Configuring SNMP agents
If you installed OneSpan Authentication Server on a host where an SNMP
You need to:
- Configure the OneSpan Authentication Server SNMP subagent
- Integrate the OneSpan Authentication Server MIB files
Configuring OneSpan Authentication Server as SNMP subagent
Net-SNMP
If you are using Net-SNMP, you can adapt the configuration by editing the respective configuration files.
Add the following lines to the configuration file for the Net-SNMP SNMP agent, i.e. /etc/snmp/snmpd.conf:
agentaddress ip_address:161
sysObjectID 1.3.6.1.4.1.3995.2.2.1
proc identikey 1 1
master agentx
agentXSocket tcp:localhost:705
If agentaddress is not already configured, set ip_address to the IP address of the Net-SNMP agent host.
To access system and performance monitoring figures of OneSpan Authentication Server, you need to configure the necessary access rights for the SNMP user.
To configure SNMP user access privileges
-
If required, stop the Net-SNMP daemon:
/etc/init.d/net-snmp stop
-
Add the following line to /var/lib/snmp/snmpd.conf:
createUser username SHA "auth_password" AES "enc_password"
where:
- auth_password is the passphrase used for signing messages sent.
- enc_password is the passphrase used to encrypt the data portions of the messages; the minimum length for each is 8 characters.
- username is an arbitrary user ID with a maximum length of 32 characters, e.g. ias.
-
Add the following line to the configuration file for the Net-SNMP SNMP agent, i.e. /etc/snmp/snmpd.conf:
rwuser username
This gives full access to the SNMP tree for user username.
-
If required, restart the Net-SNMP daemon:
/etc/init.d/net-snmp start
For more information about SNMPv3 user account management, refer to http://www.net-snmp.org/docs/README.snmpv3.html.
Generic SNMP setup
For information about configuring OneSpan Authentication Server as SNMP subagent for SNMP agents other than the supported versions of Net-SNMP, refer to the documentation for your SNMP manager.
Configuring SNMP agents to include the OneSpan Authentication Server MIB files
The data for SNMP is held in a Management Information Base (MIB) and can be configured. The configuration file for SNMP applications, i.e. snmp.conf, contains information about the OneSpan MIB files used in OneSpan Authentication Server, which supports a number of MIB modules (also referred to as MIBs).
The MIB files are located in install_dir/mibs.
For more information about the MIBs, refer to the OneSpan Authentication Server Administrator Guide.
Net-SNMP
If you are using a supported version of Net-SNMP, you can adapt the configuration by editing the respective configuration files.
Add the following lines to the configuration file for the Net-SNMP applications, i.e. /etc/snmp/snmp.conf:
mibdirs +/opt/vasco/ias/mibs
mibs +VASCO-MIB
mibs +VASCO-IDENTIKEY-MIB
mibs +VASCO-IDENTIKEY-COMMUNICATOR-SEAL-MIB
mibs +VASCO-IDENTIKEY-COMMUNICATOR-SOAP-MIB
mibs +VASCO-IDENTIKEY-CRYPTO-MIB
mibs +VASCO-IDENTIKEY-DATAMODEL-MIB
mibs +VASCO-IDENTIKEY-SCENARIO-MIB
mibs +RADIUS-AUTH-SERVER-MIB
mibs +RADIUS-AUTH-CLIENT-MIB
Generic SNMP setup
For information about installing MIB modules for SNMP agents other than the supported versions of Net-SNMP, refer to the documentation for your SNMP manager.