Configuring SNMP agents

If you installed OneSpan Authentication Server on a host where an SNMP daemon is running and want to use system monitoring in OneSpan Authentication Server, then you will have to configure the SNMP agent.

You need to:

  • Configure the OneSpan Authentication Server SNMP subagent
  • Integrate the OneSpan Authentication Server MIB files

Configuring OneSpan Authentication Server as SNMP subagent

Net-SNMP

If you are using Net-SNMP, you can adapt the configuration by editing the respective configuration files.

Add the following lines to the configuration file for the Net-SNMP SNMP agent, i.e. /etc/snmp/snmpd.conf:

agentaddress ip_address:161

sysObjectID 1.3.6.1.4.1.3995.2.2.1

proc identikey 1 1

master agentx

agentXSocket tcp:localhost:705

If agentaddress is not already configured, set ip_address to the IP address of the Net-SNMP agent host.

To access system and performance monitoring figures of OneSpan Authentication Server, you need to configure the necessary access rights for the SNMP user.

To configure SNMP user access privileges

  1. If required, stop the Net-SNMP daemon:

    /etc/init.d/net-snmp stop

  2. Add the following line to /var/lib/snmp/snmpd.conf:

    createUser username SHA "auth_password" AES "enc_password"

    where:

    • auth_password is the passphrase used for signing messages sent.
    • enc_password is the passphrase used to encrypt the data portions of the messages; the minimum length for each is 8 characters.
    • username is an arbitrary user ID with a maximum length of 32 characters, e.g. ias.
  3. Add the following line to the configuration file for the Net-SNMP SNMP agent, i.e. /etc/snmp/snmpd.conf:

    rwuser username

    This gives full access to the SNMP tree for user username.

  4. If required, restart the Net-SNMP daemon:

    /etc/init.d/net-snmp start

For more information about SNMPv3 user account management, refer to http://www.net-snmp.org/docs/README.snmpv3.html.

Generic SNMP setup

For information about configuring OneSpan Authentication Server as SNMP subagent for SNMP agents other than the supported versions of Net-SNMP, refer to the documentation for your SNMP manager.

Configuring SNMP agents to include the OneSpan Authentication Server MIB files

The data for SNMP is held in a Management Information Base (MIB) and can be configured. The configuration file for SNMP applications, i.e. snmp.conf, contains information about the OneSpan MIB files used in OneSpan Authentication Server, which supports a number of MIB modules (also referred to as MIBs).

The MIB files are located in install_dir/mibs.

For more information about the MIBs, refer to the OneSpan Authentication Server Administrator Guide.

Net-SNMP

If you are using a supported version of Net-SNMP, you can adapt the configuration by editing the respective configuration files.

Add the following lines to the configuration file for the Net-SNMP applications, i.e. /etc/snmp/snmp.conf:

mibdirs +/opt/vasco/ias/mibs

mibs +VASCO-MIB

mibs +VASCO-IDENTIKEY-MIB

mibs +VASCO-IDENTIKEY-COMMUNICATOR-SEAL-MIB

mibs +VASCO-IDENTIKEY-COMMUNICATOR-SOAP-MIB

mibs +VASCO-IDENTIKEY-CRYPTO-MIB

mibs +VASCO-IDENTIKEY-DATAMODEL-MIB

mibs +VASCO-IDENTIKEY-SCENARIO-MIB

mibs +RADIUS-AUTH-SERVER-MIB

mibs +RADIUS-AUTH-CLIENT-MIB

Generic SNMP setup

For information about installing MIB modules for SNMP agents other than the supported versions of Net-SNMP, refer to the documentation for your SNMP manager.