Guest

Cisco Email Security Appliance

ESA, SMA, and WSA Queries with the snmpwalk Command Configuration Example

Document ID: 117959

Updated: Jul 16, 2014

Contributed by Denis Jacobi, Cisco TAC Engineer.

   Print

Introduction

This document describes how to use the snmpwalk command in order to query or poll the Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), or Cisco Web Security Appliance (WSA).

Prerequisites

The infomation in this document is based on these software and hardware versions:

  • ESA with AsyncOS 5.x or later
  • SMA with AsyncOS 5.x or later
  • WSA with AsyncOS 5.x or later
  • A separate Linux or Unix host machine with the distribution net-snmp package installed is required

Note: This document references software that is not maintained or supported by Cisco. The information is provided as a courtesy for your convenience. For further assistance, contact the software vendor.

Configure

This section covers the configurations for the ESA, SMA, and WSA.

ESA Configuration

  1. Enter the snmpconfig CLI command in order to ensure that Simple Network Management Protocol (SNMP) is enabled.

  2. Download all related AsyncOS MIB files from the Cisco Email Security Appliance under Related Tools:
    • AsyncOS SMI MIB for ESA (txt)
    • AsyncOS Mail MIB for ESA (txt)


  3. Place these files in your local machine SNMP directory, which usually resembles /usr/net-snmp/share/mibs/.

  4. Use your SNMP host to run the snmpwalk command:
    snmpwalk -O a -v 2c -c ironport -M /usr/net-snmp/share/mibs/ -m "ALL" host.example.com iso.3.6.1.2.1.1

In the previous command, specify:

  • All output fields with '-O a'

  • SNMP protocol version 2c with '-v 2c'

  • A read-only or public community string (must match your appliance's snmpconfig settings) or 'cisco' with '-c cisco'

  • The optional absolute path or location of your MIB files with '-M /the/path/to/snmp/mibs/'

  • Which MIB files to load (ALL loads everything) with '-m "ALL"'

  • The target host address on your appliance to poll with 'hostname' or 'x.x.x.x'

  • The starting point of the appliance's Object Identifier (OID) tree to begin the walk with 'iso.3.6.1.2.1.1'

The sample command listed previously returns a list of all diagnostic information pulled from your appliance:

:~$ snmpwalk -O a -v 2c -c ironport -M "/usr/net-snmp/share/mibs/" -m "ALL"
host.example.com iso.3.6.1.2.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "IronPort Model C10, AsyncOS Version: 7.0.0-702,
Build Date: 2009-11-10, Serial #: 00C09F3AED0E-#######"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.15497.1.1

Refer also to the Net-SNMP Tutorials  or use snmpwalk --help for more details on the snmpwalk command and other SNMP-related utilities.

SMA Configuration

  1. Enter the snmpconfig CLI command in order to ensure that Simple Network Management Protocol (SNMP) is enabled.

  2. Download all related AsyncOS MIB files from the Cisco Content Security Management Appliance under Related Tools:
    • AsyncOS SMI MIB for SMA (txt)
    • AsyncOS Mail MIB for SMA (txt)


  3. Place these files in your local machine SNMP directory, which usually resembles /usr/net-snmp/share/mibs/.

  4. Use your SNMP host to run the snmpwalk command:
    snmpwalk -O a -v 2c -c ironport -M /usr/net-snmp/share/mibs/ -m "ALL" host.example.com iso.3.6.1.2.1.1

In the previous command, specify:

  • All output fields with '-O a'

  • SNMP protocol version 2c with '-v 2c'

  • A read-only or public community string (must match your appliance's snmpconfig settings) or 'cisco' with '-c cisco'

  • The optional absolute path or location of your MIB files with '-M /the/path/to/snmp/mibs/'

  • Which MIB files to load (ALL loads everything) with '-m "ALL"'

  • The target host address on your appliance to poll with 'hostname' or 'x.x.x.x'

  • The starting point of the appliance's Object Identifier (OID) tree to begin the walk with 'iso.3.6.1.2.1.1'

The sample command listed previously returns a list of all diagnostic information pulled from your appliance:

:~$ snmpwalk -O a -v 2c -c ironport -M "/usr/net-snmp/share/mibs/" -m "ALL"
host.example.com iso.3.6.1.2.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "IronPort Model C10, AsyncOS Version: 7.0.0-702,
Build Date: 2009-11-10, Serial #: 00C09F3AED0E-#######"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.15497.1.1

Refer also to the Net-SNMP Tutorials  or use snmpwalk --help for more details on the snmpwalk command and other SNMP-related utilities.

WSA Configuration

  1. Enter the snmpconfig CLI command in order to ensure that Simple Network Management Protocol (SNMP) is enabled.

  2. Download all related AsyncOS MIB files from the Cisco Web Security Appliance under Related Tools:
    • AsyncOS SMI MIB for WSA (txt)
    • AsyncOS Mail MIB for WSA (txt)
    • AsyncOS Web MIB (txt)


  3. Place these files in your local machine SNMP directory, which usually resembles /usr/net-snmp/share/mibs/.

  4. Use your SNMP host to run the snmpwalk command:
    snmpwalk -O a -v 2c -c ironport -M /usr/net-snmp/share/mibs/ -m "ALL" host.example.com iso.3.6.1.2.1.1

In the previous command, specify:

  • All output fields with '-O a'

  • SNMP protocol version 2c with '-v 2c'

  • A read-only or public community string (must match your appliance's snmpconfig settings) or 'cisco' with '-c cisco'

  • The optional absolute path or location of your MIB files with '-M /the/path/to/snmp/mibs/'

  • Which MIB files to load (ALL loads everything) with '-m "ALL"'

  • The target host address on your appliance to poll with 'hostname' or 'x.x.x.x'

  • The starting point of the appliance's Object Identifier (OID) tree to begin the walk with 'iso.3.6.1.2.1.1'

The sample command listed previously returns a list of all diagnostic information pulled from your appliance:

:~$ snmpwalk -O a -v 2c -c ironport -M "/usr/net-snmp/share/mibs/" -m "ALL"
host.example.com iso.3.6.1.2.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "IronPort Model C10, AsyncOS Version: 7.0.0-702,
Build Date: 2009-11-10, Serial #: 00C09F3AED0E-#######"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.15497.1.1

Refer also to the Net-SNMP Tutorials  or use snmpwalk --help for more details on the snmpwalk command and other SNMP-related utilities.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Updated: Jul 16, 2014
Document ID: 117959