Configure the SNMP agent
You can configure the StorageGRID SNMP agent to use a third-party SNMP management system for read-only MIB access and notifications.
-
You are signed in to the Grid Manager using a supported web browser.
-
You have the Root access permission.
The StorageGRID SNMP agent supports SNMPv1, SNMPv2c, and SNMPv3. You can configure the agent for one or more versions. For SNMPv3, only User Security Model (USM) authentication is supported.
All nodes in the grid use the same SNMP configuration.
Specify basic configuration
As a first step, enable the StorageGRID SMNP agent and provide basic information.
-
Select CONFIGURATION > Monitoring > SNMP agent.
The SNMP agent page appears.
-
To enable the SNMP agent on all grid nodes, select the Enable SNMP checkbox.
-
Enter the following information in the Basic configuration section.
Field Description System contact
Optional. The primary contact for the StorageGRID system, which is returned in SNMP messages as sysContact.
The System contact is typically an email address. This value applies to all nodes in the StorageGRID system. System contact can be a maximum of 255 characters.
System location
Optional. The location of the StorageGRID system, which is returned in SNMP messages as sysLocation.
The System location can be any information that is useful for identifying where your StorageGRID system is located. For example, you might use the street address of a facility. This value applies to all nodes in the StorageGRID system. System location can be a maximum of 255 characters.
Enable SNMP agent notifications
-
If selected, the StorageGRID SNMP agent sends trap and inform notifications.
-
If not selected, the SNMP agent supports read-only MIB access, but it doesn't send any SNMP notifications.
Enable authentication traps
If selected, the StorageGRID SNMP agent sends authentication traps if it receives improperly authenticated protocol messages.
-
Enter community strings
If you use SNMPv1 or SNMPv2c, complete the Community strings section.
When the management system queries the StorageGRID MIB, it sends a community string. If the community string matches one of the values specified here, the SNMP agent sends a response to the management system.
-
For Read-only community, optionally enter a community string to allow read-only MIB access on IPv4 and IPv6 agent addresses.
To ensure the security of your StorageGRID system, don't use "public" as the community string. If you leave this field blank, the SNMP agent uses the grid ID of your StorageGRID system as the community string. Each community string can be a maximum of 32 characters and can't contain whitespace characters.
-
Select Add another community string to add additional strings.
Up to five strings are allowed.
Create trap destinations
Use the Trap destinations tab in the Other configurations section to define one or more destinations for StorageGRID trap or inform notifications. When you enable the SNMP agent and select Save, StorageGRID sends notifications to each defined destination when alerts are triggered. Standard notifications are also sent for the supported MIB-II entities (for example, ifDown and coldStart).
-
For the Default trap community field, optionally enter the default community string you want to use for SNMPv1 or SNMPv2 trap destinations.
As required, you can provide a different ("custom") community string when you define a specific trap destination.
Default trap community can be a maximum of 32 characters and can't contain whitespace characters.
-
To add a trap destination, select Create.
-
Select which SNMP version will be used for this trap destination.
-
Complete the Create trap destination form for the version you selected.
SNMPv1If you selected SNMPv1 as the version, complete these fields.
Field Description Type
Must be Trap for SNMPv1.
Host
An IPv4 or IPv6 address or a fully-qualified domain name (FQDN) to receive the trap.
Port
Use 162, which the standard port for SNMP traps unless you must use another value.
Protocol
Use UDP, which is the standard SNMP trap protocol unless you need to use TCP.
Community string
Use the default trap community, if one was specified, or enter a custom community string for this trap destination.
The custom community string can be a maximum of 32 characters and can't contain whitespace.
SNMPv2cIf you selected SNMPv2c as the version, complete these fields.
Field Description Type
Whether the destination will be used for traps or informs.
Host
An IPv4 or IPv6 address or FQDN to receive the trap.
Port
Use 162, which is the standard port for SNMP traps unless you must use another value.
Protocol
Use UDP, which is the standard SNMP trap protocol unless you need to use TCP.
Community string
Use the default trap community, if one was specified, or enter a custom community string for this trap destination.
The custom community string can be a maximum of 32 characters and can't contain whitespace.
SNMPv3If you selected SNMPv3 as the version, complete these fields.
Field Description Type
Whether the destination will be used for traps or informs.
Host
An IPv4 or IPv6 address or FQDN to receive the trap.
Port
Use 162, which is the standard port for SNMP traps unless you must use another value.
Protocol
Use UDP, which is the standard SNMP trap protocol unless you need to use TCP.
USM user
The USM user that will be used for authentication.
-
If you selected Trap, only USM users without authoritative engine IDs are shown.
-
If you selected Inform, only USM users with authoritative engine IDs are shown.
-
If no users are shown:
-
Create and save the trap destination.
-
Go to Create USM users and create the user.
-
Return to the Trap destinations tab, select the saved destination from the table, and select Edit.
-
Select the user.
-
-
-
Select Create.
The trap destination is created and added to the table.
Create agent addresses
Optionally, use the Agent addresses tab in the Other configurations section to specify one or more "listening addresses." These are the StorageGRID addresses on which the SNMP agent can receive queries.
If you don't configure an agent address, the default listening address is UDP port 161 on all StorageGRID networks.
-
Select Create.
-
Enter the following information.
Field Description Internet protocol
Whether this address will use IPv4 or IPv6.
By default, SNMP uses IPv4.
Transport protocol
Whether this address will use UDP or TCP.
By default, SNMP uses UDP.
StorageGRID network
Which StorageGRID network the agent will listen on.
-
Grid, Admin, and Client Networks: The SNMP agent will listen for queries on all three networks.
-
Grid Network
-
Admin Network
-
Client Network
Note: If you use the Client Network for insecure data and you create an agent address for the Client Network, be aware that SNMP traffic will also be insecure.
Port
Optionally, the port number that the SNMP agent should listen on.
The default UDP port for an SNMP agent is 161, but you can enter any unused port number.
Note: When you save the SNMP agent, StorageGRID automatically opens the agent address ports on the internal firewall. You must ensure that any external firewalls allow access to these ports.
-
-
Select Create.
The agent address is created and added to the table.
Create USM users
If you are using SNMPv3, use the USM users tab in the Other configurations section to define the USM users who are authorized to query the MIB or to receive traps and informs.
SNMPv3 inform destinations must have users with engine IDs. SNMPv3 trap destination can't have users with engine IDs. |
These steps don't apply if you are only using SNMPv1 or SNMPv2c.
-
Select Create.
-
Enter the following information.
Field Description Username
A unique name for this USM user.
Usernames can have a maximum of 32 characters and can't contain whitespace characters. The username can't be changed after the user is created.
Read-only MIB access
If selected, this user should have read-only access to the MIB.
Authoritative engine ID
If this user will be used in an inform destination, the authoritative engine ID for this user.
Enter 10 to 64 hex characters (5 to 32 bytes) with no spaces. This value is required for USM users that will be selected in trap destinations for informs. This value is not allowed for USM users that will be selected in trap destinations for traps.
Note: This field is not shown if you selected Read-only MIB access because USM users who have read-only MIB access can't have engine IDs.
Security level
The security level for the USM user:
-
authPriv: This user communicates with authentication and privacy (encryption). You must specify an authentication protocol and password and a privacy protocol and password.
-
authNoPriv: This user communicates with authentication and without privacy (no encryption). You must specify an authentication protocol and password.
Authentication protocol
Always set to SHA, which is the only protocol supported (HMAC-SHA-96).
Password
The password this user will use for authentication.
Privacy protocol
Shown only if you selected authPriv and always set to AES, which is the only privacy protocol supported.
Password
Shown only if you selected authPriv. The password this user will use for privacy.
-
-
Select Create.
The USM user is created and added to the table.
-
When you have completed the SNMP agent configuration, select Save.
The new SNMP agent configuration becomes active.