Show the Table of Contents

You are here: Administration & Maintenance Manual > Appliance Administration > SNMP

Administration & Maintenance - SNMP

SNMP

For Luna HSM 5.x, SafeNet supports Simple Network Management Protocol (SNMP v3) for remote monitoring of conditions on a local HSM that might require administrative attention.

MIB

We provide the following MIBs (management information base):

MIB Name    Description   
CHRYSALIS-UTSP-MIB.mib    defines SNMP access to information about the Luna appliance   
SAFENET-HSM-MIB.mib defines SNMP access to information about the Luna HSM   
SAFENET-GLOBAL-MIB.mib    must be found in your system path so that symbols can be resolved
 
SAFENET-APPLIANCE-MIB.mib reports Software Version of Luna SA appliance (this MIB exists inside the appliance, only)

Copy all MIBs in <luna client install dir > to the MIB directory on your system.

For Luna SA, the host is the appliance, so all the above MIBs are in the appliance, to support SNMP.

 

Luna SNMP subagent

We find that most customers choosing to use SNMP already have an SNMP infrastructure in place. Therefore, we provide a subagent that you can install on your managed workstations, and which can point to your agent via the socket created by the agent. This applies to Luna G5 and Luna PCI-E - for Luna SA, the subagent is already on the appliance.

The Luna SNMP subagent (luna-snmp) is an AgentX SNMP module that extends an existing SNMP agent with support for SafeNet HSM monitoring. It is an optional component of the Luna client installation. The subagent has been tested against net-snmp, but should work with any SNMP agent that supports the AgentX protocol.

 

SNMP subagent installation

After selecting one or more products from the main LunaClient installation menu, you are presented with a list of optional components, including the Luna SNMP subagent. It is not selected by default, but can be installed with any product except the Luna SA client installed in isolation.

  1. In the installation media, go to the appropriate folder for your operating system.
  2. Run the installer (install.sh for Linux and UNIX, LunaClient.msi for Windows).
  3. Choose the Luna products that you wish to install, and include SNMP among your selections. The subagent is installed for any Luna product except Luna SA in isolation.
  4. Proceed to Post-installation configuration.

 

 

Post-installation configuration

After the Luna client is installed, complete the following steps to configure the SNMP subagent:

  1. Copy the SafeNet MIBs from <install dir>/snmp to the main SNMP agent’s MIB directory.   Or copy to another computer (your SNMP computer) if you are not running SNMP from the same computer where Luna Client software is installed.
  2. If running on Windows, configure the subagent via the file <install dir>/snmp/luna-snmp.conf to point to the AgentX port where the main SNMP agent is listening. The file must then be copied to the same directory as snmpd.conf.   (This assumes net-snmp is installed; the setup might differ if you have another agent.)

    If running on a UNIX-based platform, the subagent should work without extra configuration assuming that the primary SNMP agent is listening on the default local socket (/var/agentx/master). You still have the option of editing and using luna-snmp.conf.   
  3. After configuration is complete, start the agent. Then start the subagent via the service tool applicable to your platform (ex. “service luna-snmp start” on Linux, or start SafeNet Luna SNMP Subagent Service from the services in Windows).

Normally the agent is started first. However, the subagent periodically attempts to connect to the agent until it is successful.  The defaults controlling this behavior are listed below. They can be overridden by changing the appropriate entries in luna-snmp.conf.

 

luna-snmp.conf Options

Option   Description Default
agentXSocket [<transport-specifier>:]<transport-address>[,...]    Defines the address to which the subagent should connect. The default on UNIX-based systems is the Unix Domain socket "/var/agentx/master".
Another common alternative is tcp:localhost:705.
See the section LISTENING ADDRESSES in the snmpd manual page for more information about the format of addresses (http://www.net-snmp.org/docs/man/snmpd.html).   		 The default, for Linux, is "/var/agentx/master".
In the file, you can choose to un-comment "tcp:localhost:705" which is most commonly used with Windows.   
agentXPingInterval <NUM>    Makes the subagent try to reconnect every <NUM> seconds to the master if it ever becomes (or starts) disconnected.    15  
agentXTimeout <NUM>    Defines the timeout period (NUM seconds) for an AgentX request.   1   
agentXRetries <NUM>    Defines the number of retries for an AgentX request.  5

 

 

 

See Also

 

SNMP Operation and Limitations

The SafeNet CHRYSALIS-UTSB MIB

The SAFENET HSM MIB

The SAFENET APPLIANCE MIB

 

Show the Table of Contents