Configuring system monitoring for system OS events

Critical system events can be monitored by means of SNMP traps as targets for system OS events.

Such critical events and conditions of these events that trigger SNMP traps are the following:

• Disk space status. The system sends an SNMP trap when less than 10 percent of disk space is available. A full disk would prevent the system from writing audit logs. This disk full warning applies to the following disk partitions:

  • System logging: /var/log
  • Database storage: /var/pg
  • OneSpan Authentication Server file system storage, e.g. for trace, log, and report files: /var/identikey
• Memory status. The system sends an SNMP trap when the memory status is low or if the system is out of memory, i.e. when less than 128 MB of memory is available.
• SNMP status. The system sends SNMP traps when the SNMP service starts or stops.

• Processes. Traps are sent when certain processes are starting and stopping (see Table: Processes monitored via SNMP traps).

  Table:  Processes monitored via SNMP traps

  Process	Process name
  Message Delivery Component (MDC) daemon	mdcserver
  LDAP sync daemon	ikldapsync
  OneSpan Authentication Server daemon	ikeyserver
  System logging daemon	syslog-ng
  Timeserver	ntpd

  System monitoring does not capture service restarts initiated via the OneSpan Authentication Server Appliance Configuration Tool Status page.

The traps sent by OneSpan Authentication Server Appliance for system OS events consist of the following information:

• Agent details (address, host name)
• Date
• Enterprise OID
• Trap type and sub-type
• Community/Infosec context
• Uptime
• Description
• PDU attribute/value pair array. This part of the trap contains the information requested that is necessary to monitor the event.

For more information about traps, refer to the OneSpan Authentication Server Appliance Administrator Reference.

Targets for system OS events

The only available notification target type to monitor system OS events is an SNMP trap. These targets cannot be customized, but only enabled or disabled for the required SNMP trap version. If enabled, all notifications are sent to the SNMP handler. Only one such SNMP handler can be configured. The system event trap already contains all relevant event information data that will be sent directly in the notification.

Configuring system monitoring targets for system OS events

To configure the settings for system OS event traps, configure your SNMP trap server, and proceed as follows.

To configure system monitoring targets for system OS events

1. Launch the OneSpan Authentication Server Appliance Configuration Tool and enter your credentials (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
2. Select Settings > SNMP and navigate to the SNMP Traps section.
3. Select the required SNMP trap version (v2, v3, or v3 INFORM) to enable the relevant SNMP trap type for the notifications.
4. Specify the target host, i.e. the location to which the SNMP targets should be sent.

During configuration, processes can be restarted, and a process-down trap can be triggered.

To receive notifications as SNMP traps you need to configure an SNMP trap server (see Configuring SNMP trap handlers).

Best practices for SNMP targets for system OS events

The following emergency alerts sent by OneSpan Authentication Server Appliance need to be attended in any case to ensure system functionality:

• The hard disk drive is more than 90 percent full.
• A critical service is not running, e.g. OneSpan Authentication Server, syslog, database.
• The swap memory is full.