How to configure CA Identity Suite Vapp 14.2 with SNMPv3.

book

Article ID: 139505

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

How to configure CA Identity Suite Vapp 14.2 with  SNMPv3.


Environment

Release : 14.2

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

You can review the link to Monitoring with SNMP.  The commands are similar with SNMP v3

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/virtual-appliance/monitoring-virtual-appliance.html#MonitoringVirtualAppliance-MonitoringwithSNMP  

High level summary of the steps:

  • chkconfig snmpd on
  • chkconfig snmptrapd on
  • service snmpd start
  • service snmptrapd start
  • service snmpd stop
  • net-snmp-create-v3-user
  • service snmpd start

After the user is created you can issue some similar commands below:


snmpwalk -v 3 localhost -u UserName -l authNoPriv -a MD5 -A passphrase -c public .1.3.6.1.4.1.2021.9

snmpwalk -v 3 localhost -u UserName -l authNoPriv -a MD5 -A passphrase -c public sysName


If you are using FIPS you will need -a SHA and -x AES encryption when creating the user.

https://access.redhat.com/solutions/4233271  

create a user with the command.


net-snmp-create-v3-user -a SHA -x AES 


after the user is created the services need to be restarted.


service snmpd stop
service snmpd start  

 

You show now be able to issue similar commands below:


snmpwalk -v 3 localhost -u UserName -l authNoPriv -a SHA -x AES -A passphrase -c public .1.3.6.1.4.1.2021.9
snmpwalk -v 3 localhost -u UserName -l authNoPriv -a SHA -x AES -A passphrase -c public sysName 


Examples Steps to remove a user: 


Get list of current users:
snmpwalk -v 3 localhost -u UserName -l authNoPriv -a SHA -x AES -A passphrase -c public .1.3.6.1.6.3.15.1.2.2.1.3

Another way to get a list of user is to review the last few lines the file: /etc/snmp/snmpd.conf

The last lines should show the users that were previous created.  With this user information,  you can run the snmpusm that were  previously provided to delete the users.


After you get the user name you would like to delete use the command:

snmpusm -v 3 -u UserName -l auth -a SHA -x AES -A passphrase localhost delete UserNameToDelete