Setting up SNMP Monitoring for PAM

book

Article ID: 192323

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

This is to provide a sample configuration of SNMP (v2c and v3) Polling for PAM.

Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

In this example, a "SnmpB" tool is used as the SNMP monitoring tool.
Conceptually other tools should have the equivalent settings.

Steps

1.1. Get "XCEEDIUM-MIB.txt" file for your PAM server version.
(You can get this with help from support. A sample XCEEDIUM-MIB.txt for PAM 3.3.2 is attached to this KB)

1.2. Launch SnmpB and navigate to the "Editor" tab. There click on "File - Open MIB..." and select the XCEEDIUM-MIB.txt 


1.3. Once loaded, click on "File - Save MIB As..." and save it in the "{SnmpB}\mibs" folder as "XCEEDIUM-MIB"


1.4. Exit SnmpB and Launch again.
This step was necessary with SnmpB tool to get the imported MIB to appear in the menu for selection but other tools may not require this step.
Some tools may have extra steps as some tools compile the MIB to their propriatery format.


1.5. Move the XCEEDIUM-MIB to the right panel so it will be loaded.

At this point, if you expand the MIB tree you should be able to find xceedium.


1.6. Goto "Options - Manage Agent Profiles..." menu then right click mouse on the left pane and to select "New agent profile"


1.7. Register PAM Server profile
Name: pam33x01
Agent Address: 172.17.1.11
Agent Port: 161
Supported SNMP Version: SNMPV2


And expand the Agent Profile to show "Snmpv1/v2c" at the left pane.
Then set the "Read community" to "xcdgkpub" and click "OK"



You will now see the Agent Profile selected


This is all the steps required at the Monitoring Tool side of configuration.
Next is the setting at the PAM server side.

2.1. Goto "Configuration - SNMP - Poll Server"


2.2. Uncheck the "SNMP V3 Only". Check "Start at Boot". Click "SAVE" and "START".


Configuration at PAM server is complete.

Now you should be able to poll the PAM server.
At the SnmpB tool, right click on the "iso" level and select "Walk" to get a full report.



Next is to setup SNMPv3.
Following steps are based on what is setup above.

3.1. At the PAM server, goto "Config - SNMP - Poll Server". Click on "STOP", Check "SNMP V3 Only" then "SAVE" and "START"

3.2. Goto "Configuration - SNMP - SNMP V3 Users" and click "ADD" button.
Then fill in the details.
User Name: snmpv3user (You are actually creating a user in PAM in snmp configuration file)
Authentication Passphrase: (just enter whatever password you want to use)
Private Passphrase: (ditto)
Click "OK" to save.


Now the user is created for polling SNMPv3


All the configuration required at the PAM is complete.
Now the SNMP tool side.

4.1. Goto "Options - Manage SNMPv3 USM Profiles..."


4.2. Fill in the details to match the SNMPV3 user created in PAM.
Security User Name: snmpv3user
Authentication Protocol: SHA
Authentication Password: {Same password entered in PAM}
Privacy Protocol: AES128 {If the tool gives option to choose, you must choose "AES" or "AES128". DO NOT SELECT "AES196" or "AES256" as that will fail!}
Privacy Password: {Same password entered in PAM}
Click "OK" to save.



4.3. Goto "Options - Manage Agent Profiles..." and select "pam33x01" profile.


4.4. Check "SNMPV3" and uncheck the "SNMPV2"


4.5. At the left pane, select "SnmpV3".
Then on the right pane, select the Security Name to show "snmpv3user" which was created in the above steps.
Then Select "authPriv" in the Security Level.
Click "OK" to save.


4.6. At the left pane, right click at the "iso" level and select "Walk".
This time it would return 10800 objects.



Attachments

1591324744809__XCEEDIUM-MIB.txt get_app