7 Managing SNMP Events

This chapter describes how to manage the Simple Network Management Protocol (SNMP) events that are raised by Oracle Communications Evolved Communications Application Server (OCECAS).

About SNMP Events and Traps

OCECAS raises SNMP events during runtime processing, converts them to SNMP traps and sends them to a trap management application. The Oracle solution for SNMP trap management is Oracle Enterprise Manager, a network management system (NMS). OCECAS and Oracle Enterprise Manager support SNMP v3 (RFC 3411).

Standard SNMP trap managers can process the SNMP traps that OCECAS generates. For more information, see "How Enterprise Manager Supports SNMP" in Enterprise Manager Cloud Control Administrator's Guide.

When OCECAS detects a runtime error that it considers event worthy, it generates an SNMP event and assigns it an object identifier (OID) that uniquely identifies the event. It then sends it as an SNMP trap to the NMS, which logs it. The NMS also determines whether to raise an alarm for the trap and assigns the alarm a severity level.

You can configure the NMS to also clear an alarm based on an event. For example, the NMS could raise an alarm for a linkDown event and clear it for a linkUp event.

About OIDs

The object identifier that OCECAS assigns to SNMP events consists of two parts, a fixed base value and a postfix. The default base value for OCECAS OIDs is:

Iso(1).org(3).internet(1).private(4).IANA Registered(1).oracle(111).productID(10)
Or
1.3.1.4.1.111.10

You can change the default fixed value if you want to use your own internal OID. For more information, see Table 7-1 and the procedure in "Specifying SNMP Event Options".

The Iso, org, internet, private, and IANA Registered values are standard prefix values for OIDs. All manufacturer-specific OIDs begin with these values.

The OID postfix is specific to a particular event and it begins with .6.

OCECAS uses special OID values for SNMP events that you generate in a control flow. See ”About Control Flows” in Oracle Communications Evolved Communications Application Server Concepts for more information.

See ”SNMP Events Reference” for a complete list of OCECAS events and their OID postfixes.

Configuring SNMP Events

You configure OCECAS SNMP events by specifying options through the Evolved Communications node in the Administration Console for the OCECAS runtime domains in your installation.

Caution:

Configure the SNMP events using the OCECAS Administration Console only.

Changes that you make to SNMP events using any other method are only temporary. They are overwritten by the values that are specified through the Administration Console.

Table 7-1 lists the general settings to configure SNMP events.

Table 7-1 General Settings for SNMP Events

Configuration Entry Description

Store SNMP events

Select this check box to store SNMP events received inside the platform.

Maximum SNMP events Stored

The maximum number of SNMP events to store. The default is 0.

Trap Generation Interval

Specify (in milliseconds) the frequency to generate SNMP traps after receiving SNMP events. The default frequency is 0 milliseconds, causing OCECAS to generate traps immediately after receiving an alarm.

Trap OID Prefix

Provide the trap object identifier prefix. Default value is 1.3.1.4.1.111.10.

Trap Destination Address

Enter the destination address to which an SNMP trap is sent. It can be a host name, an IPv4, or an IPv6 address.

Trap Destination Port

Specify the port of the destination to which an SNMP trap is sent. The default port 162.

Trap Timeout

Provide the timeout (in milliseconds) when sending traps. The default timeout value is 3000 milliseconds.

Trap Retries

Specify the number of times to attempt to send a trap when there is a failure in sending a trap. Default value 2.

Table 7-2 lists the advanced settings to configure SNMP events.

Table 7-2 Advanced Settings for SNMP Events

Configuration Entry Description

Security Level

Select the security level for the runtime OCECAS Domain. The possible settings are:

  • NOAUTH_NOPRIV

    This setting supports communication without authentication and privacy. The default setting.

  • AUTH_NOPRIV

    This setting supports communication with authentication but without privacy. The protocols used for Authentication are MD5 (message-digest algorithm) and SHA (Secure Hash Algorithm).

  • AUTH_PRIV

    This setting supports communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA; and for Privacy, the DES (Data Encryption Standard), and AES (Advanced Encryption Standard) protocols can be used. For privacy support, install third-party privacy packages.

If you plan to use a setting other than NOAUTH_NOPRIV for the security level parameter, see "Providing Custom Security Settings".

Security Username

Enter the authorised user name on the SNMP manager/receiver.

Authorization Resource ID

This entry is required to retrieve the remote user authorization password.

Privacy Resource ID

This entry is required to retrieve the remote user privacy password.

Authentication Protocol

Select the authentication protocol from the list. The selections are:

  • AuthMD5

    MD5 Authentication protocol

  • AuthSHA

    Secure Hash Authentication protocol

Privacy Protocol

Select the privacy protocol from the list. The selections are:

  • PrivAES128

    Extended encryption for Advanced Encryption Standard (AES) 128

  • PrivAES192

    Extended encryption for Advanced Encryption Standard (AES) 192

  • PrivAES256

    Extended encryption for Advanced Encryption Standard (AES) 256

Security Model

The version of the User-based Security Model (USM) for Simple Network Management Protocol (SNMP). The current version is 3.

Specifying SNMP Event Options

Configure OCECAS SNMP events by specifying their associated options using the Administration Console:

  1. Access the Administration Console for the domain.

  2. Select Evolved Communications in the Domain Structure pane.

  3. Select the SNMP Events configuration tab.

  4. Configure the entries displayed in the top section of the page. For a description of the fields, see Table 7-1.

  5. Configure the entries displayed in the Advanced section of the page. For a description of the fields, see Table 7-2.

  6. Click Save.

  7. Restart the server.

Providing Custom Security Settings

If the SNMP trap manager or SNMP trap receiver in your installation does not use NOAUTH_NOPRIV, configure the required parameters for secure access. Each of the runtime domains (testing, staging, and production domains) must be configured and secured.

About Password Security

If the security level is not NOAUTH_NOPRIV, ensure that the trap client or trap generator you employ provides the required security. Wrap the password in the user-based security model (USM) for SNMP, version 3. For information about user-based security model (USM) for SNMP, version 3, see RFC3411 at http://tools.ietf.org/html/rfc3411.

Configuring the Required Parameters for Secure Custom Access

Complete the following steps for each runtime domain:

  1. Create a new credential mapping for the domain. See "Creating New Credential Mappings".

  2. Configure the SNMP events with the retrieved the resource IDs. See "Configuring the SNMP Events with the Resource IDs".

Creating New Credential Mappings

Create a new credential security mapping by doing the following:

Creating a New Credential Mapping Entry 

  1. Access the Administration Console for the runtime domain.

  2. In the Domain Structure panel, select Security Realms. The Access Summary of Security realms page appears.

  3. In the Realms table, click on the myrealm entry. The Settings for myrealm page is displayed.

  4. Click on the Credential Mapping tab. The Default Credential Mappings table lists the user password credential mappings configured for this realm using Remote Resources.

  5. Click New.

    The Creating the Remote Resource for the Security Credential Mapping page appears.

Creating the Remote Resource for the Security Credential Mapping 

  1. If you are not using the cross-domain protocol to create a credential mapping for a remote domain user, complete this set of steps:

    1. Make sure that the Use cross-domain protocol attribute is disabled.

      Enter information about the remote resource to be accessed using this credential mapping. This information is used to identify the remote resource.

    2. In the Protocol field, enter the protocol to use to reach the remote resource.

    3. If the remote resource is identified by a host name and port:

      In the Remote Host field, enter the host name of the remote resource.

      In the Remote Port field, enter the port number of the remote resource.

    4. If the remote resource is identified by a path:

      In the Path field, enter the path to the remote resource.

    5. In the Method field, enter the method on the remote resource with which this credential is used.

    6. Click Next.

      The Create a New Security Credential Map Entry page appears.

    7. In the Local User field, enter the name of the local user that you are mapping from.

      This is the WebLogic user name that will be the initiator when you want to access the remote resource using this credential mapping.

    8. In the Remote User, enter the name of the remote user that you are mapping to.

      This is the user name that is authorized to access the resource using this credential mapping.

    9. In the Remote Password field, remote password required by the remote resource for the remote user you specified above.

    10. In the Confirm Password field, re-enter the password.

    11. Click Finish.

  2. Complete this step for cross-domain security:

    Create a user name and password-based credential mapping for cross-domain security:

    1. Select the Use cross-domain protocol.

    2. In the Remote Domain field, enter the name of the remote domain that needs to interact with the local domain.

    3. Click Next.

      The Create a New Security Credential Map Entry page appears.

    4. In the Local User field, enter the string cross-domain.

    5. In the Remote User, enter the user name configured in the remote domain that is authorized to interact with the local domain.

    6. In the Remote Password field, enter the password for the remote user.

    7. In the Confirm Password field, re-enter the password.

    8. Click Finish.

Configuring the SNMP Events with the Resource IDs

After you create the credential mappings, you will see the resource identifiers in the resource mapping records on the Credential Mappings tab. Note down the resource IDs from the resource mapping records on the Credential Mappings tab.

Next, configure the SNMP events by doing the following:

  1. Access the Administration Console for the domain.

  2. Select Evolved Communications in the Domain Structure pane.

  3. Select the SNMP Events configuration tab.

  4. Verify that the entries displayed in the top section of the page are configured. For a description of the fields, see Table 7-1.

  5. Configure the entries displayed in the Advanced section of the page. For a description of the fields, see Table 7-2.

    Note:

    Input the resource IDs retrieved from the Credential Mapping. For example: 
    type=<remote>, protocol=SNMP, remoteHost=localhost, remotePort=162, method=auth