Installing the Luna SNMP Subagent

We find that most customers choosing to use SNMP already have an SNMP infrastructure in place. Therefore, we provide a subagent that you can install on your managed workstations, and which can point to your agent via the socket created by the agent. This applies to Luna USB HSM and Luna PCIe HSM - for Luna Network HSM, the subagent is already on the appliance.

The SNMP subagent (luna-snmp) is an AgentX SNMP module that extends an existing SNMP agent with support for Luna HSM monitoring. It is an optional component of the Luna HSM Client installation. The subagent has been tested against net-snmp, but should work with any SNMP agent that supports the AgentX protocol.

To install the SNMP subagent

After selecting one or more products from the main Luna HSM Client installation menu, you are presented with a list of optional components, including the SNMP subagent. It is not selected by default, but can be installed with any product except the Luna Network HSM client installed in isolation.

1.In the installation media, go to the appropriate folder for your operating system.

2.Run the installer (install.sh for Linux and UNIX, LunaHSMClient.exe for Windows).

3.Choose the Luna products that you wish to install, and include SNMP among your selections. The subagent is installed for any Luna product except Luna Network HSM in isolation.

4.Proceed to Post-installation configuration.

Post-installation configuration

After the Luna HSM Client is installed, complete the following steps to configure the SNMP subagent:

1.Copy the SafeNet MIBs from <install dir>/snmp to the main SNMP agent’s MIB directory.   Or copy to another computer (your SNMP computer) if you are not running SNMP from the same computer where Luna HSM Client software is installed.

2.If running on Windows, configure the subagent via the file <install dir>/snmp/luna-snmp.conf to point to the AgentX port where the main SNMP agent is listening. The file must then be copied to the same directory as snmpd.conf.   (This assumes net-snmp is installed; the setup might differ if you have another agent.)

If running on a UNIX-based platform, the subagent should work without extra configuration assuming that the primary SNMP agent is listening on the default local socket (/var/agentx/master). You still have the option of editing and using luna-snmp.conf.

3.After configuration is complete, start the agent. Then start the subagent via the service tool applicable to your platform (for example, service luna-snmp start on Linux, or start Luna SNMP Subagent Service from the services in Windows).

Normally the agent is started first. However, the subagent periodically attempts to connect to the agent until it is successful. The defaults controlling this behavior are listed below. They can be overridden by changing the appropriate entries in luna-snmp.conf.

Troubleshooting

If you encounter the following warning:

Warning: Failed to connect to the agentx master agent ([NIL]):

you must enable AgentX support by adding master agentx to your SNMPD configuration file. Refer to the man page for snmpd.conf for more information.

Configuration Options In the luna-snmp.conf File

Option   Description Default
agentXSocket [<transport-specifier>:]<transport-address>[,...]   

Defines the address to which the subagent should connect. The default on UNIX-based systems is the Unix Domain socket "/var/agentx/master".

Another common alternative is tcp:localhost:705.

See the section LISTENING ADDRESSES in the snmpd man page for more information about the format of addresses (http://www.net-snmp.org/docs/man/snmpd.html).   

The default, for Linux, is "/var/agentx/master".
In the file, you can choose to un-comment "tcp:localhost:705" which is most commonly used with Windows.   
agentXPingInterval <NUM>    Makes the subagent try to reconnect every <NUM> seconds to the master if it ever becomes (or starts) disconnected.    15  
agentXTimeout <NUM>    Defines the timeout period (NUM seconds) for an AgentX request.   1   
agentXRetries <NUM>    Defines the number of retries for an AgentX request.  5