Cisco Cisco Web Security Appliance S670 User Guide
22-37
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Monitoring System Health and Status Using SNMP
SNMP Traps
SNMP provides the ability to send traps, or notifications, to advise an administration application when one
or more conditions have been met. Traps are network packets that contain data relating to a component of
the system sending the trap. Traps are generated when a condition has been met on the SNMP agent (in this
case, the Cisco Web Security Appliance appliance). After the condition has been met, the SNMP agent
then forms an SNMP packet and sends it to the host running the SNMP management console software.
or more conditions have been met. Traps are network packets that contain data relating to a component of
the system sending the trap. Traps are generated when a condition has been met on the SNMP agent (in this
case, the Cisco Web Security Appliance appliance). After the condition has been met, the SNMP agent
then forms an SNMP packet and sends it to the host running the SNMP management console software.
You can configure SNMP traps (enable or disable specific traps) when you enable SNMP for an
interface.
interface.
To specify multiple trap targets: when prompted for the trap target, you may enter up to 10 comma
separated IP addresses.
separated IP addresses.
Related Topics
•
About the connectivityFailure SNMP Trap
The connectivityFailure trap is intended to monitor your appliance’s connection to the internet. It does
this by attempting to connect and send an HTTP GET request to a single external server every 5 to 7
seconds. By default, the monitored URL is
this by attempting to connect and send an HTTP GET request to a single external server every 5 to 7
seconds. By default, the monitored URL is
downloads.ironport.com
on port 80.
To change the monitored URL or port, run the
snmpconfig
command and enable the connecivityFailure
trap, even if it is already enabled. You will see a prompt to change the URL.
Tip
To simulate connectivityFailure traps, you can use the
dnsconfig
CLI command to enter a non-working
DNS server. Lookups for downloads.ironport.com will fail, and traps will be sent every 5-7 seconds. Be
sure to change the DNS server back to a working server after completing your test.
sure to change the DNS server back to a working server after completing your test.
CLI Example: snmpconfig
wsa.example.com> snmpconfig
Current SNMP settings:
SNMP Disabled.
Choose the operation you want to perform:
- SETUP - Configure SNMP.
[]> SETUP
Do you want to enable SNMP?
[Y]>
Please choose an IP interface for SNMP requests.
1. Management (198.51.100.1: wsa.example.com)
[1]>
Which port shall the SNMP daemon listen on interface "Management"?
[161]>
Please select SNMPv3 authentication type:
1. MD5
2. SHA
[1]> 2