Services: Configuring the SNMP Settings
The Simple Network Management Protocol (SNMP) is an Internet Standard protocol widely used for network monitoring.
On the Software Appliance Services page, the section SNMP settings allows you to grant access to an external monitoring system. You can configure SNMP access using version SNMPv2c with Community string authentication, or version SNMPv3 with various authentication options, including password and encryption.
The following covers how to configure these versions. You will also find information on the MIB file that is used for interfacing with SNMP.
Configure SNMPv2c Settings
To configure SNMPv2c settings:
- Log in to your Software Appliance and open the Services page.
- In the section SNMP Settings, click SNMPv2c. The Configuration section opens.
In the field Community String, enter the desired string. The entry is mandatory.
Community String rules are the following:- Minimum 4 and maximum 64 characters
- Lower case letters [a-z]
- Upper case letters [A-Z]1.3.6.1.4.1.22408.1.4.1.5.3.3.0
- Digits [0-9]
- Click Save SNMP Configuration to confirm your changes and enable the SNMPv2c access.
Configure SNMPv3 Settings
To configure SNMPv3 settings:
- Log in to your Software Appliance and open the Services page.
- In the section SNMP Settings, click SNMPv3. The Configuration section opens.
Select the desired Authentication Method. You have the following options:
- Username only
- Username + Password (HMAC-MD5-96)
- Username + Password (HMAC-SHA-96)
For the Username + Password options you will see the additional option Encryption. The minimum requirement for authentication is Username. Combining it with Password and Encryption increases security.
Enter the Username. The entry is mandatory.
Username rules are the following:- Minimum 4 and maximum 64 characters
- Lower case letters [a-z]
- Upper case letters [A-Z]
- Digits [0-9]
Enter the Password and repeat it. The entry is mandatory for the Username + Password options.
Password rules are the following:- Minimum 8 and maximum 64 characters
- ASCII characters only
- No double quotation marks: “
- No single quotation marks: '
Select the Encryption Method for the Username + Password authentication. You have these options:
- None
- CBC-DES
- CBC-AES
Enter the Secret for CBC-DES/CBC-AES encryption. Secret rules are the same as Password rules.
Interfacing with SNMP
All possible statuses, that can be reported by SNMP are defined in the PK-SOFTWARE-APPLIANCE-V2.mib file and in the following table.
Name/OID | Numeric OID | Description |
---|---|---|
pk-SAV2-component-readyness | .1.3.6.1.4.1.22408.1.4.1.1.0 | This subtree contains the status/readyness of the Software Appliance's components. |
pk-SAV2-authentication-service-status | .1.3.6.1.4.1.22408.1.4.1.1.1.0 | Authentication service status. Possible values: |
pk-SAV2-crs-status | .1.3.6.1.4.1.22408.1.4.1.1.2.0 | Container runtime system status. Possible values: |
pk-SAV2-documentation-status | .1.3.6.1.4.1.22408.1.4.1.1.3.0 | Documentation service status. Possible values: |
pk-SAV2-monitoring-status | .1.3.6.1.4.1.22408.1.4.1.1.4.0 | Monitoring service status. Possible values: |
pk-SAV2-persistence-status | .1.3.6.1.4.1.22408.1.4.1.1.5.0 | Persistent data storage service status. Possible values: |
pk-SAV2-snmp-status | .1.3.6.1.4.1.22408.1.4.1.1.6.0 | SNMP service status. Possible values: |
pk-SAV2-spc-status | .1.3.6.1.4.1.22408.1.4.1.1.7.0 | Support package creator service status. Possible values: |
pk-SAV2-vs-status | .1.3.6.1.4.1.22408.1.4.1.1.8.0 | Valuestore service status. Possible values: |
pk-SAV2-vsapi-status | .1.3.6.1.4.1.22408.1.4.1.1.9.0 | Valuestore API service status. Possible values: |
pk-SAV2-webconf-status | .1.3.6.1.4.1.22408.1.4.1.1.10.0 | WebConf service status. Possible values: |
pk-SAV2-vault-status | .1.3.6.1.4.1.22408.1.4.1.1.11.0 | Vault service status. Possible values: |
pk-SAV2-network-subtree | .1.3.6.1.4.1.22408.1.4.1.2.0 | This subtree contains the networking related information of the Software Appliance. |
pk-SAV2-networkLink-status | .1.3.6.1.4.1.22408.1.4.1.2.1.0 | Network link status. Possible values: |
pk-SAV2-networkIpv4 | .1.3.6.1.4.1.22408.1.4.1.2.2.0 | Network IPV4 address. Possible values: |
pk-SAV2-networkIpv4Prefix | .1.3.6.1.4.1.22408.1.4.1.2.3.0 | Network IPV4 Prefix (CIDR notation of subnet mask). Possible values: |
pk-SAV2-networkIpv6 | .1.3.6.1.4.1.22408.1.4.1.2.4.0 | Network IPV6 address. Possible values: |
pk-SAV2-networkIpv6Prefix | .1.3.6.1.4.1.22408.1.4.1.2.5.0 | Network IPV6 Prefix (CIDR notation of subnet mask). Possible values: |
pk-SAV2-systemHostname | .1.3.6.1.4.1.22408.1.4.1.2.6.0 | Hostname, that is currently in use by the Software Appliance. Possible values: |
pk-SAV2-database-subtree | .1.3.6.1.4.1.22408.1.4.1.3.0 | This subtree contains all database related information of the Software Appliance. |
pk-SAV2-internal-database | .1.3.6.1.4.1.22408.1.4.1.3.1.0 | This subtree contains all information about the internal database of the Software Appliance. |
pk-SAV2-internal-database-status | .1.3.6.1.4.1.22408.1.4.1.3.1.1.0 | Status of the database service. Possible values: |
pk-SAV2-internal-databaseAvailableStorage | .1.3.6.1.4.1.22408.1.4.1.3.1.2.0 | Available storage reported by the database in MB. Possible values: |
pk-SAV2-internal-databaseTotalStorage | .1.3.6.1.4.1.22408.1.4.1.3.1.3.0 | Available total storage reported by the database in MB. Possible values: |
pk-SAV2-internal-databaseUsage | .1.3.6.1.4.1.22408.1.4.1.3.1.4.0 | Used storage reported by the database as percentage. Possible values: |
pk-SAV2-version-subtree | .1.3.6.1.4.1.22408.1.4.1.4.0 | This subtree contains all information about important version related information of the Software Appliance. |
pk-SAV2-systemVersion | .1.3.6.1.4.1.22408.1.4.1.4.1.0 | Software Appliance version. Possible values: |
pk-SAV2-application-subtree | .1.3.6.1.4.1.22408.1.4.1.5.0 | This subtree contains all information about customer facing applications on the Software Appliance. |
pk-SAV2-ejbca | .1.3.6.1.4.1.22408.1.4.1.5.1.0 | This subtree contains all the information from EJBCA. |
pk-SAV2-ejbca-status | .1.3.6.1.4.1.22408.1.4.1.5.1.1.0 | EJBCA application status. Possible values: |
pk-SAV2-ejbcaVersion | .1.3.6.1.4.1.22408.1.4.1.5.1.2.0 | EJBCA version string. Possible values: |
pk-SAV2-ejbcaHealthCheck | .1.3.6.1.4.1.22408.1.4.1.5.1.3.0 | Boolean interpretation of the EJBCA health check output. Possible values: |
pk-SAV2-signserver | .1.3.6.1.4.1.22408.1.4.1.5.2.0 | This subtree contains all the information from SignSever. |
pk-SAV2-signserver-status | .1.3.6.1.4.1.22408.1.4.1.5.2.1.0 | SignServer application status. Possible values: |
pk-SAV2-signserverVersion | .1.3.6.1.4.1.22408.1.4.1.5.2.2.0 | SignServer version string. Possible values: |
pk-SAV2-signserverHealthCheck | .1.3.6.1.4.1.22408.1.4.1.5.2.3.0 | Boolean interpretation of the SignServer health check output. Possible values: |
pk-SAV2-license-valid | .1.3.6.1.4.1.22408.1.4.1.5.4.1.0 | License is valid. Possible values: [0 (status ok), 1 (status not ok), -1 (internal error)] |
pk-SAV2-license-active-certificates | .1.3.6.1.4.1.22408.1.4.1.5.4.2.0 | Number of active certificates (EJBCA only) |
pk-SAV2-hsm-subtree | .1.3.6.1.4.1.22408.1.4.1.6.0 | This subtree contains all the information about the HSM components on the Software Appliance. |
pk-SAV2-hsm-driver-luna7-status | .1.3.6.1.4.1.22408.1.4.1.6.2.0 | Luna7 HSM service status. Possible values: |
pk-SAV2-hsm-driver-softhsm-status | .1.3.6.1.4.1.22408.1.4.1.6.1.0 | Soft HSM service status. Possible values: |
pk-SAV2-hsm-utimaco-subtree | .1.3.6.1.4.1.22408.1.4.1.6.3.0 | This subtree contains all information regarding the Utimaco CryptoServer LAN |
pk-SAV2-hsm-driver-utimaco-status | .1.3.6.1.4.1.22408.1.4.1.6.3.1.0 | The Utimaco CryptoServer LAN service status. Possible values: |
pk-SAV2-hsm-driver-utimaco-serialNumber | .1.3.6.1.4.1.22408.1.4.1.6.3.2.0 | The Utimaco CryptoServer LAN serial number. Possible values: |
pk-SAV2-hsm-driver-utimaco-model | .1.3.6.1.4.1.22408.1.4.1.6.3.3.0 | The Utimaco CryptoServer LAN model. Possible values: |
pk-SAV2-hsm-driver-utimaco-state | .1.3.6.1.4.1.22408.1.4.1.6.3.4.0 | The Utimaco CryptoServer LAN state. Possible values: |
pk-SAV2-hsm-driver-utimaco-mode | .1.3.6.1.4.1.22408.1.4.1.6.3.5.0 | The Utimaco CryptoServer LAN mode of operation. Possible values: |
pk-SAV2-hsm-driver-ncipher | .1.3.6.1.4.1.22408.1.4.1.6.4.0 | Entrust nCipher HSM service status. Possible values: |
pk-SAV2-hsm-driver-dpod | .1.3.6.1.4.1.22408.1.4.1.6.5.0 | Thales DPoD service status. Possible values: |
pk-SAV2-hsm-driver-bull | .1.3.6.1.4.1.22408.1.4.1.6.6.0 | Trustway Proteccio netHSM service status. Possible values: |