HPE Community
ProLiant Servers (ML,DL,SL)
1821247 Members
3076 Online
109632 Solutions
New Discussion

ilo snmp traps

 
SOLVED
Go to solution
BradV
Esteemed Contributor

‎11-28-2022 09:32 AM - last edited on ‎12-08-2022 08:23 PM by

‎11-28-2022 09:32 AM - last edited on ‎12-08-2022 08:23 PM by

ilo snmp traps

We have snmp v1 disabled in iLO.  Yet when I check in the log of the trap receiver, I see:

Community_infosec_Context = TRAP, SNMP v1, community something

I'm trying to get snmp v3 traps to work, but it does not seem to want to.  Does anyone know of good documentation on setting up iLO for sending SNMP v3 traps?

0 Kudos
Reply
14 REPLIES 14
support_s
System Recommended

‎11-28-2022 10:33 AM

‎11-28-2022 10:33 AM

Query: ilo snmp traps

System recommended content:

1. Advisory: HPE Agentless Management Service (AMSD) - SNMP Traps Are Not Sent From the Host to HPE Integrated Lights-Out 5 (iLO 5) Following an iLO Reset

2. Advisory: HP Integrated Lights-Out 3 - iLO 3 May Send SNMP Traps to Random IP Addresses

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
BradV
Esteemed Contributor

‎11-29-2022 02:16 AM

‎11-29-2022 02:16 AM

Re: Query: ilo snmp traps

Neither of those are relevant.

0 Kudos
Reply
prajwal_ds
HPE Pro

‎11-29-2022 05:59 AM

‎11-29-2022 05:59 AM

Re: ilo snmp traps

Hi @BradV 

Please refer to the below video link to find the information regarding enabling SNMP v3..
https://support.hpe.com/hpesc/public/videoDisplay?videoId=vtc00000697en_us 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎11-29-2022 06:39 AM

‎11-29-2022 06:39 AM

Re: ilo snmp traps

No, sorry.  That also is useless.  I have hundreds of DL servers.  I do not want to point and click on each and every one to set up SNMP v3 trap destinations.  I want to do it programmatically via the iLO Redfish API.  I have the code to create the SNMP v3 user: Create SNMP v3 User with Redfish API .  I just need to figure out how to add the trap destination.

0 Kudos
Reply
ManBha
HPE Pro

‎11-30-2022 08:48 PM

‎11-30-2022 08:48 PM

Re: ilo snmp traps

Hello,

 

Please refer the below guide.

https://hewlettpackard.github.io/ilo-rest-api-docs/ilo5/#bios-redfish-changes-gen-10-to-gen-10-plus

 

Thanks.

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎12-02-2022 02:05 AM

‎12-02-2022 02:05 AM

Re: ilo snmp traps

All of our servers are Gen10.  No gen10plus.  I have been extensively reviewing the Redfish API Reference , but there is no concrete examples, or paths to accomplish this.  I think the steps are:

  1. Create a SNMPv3 user
  2. Create a trap destination
  3. Create an association between a SNMPv3 user and a destination

but there is nothing stating the is the case, nor is there any examples of how to accomplish each.  I have step one working.  Need to verify my path is correct and how to accomplish steps 2 and 3.

0 Kudos
Reply
ManBha
HPE Pro

‎12-05-2022 08:17 AM

‎12-05-2022 08:17 AM

Re: ilo snmp traps

Hello,

 

Please do log a case using https://support.hpe.com/connect/s/?language=en_US.

 

Thanks.

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎12-06-2022 12:49 AM

‎12-06-2022 12:49 AM

Re: ilo snmp traps

I did, but someone at HPE dispatched it to the local hardware techs.  They called me unsure what to do.  They said they would return it to the dispatcher.  I'm still waiting on it to get assigned.

0 Kudos
Reply
BradV
Esteemed Contributor

‎12-08-2022 01:33 AM

‎12-08-2022 01:33 AM

Re: ilo snmp traps

FYI, it finally has been assigned.  Working on it.  I'll report back what I find.

0 Kudos
Reply
ManBha
HPE Pro

‎12-08-2022 08:22 PM

‎12-08-2022 08:22 PM

Re: ilo snmp traps

Great, thanks for the update Brad.

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎12-15-2022 03:02 AM

‎12-15-2022 03:02 AM

Re: ilo snmp traps

Just FYI, I'm close.  I'm getting back

"MessageId": "Base.1.4.PropertyValueNotInList"

So, just need to figure out the correct DATA JSON to send.

0 Kudos
Reply
BradV
Esteemed Contributor

‎12-19-2022 02:00 AM

‎12-19-2022 02:00 AM

Solution

Re: ilo snmp traps

Finally got it worked out.

1. Get OneView session ID
2. Retrieve list of current SNMP v3 users.  Make sure there is room to add one more.
SERVER=my-fqdn.org
ACTV=$(python -c "import urllib, sys; print urllib.quote(sys.argv[1])"'serverName' = '${SERVER}'\"")
UUID=$(curl --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --silent \
   --request GET ${OneView}/rest/server-hardware?filter=${ACTV} | jq -r '.members[] | .uuid'})
read iLOSSO iLOAuth <<< $(curl --silent --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" \
   --request GET ${OneView}/rest/server-hardware/${UUID}/remoteConsoleUrl | \
   jq -r '.remoteConsoleUrl ' | sed -e 's|hplocons|https|' -e 's|addr=||' \
   -e 's|^\(.*\)&sessionkey=\(.*\)$|\1 \2|')
curl --silent --insecure --header "X-Auth-Token: ${iLOAuth}" \
   --request GET ${iLOSSO}/redfish/v1/Managers/1/snmpservice | \
   jq --arg SERVER ${SERVER} '. | .Status as $Status | .Users[] | select(.SecurityName!="") | {"Server": $SERVER, "Status": $Status, "Users": . }' > ./${SERVER}-SNMPv3-Users
if [[ $(grep -c SecurityName ${SERVER}-SNMPv3-Users) -lt 8 ]]; then
   # There is room.  Check to see if this user is already present:
   SECNAME='newuser'
   if [[ $(grep -c '"SecurityName": "'${SECNAME}'"' ${SERVER}-SNMPv3-Users) -eq 0 ]]; then
      echo "Can add another SNMPv3 user to this iLO interface"
      AuthTp='SHA'
      PrivTp='AES'
      AuthP='somepassword'
      PrivP='someotherpassword'
      DATA='{"SecurityName": "'${SECNAME}'","AuthProtocol": "'${AuthTp}'","AuthPassphrase": ";${AuthP}'","PrivacyProtocol": "'${PrivTp}'","PrivacyPassphrase": "'${PrivP}'"}'
      echo ${DATA} | jq -r '.'
      curl --silent --insecure  --header "X-Auth-Token: ${iLOAuth}" --data "${DATA}" --header "content-type: application/json" \
         --request POST ${iLOSSO}/redfish/v1/Managers/1/SnmpService/SNMPUsers/ | jq -r '.'
   else
      echo "${SECNAME} has already been added to this iLO interface"
   fi
else
   echo "No more SNMPv3 users may be added to this iLO interface"
fi
3. Retrieve list of current trap destinations.  Make sure there is room to add one more.
curl --silent --insecure  --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/Managers/1/SnmpService | \
   jq -r '{"AlertDestinationAssociations":.AlertDestinationAssociations,"AlertsDestinations":.AlertsDestinations,"AlertsEnabled":.AlertsEnabled}' > ./${SERVER}-destinations
if [[ $(grep -vE '\[|\]|null|{|}|SNMPAlertProtocol|SecurityName' ${SERVER}-destinations | wc -l) -lt 8 ]]; then
   # See if the trap destination already exits:
   i=0
   DESTIP='1.2.3.4'
   ArrayEnd=$(jq -r '.AlertDestinationAssociations | length' ${SERVER}-destinations)
   while [[ ${i} < ${ArrayEnd} ]]; do
      if [[ $(echo "$(jq -c ".AlertDestinationAssociations[${i}]" ${SERVER}-destinations)" | grep -c '"SecurityName": "'${SECNAME}'"') -gt 0 ]]; then
         if [[ $(echo "$(jq -c ".AlertDestinations[${i}]" ${SERVER}-destinations)" | grep -c ${DESTIP}) -gt 0 ]]; then
            echo "This user/destination combination already exists on this iLO interface"
            break 3
         fi
      fi
      ((i++))
   done
   # If we reach here, we did not find a match.
   echo "Can add another trap destination to this iLO interface"
   DATA='{"SNMPAlertProtocol":"SNMPv3Trap","SecurityName":"'${SECNAME}'","AlertDestination":"'${DESTIP}'"}'
   curl --silent --insecure --header "X-API-Token: ${iLOAuth}" --header "content-type: application/json" \
      --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/Managers/v1/SnmpService/SNMPAlertDestinations | jq -r '.'
else
   ecoh "No more alert destinations may be added to this iLO interface"
fi

Hopefully this will be of use to someone else? 

Reply
Sunitha_Mod
Moderator

‎12-19-2022 02:22 AM

‎12-19-2022 02:22 AM

Re: ilo snmp traps

Hello @BradV

Great! 

We are glad to know you were able to find the solution and we appreciate you for keeping us updated. 



Thanks,
Sunitha G
I'm an HPE employee.
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
BradV
Esteemed Contributor

‎12-19-2022 02:47 AM

‎12-19-2022 02:47 AM

Re: ilo snmp traps

Oops!  I had an extra space in the line to check and see if the user/combination already existed:

if [[ $(echo "$(jq -c ".AlertDestinationAssociations[${i}]" ${SERVER}-destinations)" | grep -c '"SecurityName": "'${SECNAME}'"') -gt 0 ]]; then

it should be

if [[ $(echo "$(jq -c ".AlertDestinationAssociations[${i}]" ${SERVER}-destinations)" | grep -c '"SecurityName":"'${SECNAME}'"') -gt 0 ]]; then

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.