This article provides step-by-step instructions for configuring and using the SNMP functionality in PGP Universal Server 2.5 and above.
HOW TO: Configure SNMP in PGP Universal Server
SNMP enables a network management application to monitor the health and activity of the PGP Universal Server software and the computer on which it is installed. The network management application can poll the PGP Universal Server on a regular basis to extract information. Polling means that the network management application periodically queries the PGP Universal Server to get the desired status information, and SNMP is the protocol it uses.
You can configure all polling settings, including polling cycles, on the network management application. You can poll the following system information, as part of the standard MIB:
- The number of instances of certain running processes
- System memory usage
- Disk usage
- System load information
You can also download PGP custom MIBs that allow you to poll for messaging statistics, including the following:
- The number of messages processed that day
- The number of messages encrypted and/or signed that dayThe number of messages decrypted that day
- The number of messages processed total
- The number of messages encrypted and/or signed total
- The number of messages decrypted total
You can also set up the PGP Universal Server to use SNMP to send out trap information to one or more specified hosts or IP addresses. Traps are triggers set off by certain network events.You can configure the SNMP service to send out an alert every time the following events occur:
- When the number of certain processes drops to zero
- When the amount of available swap space drops too low
- When a disk has less than 20% free space
- When the 1-minute system load average rises above 4.0
- When the 5-minute system load average rises above 1.0
- When the 15-minute system load average rises above 1.0
Enable/Disable SNMP in PGP Universal Server
To Enable the SNMP service:
To Disable the SNMP service:
- Go to the Services/SNMP card.
- Click the Enable button to enable the service.
- Go to the Services/SNMP card.
- Click the Disable button on the SNMP card.
Disable button will only show if the SNMP service has already been turned on.
Configuring SNMP in PGP Universal Server
- Go to the Services/SNMP card, click the Edit button.
The Edit SNMP card appears.
- In the Interface field, select the interface on which you want to allow SNMP polling of the PGP Universal Server.
You cannot specify a port because the standard port for SNMP traffic is always port 161.
- In the Community field, enter the community name, also called the community string. The community name acts as a password, allowing the network management application to poll the PGP Universal Server. You will need to enter the same community name in your SNMP browser.
- In the SNMP Traps Recipient field, enter the IP or hostname you want to receive SNMP trap data.
- Click the (+) plus sign icon next to the Recipient field to add another recipient. There is no limit to the number of IPs you can add.
- Click Save to save changes and return to the SNMP card.
- Click Restrict Access on the SNMP card if you want to establish access control for the connection. If not, skip to step #9.
- The Access Control for Connector screen appears.
Put a checkmark next to Enable Access Control for Connector to enable access control.
In the Hostname/IP field, enter a hostname or IP address, then click Add. What you enter here will go onto the list in the Allow only these addresses field below. If you enter a hostname like example.com, the name will be resolved to an IP address.
In the IP Range fields, enter starting and ending IP addresses for an IP address range, then click Add. What you enter here will go onto the list in the Allow only these addresses field below.
To remove an IP address or range from the box, select it and click Remove.
- Click Save to close the Access Control for Connector dialog.
Downloading the Custom MIB File
PGP Corporation provides a custom MIB extension to allow you to poll for PGP Universal Server-specific information. The MIB files are called PGP-UNIVERSAL-MIB.mib and PGP-SMI.mib. The root Object ID (OID) for the PGP Universal Server custom MIB set is .220.127.116.11.4.1.17718.104.22.168, which is .iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).pgp 17766).products(1).pgpuniver sal(1).messaging(1).
To download the custom MIB files:
- From the Services/SNMP card, click Download PGP MIBs.
- Save the zipped file mibs.zip to your desktop.
The MIB files download to your desktop.
- Unzip mibs.zip, and extract the files PGP-UNIVERSAL-MIB.mib and PGP-SMI.mib.
- Depending on which SNMP browser you are using, you may need to compile the MIBs before you can add them to the browser. The MIB files are formatted as text and may need to be converted to a database form before they can be used. Consult the documentation for your SNMP browser.
- Import the MIBs to your SNMP browser.