The PGP Encryption Server (Symantec Encryption Management Server) allows you to monitor the condition of your server using an SNMP server.

PGP Encryption Server also provides custom MIB (Management Information Base) files that are available for download from the administration console and allows an SNMP server to capture email processing metrics.

SNMP uses UDP port 161.

PGP Encryption Server 3.4.2 and above.

By default, the SNMP server will be able to monitor PGP Encryption Server for the following:

• Whether these services are running: httpd, pgpproxyd, pgpsyncd, pgptokend, pgptcpwrapper, stunnel, slapd and syslog-ng.
• Memory usage.
• Disk usage.
• System load.

Your SNMP server will probably need the SNMP EngineID of PGP Encryption Server. To obtain this, 153592 - Access the PGP Encryption Server by using SSH (Symantec Encryption Management Server) to PGP Encryption Server and enter the following command:
grep oldEngineID /var/lib/net-snmp/snmpd.conf |awk '{print $2}'

The result will be similar to this:
0x80001f88800e1e032b2776895b

Note that the PGP Encryption Server SNMP service requires the 171983 - PGP Encryption Server SNMP service requires the SHA authentication protocol (Symantec Encryption Management Server) when communicating with the SNMP server.

Once your SNMP server is monitoring PGP Encryption Server, you can test by selecting System / General Settings from the administration console and clicking on the Restart Services button. The SNMP server should be notified when services restart. 

In addition, it is possible to monitor email processing on PGP Encryption Server by downloading two custom MIB (Management Information Base) files. To download the custom MIBs, click on the Download PGP MIBs button. This will download the file mibs.zip containing:

1. PGP-SMI.mib
2. PGP-UNIVERSAL-MIB.mib

These files enable your SNMP server to monitor PGP Encryption Server and retrieve metrics about processed email. Note that information about email processed by PGP Encryption Desktop clients is not included. Therefore, if your PGP Encryption Server does not process email then these MIB files are not required. You will need to load these files into your SNMP server. The MIB files contain the following metrics about email:

• Processed that day
• Encrypted and/or signed that day
• Decrypted that day
• Processed total
• Encrypted and/or signed total
• Decrypted total
• Currently in the mail queue

Legacy Information for Symantec Encryption Management Server:


Symantec Encryption Management Server 3.3.1 or previous:

Warning: SEMS 3.4.2 and older are no longer supported.  Symantec strongly recommends upgrading to version 10.5.1 or newer to continue to be supported and to ensure you have all the latest security updates.

snmpwalk -v 1 SEMS-IP-Address public system

This command will confirm that v1 is enabled and working.  If this does not work, a "timeout" response will be displayed.  Confirm SNMP is enabled on the server and that the sytnax is correct, including IP address of SEMS and try again.

Symantec Encryption Management Server 3.3.2 and above:

SNMP v3 is supported on this version, which requires a username and password to be configured on the SEMS.  If this has not been done, please add this first and try the following command where username is "snmpuser" and password s 1234ABCD and IP address of 10.1.1.211:

snmpwalk -v 3 -l authNoPriv -a SHA -A 1234ABCD -u snmpuser 10.1.1.211

If the above command does not work, ensure SNMP is enabled, and that the syntax is correct, including username, password and IP address.

IMSFR-996

180719 - Enable SNMP on PGP Encryption Server (Symantec Encryption Management Server)

220746 - Testing SNMP traps with PGP Encryption Server (Symantec Encryption Management Server)