Hello. I'm one of the core developers for net-snmp (www.net-snmp.org) (which was adopted by Sun for Solaris 10).
I ran the idea past some of our gurus and got this response: "I think it'd be better to attach the demon as an agentx sub agent rather than simply figure out how to parse our config files. It'd be less code and more reuse, though a bit more complex in implementation internally. The other option is to make the auditd actually be it's own snmp agent though it wouldn't need to actually turn it on, it would do so only to send traps using the easier trap sending code the libnetsnmpagent library provides." I'd certainly be willing to help with this. >1. Creation of a new Solaris library called libsnmptrap whose purpose will be to read a file named snmpd.conf for community and trap destination information. The format of this file will be the same as the Net-snmp's snmpd.conf(so that people don't have to worry about a conflict or duplication of the same information). The purpose of this library will be to construct simple v1 SNMP Traps that contain Solaris audit information. >2. Creation of a Solaris Audit SNMP MIB with information on Traps that can be generated. >3. The creation of a new auditd plugin named snmptrap(/on/usr/src/lib/auditd_plugins/snmptrap) which would be loadable through /etc/security/audit_control via the same method as audit_syslog.so. This plugin would send traps to the traphost defined in the snmpd.conf in /etc/. Special traps will be created for start/end operations(login start, login out) which will provide the ability to have applications like HP OpenView and NetCool to autoclear the SNMP Trap events. This communication is intended for the use of the recipient to which it is addressed, and may contain confidential, personal and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed. _______________________________________________ opensolaris-discuss mailing list [email protected]
