Symantec Privileged Access Management

View Only

About SNMP traps and clusters

MARUBUN SUPPORT posted Sep 30, 2025 01:34 AM

Hi Team,

[Product]

PAM 4.2.3

[Question]

I enabled SNMP traps in a PAM cluster and received the traps.
When I started the PAM cluster, an SNMP trap was output, but when I turned "cluster off," I was unable to receive the SNMP trap.
When I terminate the PAM cluster, will the SNMP trap not be output?

Starting SNMP trap

Source:
x.x.x.x
Timestamp:
1 hour 12 minutes 6 seconds
SNMP Version:
2
Trap OID:
.1.3.6.1.4.1.10449.0.107
Community:
xcdgkpub
Variable Bindings:

Name:
sysUpTime.0
Value:
[TimeTicks] 1 hour 12 minutes 6 seconds (432600)

Name:
snmpTrapOID
Value:
[OID] .1.3.6.1.4.1.10449.0.107

Name:
.1.3.6.1.4.1.10449.0.402
Value:
[OctetString] PAM-CMN-2954: Cluster starting...

Name:
.1.3.6.1.4.1.10449.0.405
Value:
[OctetString] The cluster has been stopped or started.

Name:
.1.3.6.1.4.1.10449.0.407
Value:
[OctetString] gkSysClusterStatus

Name:
.1.3.6.1.4.1.10449.0.408
Value:
[OctetString] GateKeeper

Name:
.1.3.6.1.4.1.10449.0.409
Value:
[OctetString] This notification is sent when the cluster status changes.

Name:
.1.3.6.1.4.1.10449.0.403
Value:
[OctetString] 07-E9-09-1E-05-09-04-00

Name:
.1.3.6.1.4.1.10449.0.404
Value:
[Integer] 127

Name:
.1.3.6.1.4.1.10449.0.406
Value:
[Integer] 2

Description:

Thanks,

Broadcom Employee Ralf Prigl posted Sep 30, 2025 11:04 AM

Hello, Yes, that is current behavior, no trap is sent when the cluster is stopped. If you need a trap when the cluster stops, please open a case with PAM Support.

MARUBUN SUPPORT posted Oct 01, 2025 10:01 PM

Thank you for your answer.

Is it correct to understand that if you completely migrate from a cluster to a standalone state, normal SNMP traps will be output?

(SNMP traps that cancel the cluster state will not be output.)

Broadcom Employee Ralf Prigl posted Oct 02, 2025 12:00 PM

Sorry, I don't understand the question. A standalone node will not generate any cluster-related traps.

MARUBUN SUPPORT posted Oct 06, 2025 02:58 AM

I understood that when a cluster is deactivated, no (cluster-related) SNMP traps are output.

In the SNMP function of this PAM, under [Settings]-[SNMP]-[Trap Server], there is no engine ID setting.
Is it OK not to set the engine ID and is there any way to check the engine ID for SNMP in PAM?

Broadcom Employee Ralf Prigl posted Oct 06, 2025 11:24 AM

The engine ID is not configurable in PAM. PAM actually sends Informs, not Traps, and the PAM engine ID does not matter in that case.

There is a fixed engine ID for SNMP polling. Once you enable SNMP polling, you can get the value for OID 1.3.6.1.6.3.10.2.1.1.0 using an snmpwalk command similar to the following:

snmpwalk -v 2c -c xcdgkpub <PAM address> 1.3.6.1.6.3.10.2.1.1.0
SNMP-FRAMEWORK-MIB::snmpEngineID.0 = Hex-STRING: 80 00 1F 88 80 38 8C ...

MARUBUN SUPPORT posted Oct 07, 2025 03:24 AM

Thank you for your answer.

> snmpwalk -v 2c -c xcdgkpub <PAM address> 1.3.6.1.6.3.10.2.1.1.0
> SNMP-FRAMEWORK-MIB::snmpEngineID.0 = Hex-STRING: 80 00 1F 88 80 38 8C ...

I'll check just to be sure.
This snmpEngineID is from v2c, is it the same as the v3 engineID?

Broadcom Employee Ralf Prigl posted Oct 07, 2025 11:39 AM

Yes, there's only one engine ID. For SNMP V3 the command would be something like

snmpwalk -v 3 -l authPriv -u <snmpv3user> -a SHA -A <authpassphrase> -x AES -X <privatepassphrase> <PAM address> 1.3.6.1.6.3.10.2.1.1.0

I mentioned before that the engine ID is fixed, but it does change when the SNMP poll server is restarted, e.g. from the Configuration > SNMP > Poll Server page, or when the PAM server reboots.