Services: Configuring the SNMP Settings

The Simple Network Management Protocol (SNMP) is an Internet Standard protocol widely used for network monitoring.

On the Software Appliance Services page, the section SNMP settings allows you to grant access to an external monitoring system. You can configure SNMP access using version SNMPv2c with Community string authentication, or version SNMPv3 with various authentication options, including password and encryption.

The following covers how to configure these versions. You will also find information on the MIB file that is used for interfacing with SNMP.

Configure SNMPv2c Settings

To configure SNMPv2c settings:

Log in to your Software Appliance and open the Services page.
In the section SNMP Settings, click SNMPv2c. The Configuration section opens.
In the field Community String, enter the desired string. The entry is mandatory.
Community String rules are the following:
- Minimum 4 and maximum 64 characters
- Lower case letters [a-z]
- Upper case letters [A-Z]1.3.6.1.4.1.22408.1.4.1.5.3.3.0
- Digits [0-9]
Click Save SNMP Configuration to confirm your changes and enable the SNMPv2c access.

Configure SNMPv3 Settings

To configure SNMPv3 settings:

Log in to your Software Appliance and open the Services page.
In the section SNMP Settings, click SNMPv3. The Configuration section opens.
Select the desired Authentication Method. You have the following options:
- Username only
- Username + Password (HMAC-MD5-96)
- Username + Password (HMAC-SHA-96)
For the Username + Password options you will see the additional option Encryption. The minimum requirement for authentication is Username. Combining it with Password and Encryption increases security.
Enter the Username. The entry is mandatory.
Username rules are the following:
- Minimum 4 and maximum 64 characters
- Lower case letters [a-z]
- Upper case letters [A-Z]
- Digits [0-9]
Enter the Password and repeat it. The entry is mandatory for the Username + Password options.
Password rules are the following:
- Minimum 8 and maximum 64 characters
- ASCII characters only
- No double quotation marks: “
- No single quotation marks: '
Select the Encryption Method for the Username + Password authentication. You have these options:
- None
- CBC-DES
- CBC-AES
Enter the Secret for CBC-DES/CBC-AES encryption. Secret rules are the same as Password rules.

Interfacing with SNMP

All possible statuses, that can be reported by SNMP are defined in the PK-SOFTWARE-APPLIANCE-V2.mib file and in the following table.

Name/OID	Numeric OID	Description
pk-SAV2-component-readyness	.1.3.6.1.4.1.22408.1.4.1.1.0	This subtree contains the status/readyness of the Software Appliance's components.
pk-SAV2-authentication-service-status	.1.3.6.1.4.1.22408.1.4.1.1.1.0	Authentication service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-crs-status	.1.3.6.1.4.1.22408.1.4.1.1.2.0	Container runtime system status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-documentation-status	.1.3.6.1.4.1.22408.1.4.1.1.3.0	Documentation service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-monitoring-status	.1.3.6.1.4.1.22408.1.4.1.1.4.0	Monitoring service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-persistence-status	.1.3.6.1.4.1.22408.1.4.1.1.5.0	Persistent data storage service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-snmp-status	.1.3.6.1.4.1.22408.1.4.1.1.6.0	SNMP service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-spc-status	.1.3.6.1.4.1.22408.1.4.1.1.7.0	Support package creator service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-vs-status	.1.3.6.1.4.1.22408.1.4.1.1.8.0	Valuestore service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-vsapi-status	.1.3.6.1.4.1.22408.1.4.1.1.9.0	Valuestore API service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-webconf-status	.1.3.6.1.4.1.22408.1.4.1.1.10.0	WebConf service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-vault-status	.1.3.6.1.4.1.22408.1.4.1.1.11.0	Vault service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-network-subtree	.1.3.6.1.4.1.22408.1.4.1.2.0	This subtree contains the networking related information of the Software Appliance.
pk-SAV2-networkLink-status	.1.3.6.1.4.1.22408.1.4.1.2.1.0	Network link status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-networkIpv4	.1.3.6.1.4.1.22408.1.4.1.2.2.0	Network IPV4 address. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-networkIpv4Prefix	.1.3.6.1.4.1.22408.1.4.1.2.3.0	Network IPV4 Prefix (CIDR notation of subnet mask). Possible values: [INTEGER, ERROR (internal error)]
pk-SAV2-networkIpv6	.1.3.6.1.4.1.22408.1.4.1.2.4.0	Network IPV6 address. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-networkIpv6Prefix	.1.3.6.1.4.1.22408.1.4.1.2.5.0	Network IPV6 Prefix (CIDR notation of subnet mask). Possible values: [INTEGER, ERROR (internal error)]
pk-SAV2-systemHostname	.1.3.6.1.4.1.22408.1.4.1.2.6.0	Hostname, that is currently in use by the Software Appliance. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-database-subtree	.1.3.6.1.4.1.22408.1.4.1.3.0	This subtree contains all database related information of the Software Appliance.
pk-SAV2-internal-database	.1.3.6.1.4.1.22408.1.4.1.3.1.0	This subtree contains all information about the internal database of the Software Appliance.
pk-SAV2-internal-database-status	.1.3.6.1.4.1.22408.1.4.1.3.1.1.0	Status of the database service. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-internal-databaseAvailableStorage	.1.3.6.1.4.1.22408.1.4.1.3.1.2.0	Available storage reported by the database in MB. Possible values: [INTEGER, -1 (internal error)]
pk-SAV2-internal-databaseTotalStorage	.1.3.6.1.4.1.22408.1.4.1.3.1.3.0	Available total storage reported by the database in MB. Possible values: [INTEGER, -1 (internal error)]
pk-SAV2-internal-databaseUsage	.1.3.6.1.4.1.22408.1.4.1.3.1.4.0	Used storage reported by the database as percentage. Possible values: [0-100, -1 (internal error)]
pk-SAV2-version-subtree	.1.3.6.1.4.1.22408.1.4.1.4.0	This subtree contains all information about important version related information of the Software Appliance.
pk-SAV2-systemVersion	.1.3.6.1.4.1.22408.1.4.1.4.1.0	Software Appliance version. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-application-subtree	.1.3.6.1.4.1.22408.1.4.1.5.0	This subtree contains all information about customer facing applications on the Software Appliance.
pk-SAV2-ejbca	.1.3.6.1.4.1.22408.1.4.1.5.1.0	This subtree contains all the information from EJBCA.
pk-SAV2-ejbca-status	.1.3.6.1.4.1.22408.1.4.1.5.1.1.0	EJBCA application status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-ejbcaVersion	.1.3.6.1.4.1.22408.1.4.1.5.1.2.0	EJBCA version string. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-ejbcaHealthCheck	.1.3.6.1.4.1.22408.1.4.1.5.1.3.0	Boolean interpretation of the EJBCA health check output. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-signserver	.1.3.6.1.4.1.22408.1.4.1.5.2.0	This subtree contains all the information from SignSever.
pk-SAV2-signserver-status	.1.3.6.1.4.1.22408.1.4.1.5.2.1.0	SignServer application status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-signserverVersion	.1.3.6.1.4.1.22408.1.4.1.5.2.2.0	SignServer version string. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-signserverHealthCheck	.1.3.6.1.4.1.22408.1.4.1.5.2.3.0	Boolean interpretation of the SignServer health check output. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-license-valid	.1.3.6.1.4.1.22408.1.4.1.5.4.1.0	License is valid. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-license-active-certificates	.1.3.6.1.4.1.22408.1.4.1.5.4.2.0	Number of active certificates (EJBCA only)
pk-SAV2-hsm-subtree	.1.3.6.1.4.1.22408.1.4.1.6.0	This subtree contains all the information about the HSM components on the Software Appliance.
pk-SAV2-hsm-driver-luna7-status	.1.3.6.1.4.1.22408.1.4.1.6.2.0	Luna7 HSM service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-hsm-driver-softhsm-status	.1.3.6.1.4.1.22408.1.4.1.6.1.0	Soft HSM service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-hsm-utimaco-subtree	.1.3.6.1.4.1.22408.1.4.1.6.3.0	This subtree contains all information regarding the Utimaco CryptoServer LAN
pk-SAV2-hsm-driver-utimaco-status	.1.3.6.1.4.1.22408.1.4.1.6.3.1.0	The Utimaco CryptoServer LAN service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-hsm-driver-utimaco-serialNumber	.1.3.6.1.4.1.22408.1.4.1.6.3.2.0	The Utimaco CryptoServer LAN serial number. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-hsm-driver-utimaco-model	.1.3.6.1.4.1.22408.1.4.1.6.3.3.0	The Utimaco CryptoServer LAN model. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-hsm-driver-utimaco-state	.1.3.6.1.4.1.22408.1.4.1.6.3.4.0	The Utimaco CryptoServer LAN state. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-hsm-driver-utimaco-mode	.1.3.6.1.4.1.22408.1.4.1.6.3.5.0	The Utimaco CryptoServer LAN mode of operation. Possible values: [STRING, ERROR (internal error)]
pk-SAV2-hsm-driver-ncipher	.1.3.6.1.4.1.22408.1.4.1.6.4.0	Entrust nCipher HSM service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-hsm-driver-dpod	.1.3.6.1.4.1.22408.1.4.1.6.5.0	Thales DPoD service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]
pk-SAV2-hsm-driver-bull	.1.3.6.1.4.1.22408.1.4.1.6.6.0	Trustway Proteccio netHSM service status. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)]