Configuring Group-Level SNMP Traps

The group-level trap configurations are used for alerts that affect Cloud Admins or Domain Admins. If no group-level configuration is specified for a particular group-level alert, Cryptographic Security Platform Vault defaults to the System-level SNMP configuration settings.

  1. Log into the Cryptographic Security Platform Vault webGUI on any node in the cluster using an account with the security privilege that matches the type of group configuration you want to create. For example, if you want to create a Cloud Admin group-level SNMP configuration, you need to log in with Cloud Admin privileges.
  2. In the top menu bar, click Settings.
  3. In the Group Settings section, click Group SNMP Settings.
  4. On the SNMP Settings page, select the Cloud Admin Group to which you want the configuration to apply in the Group field.

  5. Specify the SNMP configuration options you want to use.

    Field

    SNMP Version

    Description
    Enabled

    All

    		 Select True if you want Cryptographic Security Platform Vault to use this SNMP configuration.
    Server

    All

    		 The hostname or IP address of the SNMP server.

    Port

    All

    The SNMP port number. The default SNMP port is 162.

    Version

    All

    The SNMP version. Cryptographic Security Platform Vault supports version 2c and version 3.

    Note: The rest of the fields displayed in page depend upon the selected version.

    Community

    2c

    		 Specify the community string for your SNMP server.
    User

    3

    The user ID that should be associated with the trap.

    Notification Type

    3

    This can be:

    • Inform—Cryptographic Security Platform Vault sends the SNMP trap and expects an acknowledgment that the trap was received in return.
    • Trap—Cryptographic Security Platform Vault sends the SNMP trap but does not expect an acknowledgment.

    Engine ID Type

    3

    Choose the engine ID type from the following options:

    • Custom Engine ID—Choose this option if an SNMP engine ID is already configured in the SNMP Manager. This allows users to configure the same engine ID in the engine ID field. Cryptographic Security Platform Vault will send the traps with the supplied engine.

    • System Generated Engine ID—Choose this option if the SNMP Manager expects to receive the engine ID from the Cryptographic Security Platform Vault. The Engine ID field will be automatically filled with a system generated engine ID that cannot be edited. Updating the system generated engine ID may take a few minutes.

    Note: This field is only visible if the Notification Type is Trap.

    Engine ID

    3

    If the Notification Type is Trap, enter the SNMP engine ID assigned to the SNMP manager. You can enter between 10 and 64 hexadecimal characters.

    Security Level

    3

    This can be:

    • No Authentication, No PrivacyCryptographic Security Platform Vault sends the messages in plain text and no authentication is done by the SNMP server.
    • With Authentication, No PrivacyCryptographic Security Platform Vault sends the message in plain text but the SNMP server authenticates the message before logging it.

    • With Authentication, With PrivacyCryptographic Security Platform Vault encrypts the message before sending it and the SNMP server authenticates the message before logging it.

      For encryption, Cryptographic Security Platform Vault supports AES (Advanced Encryption Standard) or DES (Data Encryption Standard).

    Authentication Protocol

    3

    The type of authentication to use with the SNMP server if one of the authentication options is selected in the Security Level field. Cryptographic Security Platform Vault supports MD5 and SHA (Secure Hash Algorithm).

    Authentication Key

    3

    		 The authentication key that Cryptographic Security Platform Vault should send to the SNMP manager if one of the authentication options is selected in the Security Level field. If you want to view the key in plain text, click the eye icon.

    Privacy Protocol

    3

    The privacy protocol to use if With Authentication, With Privacy is selected in the Security Level field. This can be AES or DES.

    Privacy Key

    3

    		 The privacy key to use if With Authentication, With Privacy is selected in the Security Level field. If you want to view the key in plain text, click the eye icon.
  6. When you are finished, click Apply.

  7. If you want to test the configuration, click Test SNMP Settings.

    Note: The SNMP trap must be enabled and you must apply the settings before you can test the configuration.

  8. If you want to download the MIB file, click Download MIB File.