Configuring SNMP
The watcher service monitors all watchable services on the local host. Optionally, you can configure the watcher to send traps to an SNMP manager when the watchable services generate alarms.
In a multi-host environment, you configure the watcher service on each host to communicate with your SNMP manager. (Nuance recommends that all watchers connect to one SNMP manager.) For example:
Follow these steps:
- Recommended. Configure security on incoming requests from SNMP trap managers. This step is not required but is strongly recommended. The procedure depends on your version of SNMP:
- For SNMPv1 and v2c, see Configuring SNMP community strings
- For SNMPv3, see Configuring SNMP user authentication
- Configure how the watcher service sends traps. See one of these:
- Start your SNMP trap manager and configure it to receive traps from the watcher. See Configuring traps with your SNMP manager.
- Optional. Configure additional watcher parameters for initialization during startup. The instructions are different for each operating system:
Configuring SNMP community strings
This section applies to SNMPv1 and v2c. For SNMPv3, see Configuring SNMP user authentication.
There are two different and independent meanings of the term, community string: one controls read/write access to the MIB on incoming requests, and the other controls which SNMP managers receive outgoing traps (with possible limitations to one or more particular severity levels).
The Nuance MIB (Management Information Base) file describes all available data objects (variables). To access these variables, SNMP managers use object identifiers (OIDs):
Request |
Action |
---|---|
Snmpget |
Retrieves the values of specified OIDs. |
Snmpset |
Modifies the values for the specified OIDs. |
Snmpwalk |
Walks through the MIB tree. |
Optionally, you can restrict access to the MIB. By default, the watcher service allows unrestricted access by SNMP managers, and this poses a potentially security risk. You can control access via the MIB access state, which determines whether SNMP managers can only read it ("public") or also modify it ("private"). To control access, define "community string" properties on every host that is running the watcher service and apply them to specific SNMP hosts:
- On all hosts running the watcher service, open $NUANCE/config/SwmAgent.conf in any text editor. The environment variable, NUANCE, is set to:
- On Linux: /usr/local/Nuance/Common/config
- On Windows:C:\Program Files (x86)\Common Files\Nuance\Common\config
- Set the rocommunity (read only) and rwcommunity (read/write) parameters to public and private strings. The syntax is:
Parameter community_string [source]
Where source can be the hostname, IP address, or IP address with a bit map of SNMP managers making requests to the Nuance MIB. For example:
rocommunity ReadOnlyNuance bluebird.nuance.com
rwcommunity ReadWriteNuance 10.3.0.0/16
This example gives read only access to requests that specify the community string "ReadOnlyNuance" coming from host bluebird. It gives read/write access to requests that specify the string "ReadWriteNuance" coming from any IP address starting with 10.3. Specifying the source of the request is optional.
- Save the changes, and restart the watcher service. See Starting and stopping the watcher service manually.
Note: You must configure the same private and public community strings on your SNMP manager (see Configuring traps with your SNMP manager). Otherwise, the watcher service rejects all requests that don’t match its configured community strings.
Configuring SNMP user authentication
This section applies to SNMPv3. For SNMP v1 or v2c see Configuring SNMP community strings.
For SNMP v3, you must configure a user and (if specified on the SNMP trap manager) an engine ID. Optionally, you can specify the level of authentication desired.
- On all hosts running the watcher service, open $NUANCE/config/SwmAgent.conf in any text editor.
- Add this line:
createUser -e engineIDusername [hashing_algorithm] [authentication_pswd] [encryption_algorithm] [encryption_pswd]
Where:
- engineID is the value of the SNMP engine ID. Required if the SNMP trap manager uses one.
- username is the username. Required.
- hashing_algorithm specifies a level of authentication. Value is MD5 or SHA.
- authentication_pswd is the authentication password. Required if a hashing algorithm (MD5 or SHA) is specified.
- encryption_algorithm specifies encryption. Value is AES or DES. Encryption is optional but if specified then authentication must be specified.
- encryption_password is the encryption password. If unspecified, the authentication password is used.
Note: You must configure the same values on your SNMP manager (see Configuring traps with your SNMP manager). Otherwise, the watcher service rejects all requests with unmatched values.
Configuring traps with Management Station
To configure the watcher service to send SNMP traps, you specify the host and port where the traps are sent. The values must match the values in the SNMP trap manager configuration. For v2c and v3 SNMP trap managers, you can also set the level or severity of sent traps. For example, your SNMP trap manager could receive critical and major traps, but not minor traps.
Use Management Station to configure the watcher service to send traps to an SNMP trap manager:
- Click the Monitoring & Control tab→System View→Network Design.
- Select a scope from the network tree: Nuance Network, a particular cluster, or host:
- Nuance Network (recommended)—Values apply globally to all clusters and hosts in the network. The best practice is to configure the entire network to point to a single SNMP manager.
- Cluster—Values apply to all hosts and clusters in the selected cluster.
- Host—Values apply to services running on the selected host.
- Click the Properties link for that scope. The SNMP Configuration page appears.
- To specify the SNMP manager:
- Enter the hostname (or IP address) and port number where your SNMP manager is configured.
Optionally (v1 and v2c only), you can specify a community string as part of the hostname, for example, community_string_for_v1_v2c@host. When the watcher service sends traps, they are labeled with the community string and can be read only by SNMP managers who are members of a logical group identified by that string. If not set, the default is "public."
Optional for v2c and v3 SNMP trap managers, set the trap level of sent traps. For example, selecting Critical configures the watcher service to send only critical traps to this host. The default is All. You can set more than one of these parameters for a given SNMP server, for example, to have it receive critical and major, but not minor traps.
For example, if you configured your SNMP manager to run on host bluebird and to receive all traps on port 2092, your screen would look like this:
- Enter the hostname (or IP address) and port number where your SNMP manager is configured.
- Click OK.
Management Station stops and starts the SNMP watcher module on the relevant hosts to apply the configuration. (This module is the internal component that provides the communication interface between the SNMP manager and watcher service.) Depending on the number of hosts to configure, this process might take some time.
The window disappears when the process is complete. You have now enabled the watcher service to send traps to the SNMP trap manager. This means that whenever an alarm is generated on a configured host, the alarm is sent to Management Stationand the SNMP manager.
Configuring traps without Management Station
To configure the watcher service to send SNMP traps, you specify the host and port where the traps are sent. The values must match the values in the SNMP trap manager configuration. For v2c and v3 SNMP trap managers, you can also set the level or severity of sent traps. For example, your SNMP trap manager could receive critical and major traps, but not minor traps.
Note: Before configuring the watcher service, you must restart any Speech Suite services that were started with watcher.SendAlarmsToWatcher=FALSE (and set the value to TRUE). When doing these restarts, you must pass the entire command-line with all parameters. See Starting services without Management Station.
Use these parameters to configure where the watcher sends traps. (There are parameters for different SNMP versions.)
Optionally, you can use combinations of parameters to send different trap levels to different handlers. (By default, watcher sends all traps.) For example, you could send critical and major traps to one SNMP server, and minor traps to another:
wm.snmp.V#CriticalTrapHandlers
wm.snmp.V#MajorTrapHandlers
wm.snmp.V#MinorTrapHandlers
Configuring traps with your SNMP manager
You must configure your SNMP manager to receive the traps sent by watcher.
There are many third-party SNMP managers available, and the configuration for receiving traps from the watcher service is different for each. Here are the basic steps:
- Load the Nuance MIB file, NUANCE-MIB.mi2, into the SNMP manager’s MIB database. This file is located in $NUANCE/data/mibs on hosts running speech software.
- Set the port for receiving traps. The SNMP manager port must match the wm.snmp.Port configuration.
- For SNMPv3, you must configure a user and (if specified on the trap manager) an engine ID. Optionally, you can specify authentication and encryption levels. These values must match the watcher service configuration (see Configuring SNMP user authentication
- Test that the SNMP manager can receive traps.
- Customize the traps by specifying a description, severity, format, and actions to take when the trap is triggered.