Cisco Cisco Web Security Appliance S690 User Guide
17-11
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 17 Generate Reports to Monitor End-user Activity
SNMP Monitoring
SNMP Monitoring
The AsyncOS operating system supports system status monitoring via SNMP (Simple Network
Management Protocol). This includes Cisco’s Enterprise MIB, asyncoswebsecurityappliance-mib.txt.
The asyncoswebsecurityappliance-mib helps administrators better monitor system health. In addition,
this release implements a read-only subset of MIB-II as defined in RFCs 1213 and 1907. (For more
information about SNMP, see RFCs 1065, 1066, and 1067.) Please note:
Management Protocol). This includes Cisco’s Enterprise MIB, asyncoswebsecurityappliance-mib.txt.
The asyncoswebsecurityappliance-mib helps administrators better monitor system health. In addition,
this release implements a read-only subset of MIB-II as defined in RFCs 1213 and 1907. (For more
information about SNMP, see RFCs 1065, 1066, and 1067.) Please note:
•
SNMP requests are serviced on the P1 interface.
•
SNMP is off by default.
•
SNMP SET operations (configuration) are not implemented.
•
AsyncOS supports SNMPv1, v2, and v3.
•
The use of SNMPv3 with password authentication and DES Encryption is mandatory to enable this
service. (For more information on SNMPv3, see RFCs 2571-2575.) You are required to set a
SNMPv3 passphrase of at least 8 characters to enable SNMP system status monitoring. The first
time you enter a SNMPv3 passphrase, you must re-enter it to confirm. The
service. (For more information on SNMPv3, see RFCs 2571-2575.) You are required to set a
SNMPv3 passphrase of at least 8 characters to enable SNMP system status monitoring. The first
time you enter a SNMPv3 passphrase, you must re-enter it to confirm. The
snmpconfig
command
“remembers” this phrase the next time you run the command.
•
The SNMPv3 username is: v3get.
•
If you use only SNMPv1 or SNMPv2, you must set a community string. The community string does
not default to
not default to
public
.
•
For SNMPv1 and SNMPv2, you must specify a network from which SNMP GET requests are
accepted.
accepted.
•
To use traps, an SNMP manager (not included in AsyncOS) must be running and its IP address
entered as the trap target. (You can use a hostname, but if you do, traps will only work if DNS is
working.)
entered as the trap target. (You can use a hostname, but if you do, traps will only work if DNS is
working.)
Use the
snmpconfig
command to configure SNMP system status for the appliance. After you choose and
configure values for an interface, the appliance responds to SNMPv3 GET requests. These version 3
requests must include a matching password. By default, version 1 and 2 requests are rejected. If enabled,
version 1 and 2 requests must have a matching community string.
requests must include a matching password. By default, version 1 and 2 requests are rejected. If enabled,
version 1 and 2 requests must have a matching community string.
MIB Files
Cisco provides “enterprise” MIBs for Email and Web Security appliances as well as a “Structure of
Management Information” (SMI) file:
Management Information” (SMI) file:
•
asyncoswebsecurityappliance-mib.txt — an SNMPv2 compatible description of the Enterprise MIB
for Web Security appliances.
for Web Security appliances.
•
ASYNCOS-MAIL-MIB.txt — an SNMPv2 compatible description of the Enterprise MIB for Email
Security appliances.
Security appliances.
•
IRONPORT-SMI.txt — defines the role of the asyncoswebsecurityappliance-mib.
These files are available on the documentation CD included with your Cisco appliance. You can also find
these files here:
these files here:
http://www.cisco.com/en/US/customer/products/ps10164/tsd_products_support_series_home.h
tml
> snmpwalk -v 3 -l AuthNoPriv -u v3get -a MD5 serv.example.com