ALERTS, AUTO-RESPONSE AND LOGGING
7.2 Check Conditions
7.3.7 Perform Interface Action
Click on Perform Interface Action as the Add Trigger Action. Enter a unique Action Name and set the Action
Delay Time
Select the Interface (Modem or VPN service) and the Action (Start or Stop Interface) to be taken e.g. you may
wish to start an IPsec VPN service in response to an incoming SMS - or set up an OpenVPN tunnel whenever your Opengear device fails over to use the cellular connection.
Note: If any IPsec service or OpenVPN tunnel is to be controlled by the Network Interface Event Action, you will need to
have checked the Control by Auto-Response box when configuring that service - and, if selected, the default state for the VPN tunnel / service will be Down
7.4
Resolve Actions
Actions can also be scheduled to be taken a trigger condition has been resolved:
For a nominated Auto-Response - with a defined trigger Check Condition - click on Add Resolve Action (e.g.
Send Email or Run Custom Script) to select the action type to be taken
Note: Resolve Actions are configured exactly the same as Trigger Actions except the designated Resolve Actions are all executed on resolution of the trigger condition and there are no Action Delay Times set
7.5
Configure SMTP, SMS, SNMP and/or Nagios service for alert notifications
The Auto-Response facility enables remote alerts to be sent as Trigger and Resolve Actions. Before such alert notifications can be sent, you must configure the nominated alert service.
7.5.1 Send Email alerts
The console server uses SMTP (Simple Mail Transfer Protocol) for sending the email alert notifications. To use SMTP, the
Administrator must configure a valid SMTP server for sending the email:
User Manual
179
Data Center and Remote Site Management - User Manual In the SMTP Server field enter the IP address of the outgoing mail Server
If this mail server uses a Secure Connection, specify its type. You may also specify the IP port to use for SMTP. The default SMTP Port is 25. You may enter a Sender email address which will appear as the “from” address in all email notifications sent from this console server. Many SMTP servers check the sender’s email address with the host domain name to verify the address as authentic. So it may be useful to assign an email address for the console server such as [email protected]
You may also enter a Username and Password if the SMTP server requires authentication Similarly can specify the specific Subject Line that will be sent with the email
Click Apply to activate SMTP
7.5.2 Send SMS alerts
With any model console server you can use email-to-SMS services to send SMS alert notifications to mobile devices. Almost all mobile phone carriers provide an SMS gateway service that forwards email to mobile phones on their networks. There’s also a wide selection of SMS gateway aggregators who provide email to SMS forwarding to phones on any carriers.
Alternately if your console server has an embedded or externally attached cellular modem you will be given the option to send the SMS directly over the carrier connection.
SMS via Email Gateway
In the SMTP Settings field in the Alerts & Logging: SMTP &SMS menu select SMS Gateway. An SMS via
Email Gateway field will appear
Enter the IP address of the outgoing mail Server SMS gateway
Select a Secure Connection (if applicable) and specify the SMTP port to be used (if other than the default port 25)
You may also enter a Sender email address which will appear as the “from” address in all email notifications sent from this console server. Some SMS gateway service providers only forward email to SMS when the email has been received from authorized senders. So you may need to assign a specific authorized email address for the
console server
You may also enter a Username and Password as some SMS gateway service providers use SMTP servers which require authentication
Similarly you can specify the specific Subject Line that will be sent with the email. Generally the email subject will contain a truncated version of the alert notification message (which is contained in full in the body of the email). However some SMS gateway service providers require blank subjects or require specific authentication headers to be included in the subject line
Click Apply Settings to activate SMS-SMTP connection.
SMS via Cellular Modem
To use an attached or internal cellular modem for SMS the Administrator must enable SMS:
User Manual
181
Data Center and Remote Site Management - User Manual Check Receive Messages to enable incoming SMS messages to be received. A custom script will be called on receipt of incoming SMS messages
You may need to enter the phone number of the carrier’s SMS Message Centre (only if advised by your carrier or Support)
Click Apply Settings to activate SMS-SMTP connection
Note The option to directly send SMS alerts via the cellular modem was included in the Management GUI in V3.4. Advanced console servers have had the gateway software (SMS Server Tools 3) embedded since V3.1 however you this could only be accessed from the command line to send SMS messages (refer online FAQ).
7.5.3 Send SNMP Trap alerts
The Administrator can configure the Simple Network Management Protocol (SNMP) agent that resides on the console
server to send SNMP trap alerts to an NMS management application:
Select Alerts & Logging: SNMP
Note In firmware versions 3.10.2 and above, new SNMP status and trap MIBS were created to provide more and better
structured SNMP status and traps from console servers. There is an option in the SNMP menu to Use
Legacy Notifications for the SNMP traps. Setting this option means the console server will send SNMP traps
that are compatible with those sent in older firmware before the new MIBS were added ensuring that the firmware upgrade won't upset existing SNMP management a user will already have in place.
When upgrading from old firmware which does not support the newer SNMP MIBs/traps (versions before 3.10.2) to firmware that does support the new MIBs/traps:
If the SNMP service was enabled and an SNMP manager was configured before upgrading the firmware, the console server will be configured to use the legacy traps after upgrading
If the SNMP service was not enabled or no SNMP manger was configured before the upgrade, then the console server will be configured to use the new SNMP traps after the upgrade (but note that this won't have any effect until the SNMP service is turned on and an SNMP manager is configured).
When starting up in the new firmware after a config erase, the console server will be configured to use the new SNMP traps.
When upgrading from a version of firmware that supports the new traps to a newer version that supports the new traps, the 'use legacy traps' setting should just be kept the same - no checking of snmp service/manager configuration is needed.
Select Primary SNMP Manager tab. The Primary and Secondary SNMP Manager tabs are used to configure where and how outgoing SNMP alerts and notifications are sent. If you require your console server to send alerts via SNMP then, at a minimum, a Primary SNMP Manager must be configured. Optionally, a second SNMP Network Manager with its own SNMP settings can be specified on the Secondary SNMP Manager tab
Note All console servers can also be configured to provide status information on demand using snmpd. This SNMP
Select the Manager Protocol. SNMP is generally a UDP-based protocol though infrequently it uses TCP instead. Enter the host address of the SNMP Network Manager into the Manager Address field.
Enter the TCP/IP port number into the Manager Trap Port field (default =162).
Select the Version to be used. The console server SNMP agent supports SNMP v1, v2 and v3
Enter the Community name for SNMP v1 or SNMP v2c. At a minimum, a community needs to be set for either SNMP v1 or v2c traps to work. An SNMP community is the group to which devices and management stations running SNMP belong. It helps define where information is sent. SNMP default communities are private for Write and public for Read.
Configure SNMP v3 if required. For SNMP v3 messages, the user’s details and security level must match what the receiving SNMP Network Manager is expecting. SNMP v3 mandates that the message will be rejected unless the SNMPv3 user sending the trap already exists in the user database on the SNMP Manager. The user database in a SNMP v3 application is actually referenced by a combination of the Username and the Engine ID for the given SNMP application you are talking to.
o Enter the Engine ID for the user sending messages as a hex number e.g. 0x8000000001020304.
o Specify the Security Level. The level of security has to be compatible with the settings of the remote SNMP Network Manager.
User Manual
183
Data Center and Remote Site Management - User ManualauthNoPriv Authentication only. An authentication protocol (SHA or MD5)
and password will be required.
authPriv Uses both authentication and encryption. This is the highest level
of security and requires an encryption protocol (DES or AES) and password in addition to the authentication protocol and
password.
o Complete the Username. This is the Security Name of the SNMPv3 user sending the message. This field is mandatory and must be completed when configuring the console server for SNMPv3.
o An Authentication Protocol (SHA or MD5) and Authentication Password must be given for a Security Level of either authNoPriv or authPriv. The password must contain at least 8 characters to be valid. o A Privacy Protocol (DES or AES) must be specified for the authPriv level of security to be used as the
encryption algorithm. AES is recommended for stronger security. A password of at least 8 characters must be provided for encryption to work.
Click Apply
Note Console servers with V3.0 firmware (and later) also embed the net-snmpd daemon which can accept SNMP
requests from remote SNMP management servers and provides information on alert / serial / device status (refer
Chapter 15.5 for more details). Console servers with firmware earlier than V3.3 could only configure a Primary
SNMP server from the Management Console. Refer Chapter 15.5 for details on configuring the snmptrap daemon to send traps/notifications to multiple remote SNMP servers.
7.5.4 Send Nagios Event alerts
To notify the central Nagios server of Alerts, NSCA must be enabled under System: Nagios and Nagios must be enabled for each applicable host or port under Serial & Network: Network Hosts or Serial & Network: Serial Ports (refer
Chapter 10).
Note: In a Lighthouse CMS centrally managed environment you can check the Nagios alert option. On the trigger
condition (for matched patterns, logins, power events and signal changes) an NSCA check "warning" result will be sent to the central Nagios server. This condition is displayed on the Nagios status screen and triggers a
notification, which can then cause the Nagios central server itself to send out an email or an SMS, page, etc.
7.6
Logging
The console server can maintain log records of auto-response events and log records of all access and communications events (with the console server and with the attached serial, network and power devices).
A log of all system activity is also maintained by default, as is a history of the status of any attached environmental monitors.