Enable SNMP on Encryption Management Server

book

Article ID: 180719

calendar_today

Updated On:

Products

Encryption Management Server Powered by PGP Technology Encryption Management Server Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology

Issue/Introduction

Encryption Management Server allows you to monitor the condition of your server using an SNMP server.

Encryption Management Server also provides custom MIB (Management Information Base) files that are available for download from the administration console and allows an SNMP server to capture email processing metrics.

SNMP uses UDP port 161.

Environment

Symantec Encryption Management Server 3.4.2 and above.

Resolution

To Enable SNMP on Encryption Management Server:

  1. From the administration console, select Services / SNMP and click the Enable button.
  2. Click the Edit button to select an interface for SNMP to use for communication.
  3. Enter the Username and Password. Your SNMP server will need to be configured with the same username and password.
  4. Enter the Recipient. The recipient is the IP or FQDN of the SNMP server.
  5. Optionally, click the + button to add additional SNMP servers.
  6. Click the Save button.

By default, the SNMP server will be able to monitor Encryption Management Server for the following:

  • Whether these services are running: httpd, pgpproxyd, pgpsyncd, pgptokend, pgptcpwrapper, stunnel, slapd and syslog-ng.
  • Memory usage.
  • Disk usage.
  • System load.

Your SNMP server will probably need the SNMP EngineID of Encryption Management Server. To obtain this, SSH to Encryption Management Server and enter the following command:
grep oldEngineID /var/lib/net-snmp/snmpd.conf |awk '{print $2}'

The result will be similar to this:
0x80001f88800e1e032b2776895b

Note that the Encryption Management Server SNMP service requires the SHA authentication protocol when communicating with the SNMP server.

Once your SNMP server is monitoring Encryption Management Server, you can test by selecting System / General Settings from the administration console and clicking on the Restart Services button. The SNMP server should be notified when services restart. 

In addition, it is possible to monitor email processing on Encryption Management Server by downloading two custom MIB (Management Information Base) files. To download the custom MIBs, click on the Download PGP MIBs button. This will download the file mibs.zip containing:

  1. PGP-SMI.mib
  2. PGP-UNIVERSAL-MIB.mib

These files enable your SNMP server to monitor Encryption Management Server and retrieve metrics about processed email. Note that information about email processed by Encryption Desktop clients is not included. Therefore, if your Encryption Management Server does not process email then these MIB files are not required. You will need to load these files into your SNMP server. The MIB files contain the following metrics about email:

  • Processed that day
  • Encrypted and/or signed that day
  • Decrypted that day
  • Processed total
  • Encrypted and/or signed total
  • Decrypted total
  • Currently in the mail queue

Attachments