMP adapter for the Cisco router.

To manually start the SNMP adapter, change to the directory where you installed the Tivoli SNMP adapter software. Depending on the platform, the default location is as follows:

Windows NT systems:

%LCFROOT%\bin\w32-ix86\tme\tec\adapters\bin\net start tecsnmpadapter

For Windows NT, you can use also use the Control Panel to start the SNMP adapter.

AIX system:

$LCFROOT/aix4-r1/TME/TEC/adapters/bin/init.tecad_snmp start

Solaris Operating Environment (Solaris) system:

$LCFROOT/solaris2/TME/TEC/adapters/bin/init.tecad_snmp start

Stopping the SNMP Adapter

Both the adapter for ISS RealSecure IDS and the adapter for Cisco Routers use the Tivoli SNMP adapter. Stopping the SNMP adapter for ISS RealSecure IDS, also stops the SNMP adapter for the Cisco router because the adapters share common tecad_snmp.cds and tecad_snmp.oid files.

To manually stop the SNMP adapter, change to the directory where you installed the Tivoli SNMP adapter software. Depending on the platform, the default location is as follows:

Windows NT systems:

%LCFROOT%\bin\w32-ix86\tme\tec\adapters\bin\net stop tecsnmpadapter

For Windows NT, you can use also use the Control Panel to stop the SNMP adapter.

AIX system:

/$LCFROOT/aix4-r1/TME/TEC/adapters/bin/init.tecad_snmp stop
 

Solaris system:

/$LCFROOT/solaris2/TME/TEC/adapters/bin/init.tecad_snmp stop
 

Stopping the SNMP Daemon

Both the adapter for ISS RealSecure IDS and the adapter for Cisco Routers use the Tivoli SNMP adapter. If you stop the SNMP daemon for ISS RealSecure IDS, you also stop the SNMP daemon for the Cisco router.

To stop the SNMP daemon:

1. Find the ID of the SNMP daemon:

   ps -ef | grep snmpd
   

2. Issue the command:

   kill -9 pid
   

   Where pid is the ID of the SNMP daemon

Changing the Event Server

For a non-Tivoli environment (using a non-TME adapter), edit the tecad_snmp.conf configuration file to forward events to the event server.

To edit this file:

1. Change to the /etc directory where you installed the Tivoli Enterprise Console SNMP adapter software.
2. Edit the tecad_snmp.conf file and change this entry:

   ServerLocation=ip_address
   

   Where ip_address is the IP address of the event server or Tivoli Risk Manager Client.

Editing the UNIX Services File

Change the following entry in the UNIX /etc/services file to receive SNMP traps:

snmp-trap  162/tcp    # snmp monitor trap port
snmp-trap  162/udp    # snmp monitor trap port  

Further Notes

Cisco Router Traps

The SNMP Tivoli Enterprise Console adapter handles SNMP Version 1 traps.

Cisco Router-Specific Traps

The following is a list of Cisco-specific traps that produce Tivoli Risk Manager events that are forwarded to the event server:

Miscellaneous Traps

The following is a list of traps that belong to the miscellaneous category (such as, configuration, topology, port, and root changes):

Generic SNMP Authentication Failure Traps

The following is a list of traps that belong to the generic SNMP authentication failure traps category:

NEWS CONTENTS

• 200102 : Installing and Configuring the Tivoli Enterprise Console SNMP Adapter for ACF ( Installing and Configuring the Tivoli Enterprise Console SNMP Adapter for ACF, )
• 200102 : Integrating Agent Connection with a Management System ( Integrating Agent Connection with a Management System, )

Old News ;-)

Installing and Configuring the Tivoli Enterprise Console SNMP Adapter for ACF

Screen by screen instructions for deploying and configuring a new ACF adapter are shown. These instructions assume that the adapter will only support ITCAM for WebSphere traps and events. Support for other traps requires manually appending the tecad_snmp.cds and tecad_snmp.oid files (not shown).

How to deploy the ITCAM for WebSphere SNMP Adapter configuration and Tivoli Enterprise Console^(R) SNMP Adapter using Tivoli Enterprise Console Adapter Configuration Facility.

Dependencies: Framework 3.7.1 or greater, endpoint, Tivoli Enterprise Console 3.8, Tivoli Enterprise Console ACF 3.8 installed.

1. Click Create > Region.
2. Enter a name for the Policy Region, and click Create & Close.
3. Double-click on the Policy Region to open it.
4. Select Properties > Managed Resources.
5. Move ACP and ProfileManager to the left-hand side and click Set & Close.
6. Select Create > ProfileManager.
7. Enter a name, and click the Dataless Endpoint Mode checkbox. Click Create & Close.
8. Double-click to open the Profile.
9. Select Profiles > Subscribers.
10. Move the desired endpoint (to receive the SNMP adapter) to the left-hand side and click Set Subscriptions & Close.
11. Select Create > Profile.
12. Enter a name, select ACP, and click Create & Close.
13. Double-click to open the profile.
14. Click Add Entry.
15. Scroll down, select tecad_snmp, and click Select & Close.
16. Select Environment.
17. Double-click on ServerPort in the left-hand pane. Enter the desired Tivoli Enterprise Console port number (usually 5529 for NT Tivoli Enterprise Console Server, or 0 for a UNIX^(R) Tivoli Enterprise Console Server), and click the checkmark button to accept the change. The entry will display in the right-hand pane.
18. Select Distribution.
19. The .cds file and .oid file should be changed to include the AM traps. There are two choices:
    • Support both ITCAM for WebSphere traps and standard traps. You must manually append the Tivoli^(R) supplied files with the ITCAM for WebSphere files. They are ASCII, so use your favorite editor and/or command line tools. Then follow the directions below.
    • Replace with the ITCAM for WebSphere files, to only support ITCAM for WebSphere traps. Follow the directions as listed below.
20. Double-click on the tecad_snmp.cds entry.
21. Click on the Browse button associated with the right-hand pathname.
22. Browse to the location of am.cds. Select the file, and click Set & Close.
23. Click the checkmark button to accept the change, as shown in the lower pane.
24. Repeat the steps to change the right-hand value of tecad_snmp.oid to point to am.oid.
25. Click Save & Close.
26. Close the profile.
27. Distribute the profile (ex. drag the profile on top of the endpoint.) The main window of the desktop shows a log of actions.
28. The adapter is configured, distributed, and running.

Integrating Agent Connection with a Management System

The Agent Connection for TUXEDO and M3 has the ability to translate TUXEDO system event notifications into SNMP trap notifications. These traps can be sent to the Tivoli Event Console (TEC) using the TEC SNMP Adapter. The TEC SNMP Adapter must be installed on the TUXEDO master node along with the Agent Connection, as illustrated in Figure 3-4.

To integrate the Agent Connection with the Tivoli Event Console, do the following:

1. Install the TEC SNMP Adapter.

   The Tivoli Event Console SNMP Adapter needs to be installed - preferably on the TUXEDO master node.

2. Configure the TEC SNMP Adapter.

   The following is a suggested mapping of TUXEDO to Tivoli events. You may need to modify this mapping to meet your own requirements.

   1. To provide a class definition for TUXEDO events, copy the following lines from the file bea2tiv.baroc, provided with Agent Connection, to the file tecad_snmp.baroc of the TEC SNMP Adapter.

      TEC_CLASS :
           Tux_Event ISA  Specific_SNMP_Trap
             DEFINES {
                     severity: default = WARNING;
                     class: STRING;
                     ulogcat: STRING;
                     ulogmsgnum: INTEGER;
                     };
      END

   2. To provide a class description for TUXEDO events, copy the following lines from the file bea2tiv.cds, provided with Agent Connection, to the file tecad_snmp.cds of the TEC SNMP Adapter:

      CLASS Tux_Event
         SELECT
            1: ATTR(=, "tuxEventsName" ) ;
            2: ATTR(=, "tuxEventsLmid" ) ;
            3: ATTR(=, "tuxEventsTime" ) ;
            4: ATTR(=, "tuxEventsDescription" ) ;
            5: ATTR(=, "tuxEventsClass" ) ;
            6: ATTR(=, "tuxEventsUlogCat" ) ;
            7: ATTR(=, "tuxEventsUlogMsgNum" ) ;
         MAP
            source = "TUXEDO";
            enterprise = "tuxedo";
            sub_source = $V1;
            hostname = $V2;
            date = $V3;
            msg = $V4;
            class = $V5;
            ulogcat = $V6
            ulogmsgnum = $V7;
      END

   3. To provide the OID definitions needed for TUXEDO events, copy the following lines from the file bea2tiv.oid, provided with Agent Connection, to the file tecad_snmp.oid of the TEC SNMP Adapter:

      "tuxedo"                 "1.3.6.1.4.1.140"
      "tuxEventsName"          "1.3.6.1.4.1.140.300.2.6.1"
      "tuxEventsSeverity"      "1.3.6.1.4.1.140.300.2.6.2"
      "tuxEventsLmid"          "1.3.6.1.4.1.140.300.2.6.3"
      "tuxEventsTime"          "1.3.6.1.4.1.140.300.2.6.4"
      "tuxEventsUsec"          "1.3.6.1.4.1.140.300.2.6.5"
      "tuxEventsDescription"   "1.3.6.1.4.1.140.300.2.6.6"
      "tuxEventsClass"         "1.3.6.1.4.1.140.300.2.6.7"
      "tuxEventsUlogCat"       "1.3.6.1.4.1.140.300.2.6.8"
      "tuxEventsUlogMsgNum"    "1.3.6.1.4.1.140.300.2.6.9"

3. Set up trap destination for BEA Manager.

   Ensure that the TRAP_HOST entry in the BEA Manager configuration file (beamgr.conf) points to the host where the Tivoli Event Console SNMP Adapter is running.

4. Start the TUXEDO or M3 SNMP agents.

   Refer to Chapter 2, "Setting Up the Agents," for more information.

5. Set up the Tivoli Event Server for TUXEDO events.

   Set up the rules on the Tivoli management system that are to be applied to incoming TUXEDO system events. This is essentially the same process as described in Step 4 under "Integrating M3 and TUXEDO Event Notifications."

6. Set up the Tivoli Event Console for display of TUXEDO events.

   You may need to configure the Tivoli management system to select which TUXEDO events to display and how they should be displayed.

Distributed Monitoring of TUXEDO or M3 Applications

Tivoli has the ability to distribute polling or data collecting to distributed Tivoli agents. The following steps are an example of how to implement distributed monitoring of TUXEDO or M3 MIB objects on the Tivoli platform:

1. Create a new monitor that specifies the object you want to monitor.

   The Profiles Property window lists the monitors which you have configured to do threshold-checking. Select Add Monitor from the Profile Properties window.

2. Select the UserSNMP monitoring collection, as shown in Figure 3-5.

   Figure 3-5 Adding a New Monitor to a Tivoli Profile

   

   You can define the frequency of polling, the SNMP community, and the object that you wish to monitor. The object must be specified using the absolute object identifier (OID). In the example we have used .1.3.6.1.4.1.140.305.1.6.0, which is the OID for beaDomainStatus. In this case we are setting up a monitor to check whether a TUXEDO domain is active.

   In the case of columnar objects, you need to know which instance to monitor. For information on how to specify an instance using an object identifier, refer to the "Polling" chapter in the Agent Integrator Reference Manual.

3. Define the polling threshold and the desired response.

   Select Add Empty to invoke the Monitor window. This allows you to specify the polling threshold, and other properties of the monitor, such as the severity of the Tivoli event that is generated when the threshold is crossed. In Figure 3-6, we specify a threshold of Not equal to 1 because we want to know when the domain is not active.

   Figure 3-6 Defining a Polling Threshold

   

4. Distribute the monitor to the Tivoli agents.

   Once you have defined a monitor that specifies the polling interval and condition being checked, you can deploy this monitoring profile to the Tivoli agents for distributed monitoring. Consult the Tivoli documentation for further information.

TEC Documentation

IBM Tivoli Enterprise Console Adapters Guide, SC32-1242 Provides information about supported adapters, including how to install and configure these adapters.

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes :  Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce :  Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS :  Programming Languages History : PL/1 : Simula 67 : C : History of GCC development :  Scripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month :  How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019