test

Sun Management Center 4.0 Installation and Configuration Guide

Chapter 9 Sun Management Center Administration

This chapter provides the instructions for administrative tasks such as Sun Management Center backup, security key regeneration, and other tasks you can perform to resolve configuration problems with your Sun Management Center 4.0 installation.

This chapter discusses the following topics:

Note –

The procedures in this chapter assume that you installed Sun Management Center in the default file system /opt. If you installed Sun Management Center in a different location, substitute /opt with the name of the file system you chose.

Sun Management Center Backup and Recovery

The es-backup command enables you to back up all base and add-on data in your database, and all of the configuration data in /var/opt/SUNWsymon/cfg. The es-restore command restores the database and configuration data from a previous backup.

Using es-backup

You should use es-backup to back up your database and configuration data as follows:

For more information on using the es-backup command to do online backups, see Database Backup and Recovery in Sun Management Center 3.6.1 User’s Guide.

The syntax of the es-backup command is as follows:

es-backup [ -h ] [ -c ] [-y] [ -d dir] [ -o ] [ -e ]

The following table describes the es-backup command parameters.

Table 9–1 es-backup Options

Option 

Modifying Options 

Description 

-c

 

Perform cold backup. 

-d

dir

Back up the database and configuration data to the directory dir.

-e

 

Report estimated backup size. 

-h

 

List the options for es-backup.

-o

 

Perform an online backup. 

-y

 

Perform a non-interactive backup. You will not be prompted to stop Sun Management Center processes, nor will you be prompted for a backup directory name. 

Note –

If you do not specify a backup directory using the --d option, all database and configuration data is backed up to the directory /var/opt/SUNWsymon/backup.

To minimize and prevent data loss, you must run es-backup on a routine basis to enable recovery of your most current data in the event of a system failure. You can create a cron entry for the es-backup -y script to run the script on a periodic basis. As part of the cron entry, you might also want to copy the contents of /var/opt/SUNWsymon/backup to an alternate directory.

Note –

By default, a non-interactive backup overwrites the contents of /var/opt/SUNWsymon/backup. If you have previously performed a non-interactive backup of Sun Management Center data, and you want to save the previous backup, copy the contents of the directory /var/opt/SUNWsymon/backup to another location before running a non-interactive backup.

The following procedure assumes that you installed Sun Management Center in the default directory /opt. If you did not install Sun Management Center in /opt, replace /opt with the name of the directory you specified.

ProcedureTo Manually Back Up Sun Management Center Data to the Default Directory

  1. Log in as root on the Sun Management Center server machine.

  2. Stop all Sun Management Center processes.

    Type the command /opt/SUNWsymon/es-stop -A and press Return.

  3. Backup your Sun Management Center data.

    Type the command /opt/SUNWsymon/es-backup and press Return.

    If any Sun Management Center processes are still running, you are notified that Sun Management Center must be shut down.

    You are asked whether you want to proceed. Type y and press Return.

  4. Specify the backup directory.

    You are prompted for the directory path in which to store the backup. The default location /var/opt/SUNWsymon/backup is displayed.

    • To accept the default backup directory /var/opt/SUNWsymon/backup, press Return.

      If a prior backup has been performed using the default directory /var/opt/SUNWsymon/backup, you are asked whether to delete the old backups.

      • To keep the old backups, type n to exit the backup process, then copy /var/opt/SUNWsymon/backup to a different directory.

      • To overwrite the old backups, type y.

    • To specify a different backup directory, type the name of the directory and press Return.

      For example:


      # Enter full directory path to store the backup data files
   [/var/opt/SUNWsymon/backup]: /backup-set-1

      If the directory does not exist, you are asked whether you want to create the directory. Type y and press Return.

      es-backup stops all running processes, and then backs up the database and configuration data to the directory you specified. When the backup is completed, es-backup starts all Sun Management Center processes.

  5. Validate the backup.

    Type the command /opt/SUNWsymon/sbin/es-restore -c and press Return.

    You are prompted to enter the full directory path to the backup files. The default backup directory path /var/opt/SUNWsymon/backup is displayed.

    • If you chose the default backup directory /var/opt/SUNWsymon/backup, press Return.

    • If you specified a different backup directory, type the full path and name of the directory and press Return.

    es-restore validates the data in the backup directory. You are informed whether the backup data is valid.

    • If the backup is not valid, examine the backup log file /var/opt/SUNWsymon/install/backup_host-name.date and time string.process-id where:

      • host-name is the name of the server you used to create the backup

      • date and time string is the year, date, and time the backup was created

      • process-id is the process ID of the es-backup session that created the backup

    • If the backup is valid, copy the backup directory to a different directory for safe keeping.

    The es-backup log file is /var/opt/SUNWsymon/install/backup_host-name.date and time string.process-id where:

    • host-name is the name of the server you used to perform the backup

    • date and time string is the year, date, and time the backup was run

    • process-id is the process ID of the es-backup session

Using es-restore

To restore your Sun Management Center database and configuration data, for example if your database has been corrupted due to a system failure, use the es-restore command.

The syntax of the es-restore command is as follows:

es-restore [-h] [-c] [ -d dir] [-y] [-f]

The following table describes the es-restore command parameters.

Table 9–2 es-restore Options

Option 

Modifying Options 

Description 

-c

 

Verify the backup files only. Do not restore the data. 

-d

dir

Restore the data using the backup files located in the directory dir.

-h

 

List the options for es-restore.

-f

 

Force database schema recreation. 

-y

 

Use default answer. 

The following procedure assumes that you installed Sun Management Center in the default directory /opt. If you did not install Sun Management Center in /opt, replace /opt with the name of the directory you specified.

ProcedureTo Restore Sun Management Center Data Using the Default Backup Directory

  1. Log in as root on the Sun Management Center server machine.

  2. Stop all Sun Management Center processes.

    Type the command /opt/SUNWsymon/es-stop -A and press Return.

  3. Type the command /opt/SUNWsymon/sbin/es-restore.

    If any Sun Management Center processes are still running, you are notified that Sun Management Center must be shut down.

    You are asked whether you want to proceed. Type y and press Return.

  4. Specify the backup directory.

    You are prompted for the directory path to the backup files. The default location /var/opt/SUNWsymon/backup is displayed.

    • If you are restoring Sun Management Center data from the default backup directory /var/opt/SUNWsymon/backup, press Return.

    • If you are restoring Sun Management Center data from a different backup directory, type the name of the directory and press Return.

    All Sun Management Center processes are stopped. es-restore validates the backup data in the specified directory.

    • If the backup data is corrupted, you are informed, and es-restore exits to the system prompt.

      If you decide not to restore the Sun Management Center data from a different backup, and want to restart Sun Management Center, type /opt/SUNWsymon/sbin/es-start -A and press Return.

    • If the backup data is valid, es-restore restores the database and configuration data from the specified directory.

      When the restore is completed, es-restore restarts all Sun Management Center processes.

    The es-restore log file is /var/opt/SUNWsymon/install/restore_host-name.date and time string.process-id where:

    • host-name is the name of the server you used to perform the restore

    • date and time string is the year, date, and time the restore was run

    • process-id is the process ID of the es-restore session

Regenerating Security Keys

Security keys are used to validate communications between the Sun Management Center server and agent. The server and agent cannot communicate with each other if the server and agent have different security keys.

The Sun Management Center setup process generates the security keys for Sun Management Center components using the following default settings:

The software uses an eight-character password string as a seed to make the generated key unique. During setup, you must create a seed. The same seed must be used for all server and agent setups in a given server context. For more information on server context, see Access Control Definitions and Limitations in Sun Management Center 3.6.1 User’s Guide.

Sun Management Center setup does not create UNIX accounts for the special users public and esmaster. You do not need to log into the Sun Management Center console using these user IDs. These IDs are reserved for internal communication between processes. However, some troubleshooting activities might require you to log in using one of these user IDs. If so, you have to create the user ID, and then assign a password using the usual UNIX commands useradd and passwd. The esmaster user ID bypasses normal permission checks, so use this ID with care. For normal operation, use an existing login account.

Setup provides an opportunity to specify an existing user as a Sun Management Center administrator. This user ID is added to the esadm and esdomadm groups as well as the esusers file. For more information on security and the Sun Management Center superuser, see Chapter 18, Sun Management Center Security, in Sun Management Center 3.6.1 User’s Guide.

The security keys for the components need to be regenerated if one or more of the following is true:

Note –

Changing the host name or the IP address of the Sun Management Center server is not supported.

ProcedureTo Regenerate the Security Keys

Note –

In these examples, shared-secret stands for a secret string of up to eight characters that is common to all machines in a server context. The string is required as an argument to the script base-usm-seed.sh. A default string, maplesyr is provided by the software, but you can specify your own password. This secret string or password is used to generate keys for communication between processes.

The following procedure applies to machines on which the Sun Management Center server, agent, or both server and agent are installed.

  1. Log in as root.

  2. Change to the /opt/SUNWsymon/sbin directory.

  3. Regenerate the security keys.

    • If you installed only the agent layer, type:


      # ./es-run base-usm-seed.sh -s shared-secret -c agent -u public

    • If you installed only the server layer, type:


      # ./es-run base-usm-seed.sh -s shared-secret -c topology -u public
# ./es-run base-usm-seed.sh -s shared-secret -c trap event cfgserver servers

    • If you installed both the agent and server layers on one host, type:


      # ./es-run base-usm-seed.sh -s shared-secret -u public

  4. Restart the Sun Management Center server.

SNMP Daemons and Legacy Agents

This section provides an overview of SNMP, and the procedure for configuring legacy SNMP agents as subagents of the Sun Management Center agent.

SNMP Overview

The Sun Management Center server uses SNMP to communicate with the Sun Management Center agents. SNMP also communicates with the other server components, such as the Topology manager, Configuration manager, Event manager, and Trap handler. By contrast, the Sun Management Center server uses remote method invocation (RMI) to communicate with the Sun Management Center consoles.

The SNMP port definitions for Sun Management Center components are defined in two files:

The domain-config.x file contains one configuration block for each of the SNMP-based Sun Management Center agents. Each configuration block contains at least one line that defines the port address for the corresponding agent. The default port definition for the Sun Management Center server is in the server-config.x file.

You can manually add hosts with Sun Management Center agents that use port addresses other than 161 to the administrative domain through the Create Topology Object window. Alternatively, you can discover these hosts automatically by specifying the port number in the discovery parameters. For more information about the Create Topology Object window, see Chapter 3, Manually Adding Objects to the Topology Database, in Sun Management Center 3.6.1 User’s Guide. For more information about how hosts are discovered automatically, see Chapter 4, Adding Objects to the Topology Database Using the Discovery Manager, in Sun Management Center 3.6.1 User’s Guide. Because you can only specify one port number in addition to port 161, you must select an alternate port number and use that number for all agent installations.

Configuring a Legacy SNMP Agent as a Subagent of an Agent

A legacy SNMP agent is an SNMP agent that is not part of the Sun Management Center agent framework. You might need to configure one or more legacy agents as subagents of a Sun Management Center agent if you want to use the legacy agent with Sun Management Center.

Any legacy SNMP agent can be configured as a subagent of a Sun Management Center Agent provided that the following criteria are met:

The following procedure applies to machines on which the Sun Management Center server, agent, or both server and agent are installed.

ProcedureTo Configure a Legacy SNMP Agent as a Subagent of an Agent

  1. Log in as root.

  2. If the file /var/opt/SUNWsymon/cfg/subagent-registry-d.x does not exist, copy the file from the /opt/SUNWsymon/base/cfg directory


    # cp /opt/SUNWsymon/base/cfg/subagent-registry-d.x /var/opt/SUNWsymon/cfg/

  3. In the file /var/opt/SUNWsymon/cfg/subagent-registry-d.x, find the block that is similar to the following block:


    # sa2 = {
#    type             = legacy
#    persist          = false
#    snmpPort         = "20001"
#    errorAction      = restart
#    startCommand     = "/usr/lib/snmp/mibiisa -p %port"
#    stopCommand      = "kill -9 %pid"
#    pollInterval     = 60
#    pollHoldoff      = 60
#    oidTrees         = 1.3.6.1.2.1
#    snmpVersion      = SNMPv1
#    securityLevel    = noauth
#    securityName     = public
# }

  4. Remove the comment symbols (#) at the beginning of each line so that the code resembles the following code.


    sa2 = {
    type             = legacy
    persist          = false
    snmpPort         = "20001"
    errorAction      = restart
    startCommand     = "/usr/lib/snmp/mibiisa -p %port"
    stopCommand      = "kill -9 %pid"
    pollInterval     = 60
    pollHoldoff      = 60
    managedTrees     = "mib-2 sun"
    oidTrees        = 1.3.6.1.2.1
    snmpVersion      = SNMPv1
    securityLevel    = noauth
    securityName     = public
 }

  5. Modify the codes as follows:

    • Change sa2 to the unique subagent name for the agent.

    • Set type to legacy.

    • Set persist to false if the subagent is stopped when the Sun Management Center agent exits. If this value is true, then the Sun Management Center agent does not stop the subagent when the Sun Management Center agent exits.

    • Set snmpPort to the UDP port number on which you want to run the subagent.

    • Set errorAction to restart, ignore, or kill. If the restart option is used, the Sun Management Center agent tries to restart if the agent encounters an error when communicating with the subagent.

    • Set startCommand to the mandatory command to start the subagent. This command should contain %port, which is replaced by the value that is given in snmpPort.

    • Set stopCommand to the command to stop the process. %pid can represent the process ID (PID) of the subagent process.

    • Set pollInterval to the time in seconds in which the Sun Management Center agent polls the subagent.

    • Set pollHoldoff to the time in seconds after which the first poll is performed on the subagent after the Sun Management Center agent starts the subagent.

    • Set oidTrees to a space-separated list of SNMP OIDs managed by the subagent.

    • Set snmpVersion to either SNMPv1, SNMPv2or SNMPv3.

    • Set securityLevel to either priv, auth, or noauth.

    • Set securityName to the SNMPv1 community name or SNMPv2 security name you want to use.

    For more details, refer to the descriptions in the subagent-registry-d.x file.

  6. Stop and restart Sun Management Center to make the changes effective.

    1. Type /opt/SUNWsymon/sbin/es-stop -A to stop Sun Management Center.

      Wait for all processes to stop successfully.

    2. Type /opt/SUNWsymon/sbin/es-start -A to start Sun Management Center.

      Wait for all processes to start successfully.

    See Chapter 8, Starting and Stopping Sun Management Center for further information.

Reconfiguring Port Addresses

This section describes how to configure Sun Management Center software when port addresses might conflict. See Table 9–3 for a list of the default ports for each Sun Management Center component.

Note –

The Sun Management Center setup process checks whether each default port is in use. If the port is not in use, the default port is assigned. If a port is in use, you are given the opportunity to specify a separate port. In either case, the port assignments are stored in the configuration files, as described in SNMP Overview.

Default Ports

The default ports used by Sun Management Center components might be used by other processes already installed on the system. If you install Sun Management Center using the default port assignments, you might encounter port conflicts and be unable to start Sun Management Center. The Sun Management Center setup process checks the ports for each component. The process prompts you to either assign an alternate port or use the default port.

The following table lists the Sun Management Center components and the default port for each component. See To Determine Whether a Port Is Used to find out how to check whether a port is in use.

Table 9–3 Sun Management Center Default Port Addresses

Layer 

Component 

Default Port Number 

Agent 

Agent

161 

Server 

Trap handler

162 

Server 

Event manager

163 

Server 

Topology manager

164 

Server 

Configuration manager

165 

Server 

Platform 

166 

Advanced System Monitoring Add-on 

System event and configuration tracking component cstservice

167 

Server 

Agent information caching component Metadata

168 

Server 

Server RMI

2099 

Server 

Database

5432 

Server 

Grouping 

5600 

Tomcat 

Web server 

8006 

Server 

Web server default port

8080 

Server 

Web server secure port

8443 

ProcedureTo Determine Whether a Port Is Used

  1. In a terminal window, type /bin/netstat -an | grep portnumber where portnumber is the port number that you want to query. For example: 


    # /bin/netstat -an | grep 8443
#

    • If the port is not in use, only the command-line prompt is returned as shown above.

    • If the port is in reserved or in use, the status of the port is returned. For example: 


      # /bin/netstat -an | grep 1161
#       *.1161                                Idle
# /bin/netstat -an | grep 8080
# 172.16.0.0.8080         *.*                0      0 24576      0 LISTEN

      where 172.16.0.0 is the IP address of the machine on which you entered the netstat command.

Reconfiguring Sun Management Center Ports

To reconfigure Sun Management Center ports, use the es-config command.

The following procedures provide examples of how to use the es-config command to reconfigure Sun Management Center port assignments.

ProcedureTo Reconfigure the Agent SNMP Port

  1. Log in as root on the Sun Management Center server-layer machine.

  2. Locate an unused port.

    See To Determine Whether a Port Is Used.

  3. Type /opt/SUNWsymon/sbin/es-config -p agent.

    es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed. The port number assigned to the agent is displayed next, and you are prompted to enter the port number.


    # ./es-config -p agent
Following ports are occupied by Sun Management Center:
161,162,163,164,165,167,168,166,5600,2099,8080,8443.

Sun Management center agent component is presently using port:161
Hit RETURN key to continue with present configuration.
Enter the port number you would like to use for agent component
    [ 1100 to 65535 ]:

  4. Type the port number that you want to assign, or press Return to use the default 161 port assignment.

    You are asked whether you want to start the Sun Management Center components.

  5. Type y to start the Sun Management Center components, or type n if you do not want to start the components.

ProcedureTo Reconfigure the Server RMI Port Address

  1. Log in as root on the Sun Management Center server-layer machine.

  2. Locate an unused port.

    See To Determine Whether a Port Is Used.

  3. Type /opt/SUNWsymon/sbin/es-config -p rmi.

    es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed. The port number assigned to the server is displayed next, and you are prompted to enter the port number. For example:


    # ./es-config -p rmi
Following ports are occupied by Sun Management Center:
161,162,163,164,165,167,168,166,5600,2099,8080,8443.

Sun Management center server component is presently using port:2099
Hit RETURN key to continue with present configuration.
Enter the port number you would like to use for rmi component 
   [ 1100 to 65535 ]:

  4. Type the port number that you want to assign, or press Return to use the default port assignment.

    You are asked whether you want to start the Sun Management Center components.

  5. Type y to start the Sun Management Center components, or type n if you do not want to start the components.

Using es-config

The syntax for the es-config command is:

es-config [-Adhmnqrox] [-y filename] [-p sunmc_component] [-c sunmc_component:channel] [-u usmuser] [-f filename] [-a option] [-F component:status] [[-P [component:MinPort:MaxPort] [-w webuser] [-M module [-z priv] [-k lauser |-l lauser | -s]]

The following table describes the es-config parameters.

Table 9–4 es-config Options

Option 

Modifying Options 

Description 

-A

 

Configure all ports 

-a

option

Set up database in archive log mode or no archive log mode. The valid values are enable and disable.

-c

sunmc_component:channel

Enable or disable the component channels being logged. Valid Sun Management Center components for which channels can be controlled are topology, cfgserver, event, cstservice, trap, metadata, agent, platform, and platform_instances. Valid channels are debug, info, error, status, history, syslog, warning, eventhistory, trace, trap, audit, and attributeAudit.

-d

 

Restore all ports to the 4.0 default value. See Table 9–3.

-F

component:status

Enable firewall support where the valid values for component are server and console and the valid values for status are enable or disable.

-f

file

Used only with the -r, -u, and -o options. Reads the seed and community string from the specified file and seeds the esd component. The file has the format:


ES_SECURITY_SEED=seed
ES_SNMPV1_STRING=string

where seed is the seed you want to reseed with and string is the community string. The file should be owned by root and have read/write permissions for root only; otherwise the seed could be readable by unauthorized users.

-h

 

List the es-config options.

-k

lauser

Delete the specified Local Access user from the ACL list. This option can be used for Service Management Facility (SMF), Module Configuration Propagation, and Solaris Container Manager modules. 

-L

sunmc_component

List of channels being logged for the given component. The valid Sun Management Center component for which channels can be listed are topology, cfgserver, event, cstservice, trap, metadata, agent, platform, and platform_instances.

-l

lauser

Add Local Access user or users from ACL list. This option can be used for Service Management Facility (SMF), Module Configuration Propagation, and Solaris Container Manager modules. 

-M

module

Module name for local access user. Used in conjunction with -k, -l, -s.

  • When used with the -z option, updates the module level ACLs

  • When used without the -z option, updates the Local Access user

-m

 

Configure module configuration propagation by adding a list of user names to the es-mcp-users configuration file.

-n

 

Enable the Network Address Translation support. 

-P

component:MinPort:MaxPort

Configure the probe mechanism port range where MinPort is the starting port number and MaxPort is the ending port number. The range of ports must be at least 20 for example, 1024:1044. The minimum specified ports for -P is 20. The ports are used by the probe mechanism to execute ad hoc commands for communication between the Sun Management Center server and agent or between server and console. Valid port numbers are 1100-65535.

Valid values for component are server and console.

This option can be used in one of the following ways: 

-P MinPort:MaxPort: Configures port range for communication between server and agent

-P server:MinPort:MaxPort: Configures server port range for communication between server and console

-P console:MinPort:MaxPort: Configures console port range for communication between server and console

Note –

You must configure the port range to support communication between the Sun Management Center server and agent or between server and console through a firewall.

-p

sunmc_component

Configure port to be used by the Sun Management Center component component-name. Valid components are topology, cfgserver, event, cstservice, trap, metadata, rmi, agent, grouping, HTTP, HTTPS, platform, and platform_instances.

-q

 

Exit from script without starting the esd component. By default, the script tries to start the esd component before exiting.

-r

 

Regenerate security keys, and enable or disable encrypted SNMP communication. For more information, see SNMP Encryption (Privacy) in Sun Management Center 3.6.1 User’s Guide

-s

 

Show Local Access users or ACL users. This option can be used for Service Management Facility (SMF), Module Configuration Propagation, and Solaris Container Manager modules. 

-u

usmuser

Create or update User Security Model (USM) user for an SNMPv3 agent. usmname is the name of the SNMPv3 user to be added to the USM table. After entering the user name and pressing Return, you will be prompted to enter the passphrase (minimum of eight characters) and confirm it. This passphrase is used to generate the keys needed for performing SNMPv3 communication.

-w

webuser

Configure or change the specified user to start and stop the Web Server. Sun Management Center server uses noaccess as the default user to start or stop the Tomcat Web Server.

-x

 

Configure PRM data retention parameters 

-y

file

Read the age limits from this file. Used only with the -x option.

-z

priv

Privilege level for USM users. Valid values are admin, operator, and general.

Multiple Trap Destinations

You can specify multiple secondary trap destinations for Sun Management Center agents with the es-trapdest command. Secondary trap destinations (zero or more) receive the same set of traps that are sent to the primary trap destination. Secondary trap destinations do not receive event traps. By default, all traps sent to secondary destinations use SNMPv2c with a community of public. The security level for secondary destinations is noauth.

Using the es-trapdest Command

Secondary trap destinations are managed with the es-trapdest command.

The syntax for the es-trapdest command is:

es-trapdest [-c] [-a host:port] [-v] [-u] [-f] [-d entrynum ] [-l]
Table 9–5 es-trapdest Options

Option 

Modifying Options 

Description 

-c

 

Sun Management Center Component such as agent, platform. Agent is the default component. 

-l

 

List the currently specified secondary trap destinations. 

-d

entrynum

Delete a currently specified secondary trap destination. entrynum is the number of the currently specified secondary trap destination to be deleted. entrynum must match the number listed using the -l option.

-a

host:port

Add a new secondary trap destination.  

-v

 

SNMP Version (SNMPv1, SNMPv2c, SNMPv2u, or SNMPv3) 

-u

 

SNMP User/Community  

-f

 

Trap Filter. The list of OIDs or trap names to be sent to destination. If NOT is the first element, all traps are sent EXCEPT the ones listed. 

You can also specify the following optional parameters when adding a new secondary trap destination with the es-trapdest -a command:

-v version

Specify SNMP version: SNMPv1, SNMPv2c, SNMPv2u, or SNMPv3

-u user

Specify the SNMP community or user name

-f filter

Specify the trap filter

Trap Filter Specification

Trap filters are specified as a list of criteria, which can be either a series of numerical OID prefixes or a series of these mnemonic trap names:

The trap name sunmcTraps represents the OID prefix for all Sun Management Center enterprise-specific traps, and the trap name snmpTraps represents the OID prefix for all the standard traps defined in the SNMP RFCs.

Trap filters can be either positive or negative. A positive filter specifies which traps to send. A negative filter specifies which traps should not be sent. A negative filter is defined by specifying NOT as the first criterion.

For example, to forward only standard SNMP traps to the secondary trap destination, specify the filter as -f "snmpTraps".

To forward all traps except Sun Management Center enterprise-specific traps to the secondary trap destination, specify the filter as -f "NOT sunmcTraps".

Note –

Filter specifications that contain spaces must be enclosed in quotation marks to prevent misinterpretation by the shell.

The following command adds machine02:162 as a secondary trap destination that only receives warmStart and coldStart traps for the Sun Management Center agent:

es-trapdest -a machine02:162 -f "warmStart coldStart"

Platform Agent Instances

Each instance of a platform agent can have its own set of secondary trap destinations. To specify secondary trap destinations for a particular instance of a platform agent, use the -c instance option to the es-trapdest command, where instance is the name of the platform agent instance. If the -c is not specified as an argument to the es-trapdest command, the es-trapdest command uses the default value of agent, which manages the secondary trap destinations for the Sun Management Center agent component.

Registration Trap Configuration

You can configure the agent to send the registration trap at a custom interval. The parameter agentRegisterHoldOff controls the initial delay in sending the first registration trap. By default, the value of this parameter is set to 90 seconds. You can change this parameter value in the file /var/opt/SUNWsymon/cfg/domain-config.x. For example, to set the value to 120 in the file, you would type: 


agent = { 
agentServer = <myHostname>   
	..                 
	agentRegisterHoldOff = 120   
}

The value for this parameter should be between the minimum of 60 seconds and a maximum of 300 seconds.

If for some reason the initial trap is lost and is not received by the configuration server, the parameter agentRegisterRetry controls the interval for resending of the agent registration trap. The parameter has a default value of 300 seconds. If the registration trap is lost, the agent resends the registration trap at the retry interval until it is received by the configuration server.

You can change the parameter value from a minimum of 300 seconds to a maximum of 900 seconds. For example, to set the value to 450 in the file, you would type:


agent = { 
 agentServer = <myHostname>      
	 ..                 
	 agentRegisterRetry = 450         
}

If you specify a value below the minimum, the system uses the minimum value (300 seconds). If you specify a value higher than the maximum, the system uses the maximum value (900 seconds). If you do not specify any values, the system uses the default value of 300 seconds.

Assigning an Agent to a Different Server

This section provides the instructions to assign an agent that is monitored by one Sun Management Center server to another Sun Management Center server.

In the following procedure, assume an agent is currently monitored from Sun Management Center server Machine-A, and you want to reassign the agent to Sun Management Center server Machine-B.

Reassigning an agent to a different server consists of two main steps as follows.

When an agent has been reassigned to a different server, a cached entry still exists in the original server for the agent. The cached entry must be cleared from the original server using the es-servercontrol.sh script to prevent access conflicts. If the cached entry is not cleared from the original server, the original server can still access the agent.

ProcedureTo Assign an Agent to a Different Server

  1. Log in as root on the agent machine.

  2. Reassign the agent to a different server

    To assign the agent to a different server, you must set up the agent using the command es-setup -F.

    Type /opt/SUNWsymon/sbin/es-setup -F.

    You are prompted for the security key seed.

  3. Type the security seed.

    An encrypted security key is need for communications among all Sun Management Center processes. The key is generated based on the password you provide, which must be between one and eight characters long, and contain no spaces. Entries that are greater than eight characters are truncated to eight characters.

    Make sure that you type the same security seed password that you provided during the original installation and setup process for Step b in Setting Up Sun Management Center.

    1. Type the password for the seed to generate the security keys.

    2. Type the password again.

    You are prompted for the SNMPv1 community string.

  4. Specify the SNMPv1 community security string.

    The community string is used for SNMP security.

    Make sure that you type the same community string that you provided during the original installation and setup process for Step c in Setting Up Sun Management Center.

    You are informed that Machine-A is configured as your Sun Management Center server, where Machine-A is the actual name of the server to which the agent currently is assigned. For example: 


    Machine-A appears to be configured as your Sun Management Center server.
Is this correct (y|n|q)

    Type n. You are prompted for the Sun Management Center server hostname.

  5. Type the hostname of the server to which you want to reassign the agent.

    Type the name of the server. For example:


    Machine-A appears to be configured as your Sun Management Center server.
Is this correct (y|n|q) n
Please enter the Sun Management Center Server Hostname: Machine-B

    You are asked whether you want to start the Sun Management Center agent.

  6. Start the agent.

  7. Log in as root on the original server.

  8. Type the command /opt/SUNWsymon/base/sbin/es-servercontrol.sh.

    • If the ESROOT environment variable is set, you are prompted for the Sun Management Center server host name. Go to Step 10.

    • If the ESROOT environment variable is not set, you are notified and prompted for the ESROOT directory.

  9. Specify the ESROOT directory.

    The ESROOT environment variable specifies the location of the Sun Management Center SUNWsymon directory.


    The ESROOT environment variable is not set.
 Enter ESROOT [/opt/SUNWsymon]:

    Press Return to accept the displayed default of /opt/SUNWsymon, or type the full path to the SUNWsymon directory.

  10. Specify the Sun Management Center server host name.

    You are prompted for the server host name.


    Enter the hostname of the Sun Management Center server [Machine-A]:

    Press Return to accept the displayed default hostname, or type the server hostname. The server hostname must be the name of the original server to which the agent was assigned.

    You are prompted for the server port.

  11. Specify the Sun Management Center server port.

    The server port is the remote method invocation (RMI) port used by the Sun Management Center server. See Table 9–3 for further information.

    The current RMI port is displayed.


    Enter the port of the Sun Management Center server [2099]:

    Press Return to accept the displayed port, or type the port that is used for RMI.

    You are prompted for the Sun Management Center superuser ID.

  12. Specify the superuser ID.

    The superuser ID is the administration user ID that you assigned during the original installation and setup process.

    The current superuser ID is displayed.


    Enter the Sun Management Center Superuser ID [esmaster]:

    Press Return to accept the displayed ID, or type the administrator ID.

    You are prompted for the superuser password.

  13. Type the password.

    A list of server control functions is displayed.

  14. Clear the server cache.

    Type 1 to select Clear the Server Context Cache. For example:


    Select one of the following Server control functions:
0) View the Server Context Cache
1) Clear the Server Context Cache
2) Remove a host from the Server Context Cache
3) Remove a host:port from the Server Context Cache
4) View the SNMP OID (Finder and Privacy OID) Cache
5) Clear the SNMP OID (Finder and Privacy OID) Cache
6) Remove a host from the SNMP OID (Finder and Privacy OID) Cache
7) Remove a host:port from the SNMP OID (Finder and Privacy OID) Cache
8) Remove a host:port from the Cfgserver Engines Table
9) Exit

Please Enter Your Selection [9]:1

    The server cache is cleared, and the server control list is displayed again. Type 9 to exit server control and return to the system prompt.

Using Sun Management Center With a Firewall

A firewall is a software or hardware device that controls access between networks. The firewall is located where one network connects to another network, for example, at the point where a corporate intranet connects to the global Internet. Due to increased security awareness, many organizations have implemented security policies within their networks using firewall technology. Because the Sun Management Center software uses a distributed architecture model, you must use the es-config command to restrict the ports that Sun Management Center uses for firewalls.

The following procedures provide examples of how to use the es-config command to restrict the Sun Management Center firewall port assignments to the port range 6000 to 6150.

ProcedureTo Restrict the Firewall Port Range

  1. Log in as root on the Sun Management Center server-layer machine.

  2. Locate a range of unused ports.

    See To Determine Whether a Port Is Used.

  3. Type /opt/SUNWsymon/sbin/es-config -P 6000:6150.

    Note –

    The difference between the starting port number and the ending port number must be at least 100.

    es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed. You are then informed that /var/opt/SUNWsymon/cfg/domain-config.x has been updated for the new configuration.

    The Sun Management Center components are started.

Enabling Network Address Translation Support

If your network uses Network Address Translation (NAT), you must enable NAT support after you have installed and set up Sun Management Center 4.0. You cannot start Sun Management Center until you have enabled NAT support for each server, agent, and console machine in your network as described in the following procedure. See Appendix D, Network Address Translation for more information about NAT.

The following procedure assumes you installed Sun Management Center in the default directory /opt. If you did not install Sun Management Center in /opt, replace /opt with the name of the directory you specified.

ProcedureTo Enable NAT Support

  1. Log in as root on the machine for which you want to enable Network Address Translation support.

  2. Type /opt/SUNWsymon/sbin/es-config -n.

    es-config stops all Sun Management Center processes. The port numbers currently assigned to the Sun Management Center components are then displayed.

    You are asked to provide the host name for the machine. The machine name is displayed.

  3. Provide the machine host name.

    • If you are configuring the Sun Management Center server machine for NAT, press Return.

    • If you are configuring a Sun Management Center agent or console machine, type the name of the Sun Management Center server, and then press Return.

    Note –

    Depending on the Sun Management Center 4.0 components installed on the machine, one or more informational messages could be displayed.

    You are informed that Network Address Translation support is enabled for the machine. You are then asked whether you want to start the Sun Management Center components.

  4. Determine whether to start Sun Management Center 4.0.

    Caution – Caution –

    Do not start Sun Management Center until you have enabled NAT support for each machine in your network that uses Network Address Translation. The Sun Management Center agent will not run unless NAT support has been enabled for each machine.

    Type y to start the Sun Management Center components, or type n if you do not want to start the components.