Configuring SNMP trap notifications

This topic describes how to configure SNMP trap notifications in the sender environment (Cloud Pak for Data System).

About this task

SNMP versions v1, v2c and v3 are available on Cloud Pak for Data System. You can set version when running ap config --set snmp with snmp_version and snmp_community parameters.

If you switch between versions 3 and 1 or 2c, the configuration parameters are preserved in the system.

You can also select between traps and informs with ap config --set snmp --snmp_notification_type <trap|inform>:
trap
A trap is an SNMP message sent from one application to another (which is typically on a remote host) to notify the other application of an event. Traps are unacknowledged, that is, no confirmation is sent back.
inform
Informs are acknowledged traps, that is, when the remote application receives the inform, it sends back the confirmation.
Example trap and inform configurations:
[root@e1n1 ~]# ap config --list snmp
PySNMP is used for operating with TRAPs
Ip Address/Hostname      : e1n3
Port                     : 33162
Version                  : 3
Community                : 
Engine Id                : 8000000201099E8F1E
Security Level           : 2
Security Name            : sha-aes-trap
Authentication Key       : ***
Authentication Protocol  : 2
Encryption Key           : ***
Encryption Protocol      : 2
[root@e1n1 ~]#
[root@e1n1 ~]# ap config --list snmp
Net-SNMP is used for operating with INFORMs
Ip Address/Hostname      : e1n3
Port                     : 33162
Version                  : 3
Community                : 
Engine Id                : 
Security Level           : 2
Security Name            : sha-aes-inform
Authentication Key       : ***
Authentication Protocol  : 2
Encryption Key           : ***
Encryption Protocol      : 2
[root@e1n1 ~]#
You use the ap config --set snmp command to set the required parameters:
  • SNMP version --snmp_version
    If snmp_version is set to 1 or 2, you also have to set the following parameters:
    • snmp_community
    • snmp_ip_address
    • snmp_port
    If snmp_version is set to 3, you also have to set following parameters:
    • snmp_engine_id
    • snmp_security_name
    • snmp_security_level
    • snmp_auth_protocol
    • snmp_auth_key
    • snmp_enc_protocol
    • snmp_enc_key
    • snmp_ip_address
    • snmp_port
  • SNMP driver --snmp_driver
    • netsnmp (default)
    • pysnmp
  • SNMP type --snmp_notification_type
    • trap (default)
    • inform
  • SNMP community --snmp_community
  • security name --snmp_security_name
  • IPv4 address --snmp_ip_address
  • remote port --snmp_port
  • SNMP engine id --snmp_engine_id
  • security level --snmp_security_level - accepted values:
    • 0 - noAuthNoPriv
    • 1 - authNoPriv
    • 2 - authPriv
  • authentication protocol --snmp_auth_protocol - accepted values:
    • 0 - None
    • 1 - MD5
    • 2 - SHA
  • encryption protocol --snmp_enc_protocol - accepted values:
    • 0 - None
    • 1 - DES
    • 2 - AES
  • authentication passphrase --snmp_auth_key - must be at least 8 symbols long (see man snmpcmd 1)
  • encryption passphrase --snmp_enc_key - must be at least 8 symbols long (see man snmpcmd 1)

Procedure

  1. Provide the above parameters:
    • all parameters at once:
      ap config --set snmp\
--snmp_ip_address <receiver_ip_address>\
--snmp_port <receiver_port>\
--snmp_engine_id 0x11235813213455\
--snmp_security_name usr-sha-aes\
--snmp_security_level 2\
--snmp_auth_protocol 2\
--snmp_enc_protocol 2\
--snmp_auth_key a.usr-sha-aes\
--snmp_enc_key p.usr-sha-aes;
    • one by one:
      ap config --set snmp --snmp_ip_address <receiver_ip_address>;
ap config --set snmp --snmp_port <receiver_port>;
ap config --set snmp --snmp_engine_id 0x11235813213455;
ap config --set snmp --snmp_security_name usr-sha-aes;
ap config --set snmp --snmp_security_level 2;
ap config --set snmp --snmp_auth_protocol 2;
ap config --set snmp --snmp_enc_protocol 2;
ap config --set snmp --snmp_auth_key a.usr-sha-aes;
ap config --set snmp --snmp_enc_key p.usr-sha-aes;
    Note that when you provide the parameters one by one, you must set the protocol first, and then the passphrase.
  2. Define alert rules which are to be applied to specific alerts or alert types: 
    ap config --set alerts_rules --type (action|to|add_to) [--scope <alert_type>|<alert_reason_code>] \
--value (<action_int>|<email_list>)
    where action_int value defines how the alert is handled. The following values are related to SNMP:
    • 4 - send SNMP trap
    • 5 - send email and SNMP trap
    • 6 - send SNMP trap and open PMR
    For more information on the command and its values, see ap config command. For examples, see SNMP setup examples.

What to do next

You must now configure the receiver environment as described in Configuring SNMP trap receiver.