Login
    Contenu x
    System Monitoring, notifications, and OS traps
    • 27 Jan 2025
    • 4 Minutes à lire
    • Impression
    • Sombre
      Lumière
    • PDF
    Contenu

    System Monitoring, notifications, and OS traps

    • Mis à jour le 27 Jan 2025
    • 4 Minutes à lire
    • Impression
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    OneSpan Authentication Server Appliance supports application-level system monitoring with SNMP. This allows you to monitor OneSpan Authentication Server Appliance processing to provide notifications when specific events occur.

    System monitoring is performed based on OneSpan Authentication Server and OneSpan Authentication Server Appliance audit messages and their content, and creates an alert when specified messages appear. These alerts or targets are sent via text messages, emails, or SNMP traps.

    Use the OneSpan Authentication Server Appliance configuration interfaces to enable and configure system monitoring:

    • To enable system monitoring, switch to the  Authentication Server > System Monitoring Alerts tab in the OneSpan Authentication Server Appliance Configuration Tool and select Enabled.

    Event filters help you to monitor critical events as they occur, rather than search through an extensive list of audit logs to locate potentially critical system events.

    Event filters

    System monitoring requires filters to specify which OneSpan Authentication Server Appliance events and audit messages should be monitored.

    Filter details must include the following:

    • Name
    • Target, specifying which notification method is to be used
    • Audit message type to monitor
    • Specific field
    • Condition
    • Value for the specified field

    A filter defines a match criteria that must be met to trigger a notification. To define a filter, specify which level of audit message to monitor and assign a target. Messages may be further filtered by specifying a field of the audit message and a value. System monitoring will notify you when that field of an audit message contains the specified value.

    It is possible to assign multiple filters to a target. In that case, the target notification will only be triggered if the match criteria of all assigned filters are met.

    Notification targets

    System monitoring requires one or more targets to be defined to specify the output format.

    The available target formats are:

    • SMS
    • Emails
    • SNMP traps

    Table: Target requirements lists the different required information for each target.

    Table:  Target requirements
    TargetRequired information
    SNMP (Inform, TRAP)
    • Target name
    • SNMP type – Inform, TRAP
    • Host IP address
    • Security name for SNMPv3
    • Authentication protocol type
    • Authentication secret
    • Privacy type
    • Privacy secret
    • Engine ID – TRAP
    SNMP (TRAPv2c)
    • Host IP address
    • Community name
    • Engine ID
    SMS
    • Target name
    • Mobile phone number
    Email
    • Target name
    • Source email address
    • Target email address
    • Subject line

    When you configure SNMP targets, make sure to set both the authentication type AND the privacy type for a complete trap configuration in the OneSpan Authentication Server Appliance Configuration Tool. You cannot set a privacy type without setting an authentication type.

    Only the following combinations for SNMP communication are valid:

    • Without authentication type and privacy type (both set to None).
    • With authentication type, but without privacy type.
    • With authentication type and privacy type.

    Best practices: System monitoring with SNMP/SMS/email targets

    If you are using OneSpan Authentication Server Appliance system monitoring, we recommend to define targets for the following OneSpan Authentication Server Appliance events:

    • OneSpan Authentication Server errors. For these type of events, you should define an audit filter that extracts all error audit messages.
    • Locked authenticator users. For these type of events, you should define a filter that extracts all audit messages with the audit code 'W-011003'.
    • Failed administrative logons. For these type of events, you should define a filter that extracts all audit messages with the audit code 'F-004001'.
    • Replication failures. For these type of events, you should define a filter that extracts all audit messages with the audit codes 'F-003001' or 'F-003002'.

    Generally, when SNMP notifications are defined, a VASCO-AXSGUARD-IDENTIFIER-MIB::vdsIaAuditNotification trap is sent. The MIB file contains the information about the notification and the variables. For more information, refer to the VASCO-AXSGUARD-IDENTIFIER-MIB file. You can download this file in OneSpan Authentication Server Appliance via Settings > SNMP.

    Emergency events to be monitored and data sources

    OneSpan Authentication Server Appliance can monitor different types of events. We recommend to monitor the following events:

    • System OS events (produce OS traps)
    • OneSpan Authentication Server Appliance Configuration Tool events (produce notifications)
    • OneSpan Authentication Server events (produce system monitoring alerts)

    For more information about system monitoring via SNMP, refer to the OneSpan Authentication Server Appliance Administrator Guide.

    System OS events

    Emergency alerts are sent for critical system OS events such as:

    • Disk space status. For instance, a full disk would prevent that additional audit logs are being written.
    • Memory status. A warning is produced if the system memory is filling.
    • SNMP status.
    • Certain processes that are started or stopped.

    The following emergency alerts sent by OneSpan Authentication Server Appliance need to be attended in any case to ensure system functionality:

    • The OneSpan Authentication Server Appliance hard disk drive is more than 90 percent full.
    • A critical service is not running, e.g. the OneSpan Authentication Server daemon, syslog, or database daemon.
    • The swap memory is full.

    System OS events – Data source

    For critical system OS events, OneSpan Authentication Server Appliance monitors audit messages that are generated when such critical system OS events occur. Emergency alerts of this type can only be sent via SNMP traps and cannot be customized. They can only be enabled or disabled for each SNMP version. Different types of SNMP alerts are available for the different SNMP versions. If enabled, all emergency alerts are sent to the SNMP server.

    OneSpan Authentication Server Appliance Configuration Tool events – Data source

    OneSpan Authentication Server Appliance monitors audit messages generated by the System Configtool source for all Configuration Tool events.

    OneSpan Authentication Server events – Data source

    OneSpan Authentication Server Appliance monitors OneSpan Authentication Server components via the audit messages generated by the Identikey Server source and sends notifications via SMS, email, or SNMP traps. You can configure which audit messages are monitored via the source field of an audit message.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle