Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 22 Monitoring
SNMP Monitoring
22-14
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
SNMP Monitoring
The IronPort AsyncOS operating system supports system status monitoring via
SNMP (Simple Network Management Protocol). This includes IronPort’s
Enterprise MIB, asyncoswebsecurityappliance-mib.txt. The
asyncoswebsecurityappliance-mib helps administrators better monitor system
health. In addition, this release implements a read-only subset of MIB-II as
defined in RFCs 1213 and 1907. (For more information about SNMP, see RFCs
1065, 1066, and 1067.) Please note:
SNMP (Simple Network Management Protocol). This includes IronPort’s
Enterprise MIB, asyncoswebsecurityappliance-mib.txt. The
asyncoswebsecurityappliance-mib helps administrators better monitor system
health. In addition, this release implements a read-only subset of MIB-II as
defined in RFCs 1213 and 1907. (For more information about SNMP, see RFCs
1065, 1066, and 1067.) Please note:
•
SNMP is off by default.
•
SNMP SET operations (configuration) are not implemented.
•
AsyncOS supports SNMPv1, v2, and v3.
•
The use of SNMPv3 with password authentication and DES Encryption is
mandatory to enable this service. (For more information on SNMPv3, see
RFCs 2571-2575.) You are required to set a SNMPv3 passphrase of at least 8
characters to enable SNMP system status monitoring. The first time you enter
a SNMPv3 passphrase, you must re-enter it to confirm. The
mandatory to enable this service. (For more information on SNMPv3, see
RFCs 2571-2575.) You are required to set a SNMPv3 passphrase of at least 8
characters to enable SNMP system status monitoring. The first time you enter
a SNMPv3 passphrase, you must re-enter it to confirm. The
snmpconfig
command “remembers” this phrase the next time you run the command.
•
The SNMPv3 username is: v3get
> snmpwalk -v 3 -l AuthNoPriv -u v3get -a MD5 ironport
serv.example.com
.
•
If you use only SNMPv1 or SNMPv2, you must set a community string. The
community string does not default to
community string does not default to
public
.
•
For SNMPv1 and SNMPv2, you must specify a network from which SNMP
GET requests are accepted.
GET requests are accepted.
•
To use traps, an SNMP manager (not included in AsyncOS) must be running
and its IP address entered as the trap target. (You can use a hostname, but if
you do, traps will only work if DNS is working.)
and its IP address entered as the trap target. (You can use a hostname, but if
you do, traps will only work if DNS is working.)
Use the
snmpconfig
command to configure SNMP system status for the
appliance. After you choose and configure values for an interface, the appliance
responds to SNMPv3 GET requests. These version 3 requests must include a
matching password. By default, version 1 and 2 requests are rejected. If enabled,
version 1 and 2 requests must have a matching community string.
responds to SNMPv3 GET requests. These version 3 requests must include a
matching password. By default, version 1 and 2 requests are rejected. If enabled,
version 1 and 2 requests must have a matching community string.