Cisco Cisco Web Security Appliance S670 User Guide
S N M P M O N I T O R I N G
C H A P T E R 1 8 : M O N I T O R I N G
407
S N M P M O N I T O R I N G
The IronPort AsyncOS operating system supports system status monitoring via SNMP (Simple
Network Management Protocol). This includes IronPort’s Enterprise MIB,
asyncoswebsecurityappliance-mib.txt. The asyncoswebsecurityappliance-mib helps
administrators better monitor system health. In addition, this release implements a read-only
subset of MIB-II as defined in RFCs 1213 and 1907. (For more information about SNMP, see
RFCs 1065, 1066, and 1067.) Please note:
Network Management Protocol). This includes IronPort’s Enterprise MIB,
asyncoswebsecurityappliance-mib.txt. The asyncoswebsecurityappliance-mib helps
administrators better monitor system health. In addition, this release implements a read-only
subset of MIB-II as defined in RFCs 1213 and 1907. (For more information about SNMP, see
RFCs 1065, 1066, and 1067.) Please note:
• SNMP is off by default.
• SNMP SET operations (configuration) are not implemented.
• AsyncOS supports SNMPv1, v2, and v3.
• The use of SNMPv3 with password authentication and DES Encryption is mandatory to
enable this service. (For more information on SNMPv3, see RFCs 2571-2575.) You are
required to set a SNMPv3 passphrase of at least 8 characters to enable SNMP system
status monitoring. The first time you enter a SNMPv3 passphrase, you must re-enter it to
confirm. The
required to set a SNMPv3 passphrase of at least 8 characters to enable SNMP system
status monitoring. The first time you enter a SNMPv3 passphrase, you must re-enter it to
confirm. The
snmpconfig
command “remembers” this phrase the next time you run the
command.
• The SNMPv3 username is: v3get.
• If you use only SNMPv1 or SNMPv2, you must set a community string. The community
string does not default to
public
.
• For SNMPv1 and SNMPv2, you must specify a network from which SNMP GET requests
are accepted.
• To use traps, an SNMP manager (not included in AsyncOS) must be running and its IP
address entered as the trap target. (You can use a hostname, but if you do, traps will only
work if DNS is working.)
work if DNS is working.)
Use the
snmpconfig
command to configure SNMP system status for the appliance. After you
choose and configure values for an interface, the appliance responds to SNMPv3 GET
requests. These version 3 requests must include a matching password. By default, version 1
and 2 requests are rejected. If enabled, version 1 and 2 requests must have a matching
community string.
requests. These version 3 requests must include a matching password. By default, version 1
and 2 requests are rejected. If enabled, version 1 and 2 requests must have a matching
community string.
MIB Files
IronPort Systems provides “enterprise” MIBs for Email and Web Security appliances as well as
a “Structure of Management Information” (SMI) file:
a “Structure of Management Information” (SMI) file:
• asyncoswebsecurityappliance-mib.txt — an SNMPv2 compatible description of the
Enterprise MIB for IronPort Web Security appliances.
> snmpwalk -v 3 -l AuthNoPriv -u v3get -a MD5 ironport serv.example.com