Monitoring
The Monitoring tab and subtabs allow you to configure monitoring for the Hardware Appliance.
Syslog
Use this tab to configure interactions with external monitoring systems. Here you can specify a syslog server to which the syslog of Hardware Appliance should be sent. The syslog of the Hardware Appliance contains the syslog of all internal systems as well as the EJBCA audit log. The syslog will be shipped by UDP in unencrypted, unsigned traffic.
You have the following options:
Syslog target IP addresses:
Enter the IP address of the syslog server.
Add:
Select Add to add the syslog server with the specified IP address.
Simple Network Management Protocol
Use this tab to activate and configure Simple Network Management Protocol (SNMP) access to the Hardware Appliance. SNMP allows an external monitoring system to query the state (health) of the Hardware Appliance.
Your options in this tab depend on your selection for SNMP version:
SNMP Version:
Disabled:
Disables the SNMP daemon.
SNMPv2:
Enables SNMP with Community string authentication. You will see the SNMPv2 options.
SNMPv3:
Enables SNMP with various authentication options, including password and encryption. You will see the SNMPv3 options.
Note that SNMP v3 does not support traps.
SNMPv2 options:
Credentials:
Community:
The Community string for SNMP v2 authentication is mandatory. It must match the following rules:
- length 4 and max. length 128 characters
- Valid characters:
- Lower case letters [a-z]
- Upper case letters [A-Z]
- Digits [0-9]
- Minus sign: -
- Underscore sign: _
SNMPv3 options:
SNMP v3 offers the following authentication options:
- Username only
- Username and Password
- Username, Password, and Encryption.
The minimum requirement for authentication is Username. Combining it with Password and Encryption increases security.
Authentication:
Username:
The Username for SNMP v3 authentication is mandatory. It must match the same rules as the Community string for SNMPv2.
Method:
Supported authentication methods are None, SHA-1 and MD5.
Password:
The Password is mandatory for the authentication methods SHA-1 and MD5. It must match the following rules:
- length 8 and max. length 64 characters
- Valid characters:
- ASCII characters only
- No double quotation marks: “
Encryption:
Method:
Supported encryption methods are None, AES, and DES.
Secret:
The Secret is mandatory for the encryption methods AES and DES. It must match the same rules as the Password.
Apply:
Select Apply to confirm your changes and enable/disable SNMP access.
Overview of SNMP Object Identifiers (OIDs)
All SNMP requests are combined in the public community. The Hardware Appliance will answer to the two standards MIBS SNMPv2-MIB
and HOST-RESOURCES-MIB
.
Additionally, the following parameters can be accessed with the following OIDs:
OID |
|
---|---|
.1.3.6.1.4.1.22408.1.1.2.1.2.118.109.1 Status of all VMs, 0 if all are running, 1 otherwise | 0 |
.1.3.6.1.4.1.22408.1.1.2.1.3.99.112.117.1 Temperature of the CPU | 27 |
.1.3.6.1.4.1.22408.1.1.2.1.4.118.100.98.49.1 Database usage in % | 2 |
.1.3.6.1.4.1.22408.1.1.2.1.4.118.100.98.50.1 1 if space for db exceeds 80% usage, 0 otherwise | 0 |
.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.49.1 rpm of cpu fan | 1025 |
.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.50.1 rpm of system fan 1 | 1126 |
.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.51.1 rpm of system fan 2 | 1028 |
.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.52.1 rpm of system fan 3 | 982 |
.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.53.1 0 if cpu fan ok, 1 otherwise | 0 |
.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.54.1 0 if system fans are ok, 1 otherwise |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.49.1 Load average of the system. Intervals are 1 min, 5 min, 15 min |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.50.1 Load average of the system. Intervals is 1 min |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.51.1 Load average of the system. Intervals is 5 min |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.52.1 Load average of the system. Intervals is 15 min |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.49.1 Status of RAID, 0 if clean or active, 1 otherwise |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.50.1 |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.51.1 Devices in RAID |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.52.1 Devices in RAID as int |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.53.1 Devices active in RAID |
|
.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.54.1 |
|
.1.3.6.1.4.1.22408.1.1.2.1.7.118.101.114.115.105.111.110.1 Version of PKI Appliance |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.49.1 Local node ID |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.50.1 Db cluster size |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.51.1 Currently active nodes in db cluster |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.52.1 Local db cluster (galera) state |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.53.1 Local db cluster (galera) state as string |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.54.1 Last transaction ID |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.101.49.1 EJBCA healthcheck as raw string |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.101.50.1 EJBCA healthcheck returns 0 for "ALLOK", 1 otherwise |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.115.49.1 Signserver healthcheck as raw string |
|
.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.115.50.1 Signserver healthcheck returns 0 for "ALLOK", 1 otherwise |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.49.1 Status of HSM as string |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.50.1 Enum of Status of HSM |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.51.1 Status of HSM, 0 if operational, 1 otherwise |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.52.1 Battery voltage of HSM |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.53.1 Battery state, 0 if ok, 1 otherwise |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.55.1 Battery voltage of external HSM battery |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.56.1 |
|
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.54.1 Serial Number of HSM | CS445661 |
.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.57.1 HSM Audit Log Usage (in %) | 20 |
Alternatively, all OIDs can be reached by the following snmpwalk
commands. Replace the IP address in each command with the one of your system:
# for the standard group snmpwalk -v2c -On -c public 192.168.5.162 # for the system group snmpwalk -v2c -On -c public 192.168.5.162 .1.3.6.1.4.1.22408.1.1.2.1 # for the HSM group snmpwalk -v2c -On -c public 192.168.5.162 .1.3.6.1.4.1.22408.1.1.2.2