Guest

Cisco Email Security Appliance

ESA FAQ: Does AsyncOS support SNMP monitoring?

Document ID: 117831

Updated: Jun 24, 2014

Contributed by Nasir Shakour and Robert Sherwin, Cisco TAC Engineers.

   Print

Introduction

This document describes which Simple Network Management Protocol (SNMP) traps are supported by AsyncOS.

Does AsyncOS support SNMP monitoring?

The Cisco AsyncOS operating system supports system status monitoring via SNMP.  AsyncOS supports SNMPv1, v2, and v3.

This includes Cisco's Enterprise Management Information Base (MIB), ASYNCOS-MAIL-MIB. The ASYNCOS-MAIL-MIB helps administrators better monitor system health. In addition, this release implements a read-only subset of MIB-II as defined in RFCs 1213 and 1907. (For more information on SNMP, see RFCs 1065, 1066, and 1067.)

Please note:

  • SNMP is off by default.
  • SNMP SET operations (configuration) are not implemented.
  • The use of SNMPv3 with password authentication and DES Encryption is mandatory in order to enable this service. (For more information on SNMPv3, see RFCs 2571-2575.) You are required to set a SNMPv3 passphrase of at least eight characters in order to enable SNMP system status monitoring. The first time you enter a SNMPv3 passphrase, you must reenter it to confirm. The snmpconfig command remembers this phrase the next time you run the command.
  • The SNMPv3 username is: v3get.
    > snmpwalk -v 3 -l AuthNoPriv -u v3get -a MD5 ironport mail.example.com
  • If you use only SNMPv1 or SNMPv2, you must set a community string. The community string does not default to public.
  • For SNMPv1 and SNMPv2, you must specify a network from which SNMP GET requests are accepted.
  • In order to use traps, an SNMP manager (not included in AsyncOS) must be running and its IP address entered as the trap target. (You can use a hostname, but if you do, traps will only work if DNS is working.)

Use the snmpconfig command in order to configure SNMP system status for the appliance. After you choose and configure values for an interface, the appliance responds to SNMPv3 GET requests. These Version 3 requests must include a matching password. By default, Version 1 and 2 requests are rejected. If enabled, Version 1 and 2 requests must have a matching community string.

Cisco Systems provides an enterprise MIB as well as a Structure of Management Information (SMI) file:

  • ASYNCOS-MAIL-MIB.txt - an SNMPv2 compatible description of the Enterprise MIB for Cisco appliances.
  • IRONPORT-SMI.txt - defines the role of the ASYNCOS-MAIL-MIB in IronPort?s SNMP managed products.

Both MIB files can be located from the Cisco Email Security Appliance Product Support page

TipSome customers might need to compile both files into a single ".my" file, for example to support HP OpenView. One tool that can accomplish this is available from www.mg-soft.com.

Please refer to the Managing and Monitoring via the CLI chapter of the Email User Guide for full details regarding SNMP monitoring.

Related Information

Updated: Jun 24, 2014
Document ID: 117831