Enable SNMP on PGP Encryption Server (Symantec Encryption Management Server)
search cancel

Enable SNMP on PGP Encryption Server (Symantec Encryption Management Server)

book

Article ID: 180719

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

The PGP Encryption Server (Symantec Encryption Management Server) allows you to monitor the condition of your server using an SNMP server.

PGP Encryption Server also provides custom MIB (Management Information Base) files that are available for download from the administration console and allows an SNMP server to capture email processing metrics.

SNMP uses UDP port 161.

Environment

PGP Encryption Server 3.4.2 and above.

Resolution

To Enable SNMP on PGP Encryption Server:

  1. From the administration console, select Services / SNMP and click the Enable button.
  2. Click the Edit button to select an interface for SNMP to use for communication.
  3. Enter the Username and Password. Your SNMP server will need to be configured with the same username and password.
  4. Enter the Recipient. The recipient is the IP or FQDN of the SNMP server.
  5. Optionally, click the + button to add additional SNMP servers.
  6. Click the Save button.

By default, the SNMP server will be able to monitor PGP Encryption Server for the following:

  • Whether these services are running: httpd, pgpproxyd, pgpsyncd, pgptokend, pgptcpwrapper, stunnel, slapd and syslog-ng.
  • Memory usage.
  • Disk usage.
  • System load.

Your SNMP server will probably need the SNMP EngineID of PGP Encryption Server. To obtain this, SSH to PGP Encryption Server and enter the following command:
grep oldEngineID /var/lib/net-snmp/snmpd.conf |awk '{print $2}'

The result will be similar to this:
0x80001f88800e1e032b2776895b

Note that the PGP Encryption Server SNMP service requires the SHA authentication protocol when communicating with the SNMP server.

Once your SNMP server is monitoring PGP Encryption Server, you can test by selecting System / General Settings from the administration console and clicking on the Restart Services button. The SNMP server should be notified when services restart. 

In addition, it is possible to monitor email processing on PGP Encryption Server by downloading two custom MIB (Management Information Base) files. To download the custom MIBs, click on the Download PGP MIBs button. This will download the file mibs.zip containing:

  1. PGP-SMI.mib
  2. PGP-UNIVERSAL-MIB.mib

These files enable your SNMP server to monitor PGP Encryption Server and retrieve metrics about processed email. Note that information about email processed by PGP Encryption Desktop clients is not included. Therefore, if your PGP Encryption Server does not process email then these MIB files are not required. You will need to load these files into your SNMP server. The MIB files contain the following metrics about email:

  • Processed that day
  • Encrypted and/or signed that day
  • Decrypted that day
  • Processed total
  • Encrypted and/or signed total
  • Decrypted total
  • Currently in the mail queue

Additional Information

Legacy Information for Symantec Encryption Management Server:


Symantec Encryption Management Server 3.3.1 or previous:

Warning: SEMS 3.4.2 and older are no longer supported.  Symantec strongly recommends upgrading to version 10.5.1 or newer to continue to be supported and to ensure you have all the latest security updates.

snmpwalk -v 1 SEMS-IP-Address public system

 

This command will confirm that v1 is enabled and working.  If this does not work, a "timeout" response will be displayed.  Confirm SNMP is enabled on the server and that the sytnax is correct, including IP address of SEMS and try again.

 

Symantec Encryption Management Server 3.3.2 and above:

SNMP v3 is supported on this version, which requires a username and password to be configured on the SEMS.  If this has not been done, please add this first and try the following command where username is "snmpuser" and password s 1234ABCD and IP address of 10.1.1.211:

 

snmpwalk -v 3 -l authNoPriv -a SHA -A 1234ABCD -u snmpuser 10.1.1.211

 

If the above command does not work, ensure SNMP is enabled, and that the syntax is correct, including username, password and IP address.