Testing Encryption Management Server SNMP traps

book

Article ID: 220746

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Encryption Management Server is an SNMP client. An SNMP management server can be used to monitor Encryption Management Server.

Encryption Management Server uses SNMP version 3. This version requires that a username and password is shared between Encryption Management Server and the SNMP management server.

You can test that Encryption Management Server is sending SNMP traps using the snmptrapd utility.

Environment

Symantec Encryption Management Server release 10.5 and above.

Resolution

1. Configure the SNMP service

  1. In the Encryption Management Server administration console, navigate to Services / SNMP.
  2. Click on the Edit button.
  3. Ensure network Interface 1 is selected.
  4. If you have not already configured a username and password or do not have a record of the password, click on the Change Credentials button and enter a username and password. For example, choose a username of admin and a password of password.
  5. In the Recipient text box, enter the IP address of the Encryption Management Server itself. This will be the IP that appears next to Interface 1. For example:

2. Obtain the Engine ID

Each SNMP entity has an identifier called the Engine ID. The SNMP management server will probably require it. To obtain the Encryption Management Server Engine ID, ssh to the Encryption Management Server and enter this command:

# grep oldEngineID /var/lib/net-snmp/snmpd.conf |awk '{print $2}'
0x80001f88809512d2572049145f00000000

3. Create an snmptrapd configuration file

The snmptrapd utility can be used to capture SNMP traps sent from Encryption Management Server. However, first it is necessary to create a configuration file.

Create the file /var/lib/ovid/customization/snmptrapd.conf containing these two lines where 0x80001f88809512d2572049145f00000000 is the Engine ID, admin is the username and password is the password from Services / SNMP in the administration console:

createUser -e 0x80001f88809512d2572049145f00000000 admin SHA password AES
authUser log,execute,net admin noauth

4. Start snmptrapd

Start snmptrapd like this, pointing to the configuration file and a log file:

# snmptrapd -f -C -c /var/lib/ovid/customization/snmptrapd.conf -Lf /tmp/snmptrapd.log

5. Monitor the output

Open a new ssh session to the same server and monitor the contents of the snmptrapd.log file. Initially, this should be the only output:

# cat /tmp/snmptrapd.log
NET-SNMP version 5.7.2

6. Cause an SNMP trap

In the second ssh session, stop a service. Stopping the Keyserver service probably has least impact:

# pgpsysconf --stop ldap

7. Check the trap was received

Wait a few minutes and the snmptrapd.log file should contain "No slapd process running" where keys.example.com is the host name of the Encryption Management Server:

2021-07-30 16:57:07 keys.example.com [UDP: [192.168.1.63]:12568->[192.168.1.63]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (480016) 1:20:00.16    SNMPv2-MIB::snmpTrapOID.0 = OID: DISMAN-EVENT-MIB::mteTriggerFired       DISMAN-EVENT-MIB::mteHotTrigger.0 = STRING: process table       DISMAN-EVENT-MIB::mteHotTargetName.0 = STRING:  DISMAN-EVENT-MIB::mteHotContextName.0 = STRING:  DISMAN-EVENT-MIB::mteHotOID.0 = OID: UCD-SNMP-MIB::prErrorFlag.7        DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: 1     UCD-SNMP-MIB::prNames.7 = STRING: slapd UCD-SNMP-MIB::prErrMessage.7 = STRING: No slapd process running

8. Reset the configuration

In the first ssh session, press CTRL-C to stop snmptrapd.

In the administration console, either disable the SNMP service or change the settings back to what they were before you started to test.

Attachments