Home > |
---|
This page applies only to SafeNet Network HSM which, as a closed system, has its own agent. This contrasts with other SafeNet HSMs that are installed inside a host computer, or USB-connected to a host, and therefore require you to provide an SNMP agent and configure for use with our subagent.
Various LunaSH commands govern the setup and use of SNMP with the SafeNet appliance. You provide your own SNMP application – a standard, open-source tool like net-snmp, or a commercial offering, or one that you develop yourself – and use the commands described below (and on the following pages) to enable and adjust the SNMP agent on-board the SafeNet appliance.
Please refer to the Lunash Appliance Commands in the Reference Section of this Help for syntax and usage descriptions of the following:
•The sysconf snmp command has subcommands "enable", "disable", "notification", "show", "trap", and "user".
–The sysconf snmp notification command allows viewing and configuring the notifications that can be sent by the SNMP agent. At least one user must be configured before the SNMP agent can be accessed.
–The sysconf snmp enable command enables and starts the SNMP service.
–The sysconf snmp disable command stops the service.
–The sysconf snmp show command shows the current status of the service.
–The sysconf snmp trap command has sub-commands to set, show, and clear trap host information.
–The sysconf snmp user command allows viewing and configuring the users that can access the SNMP agent. At least one user must be configured before the SNMP agent can be accessed.
•The service list command reports a service: "snmpd - SNMP agent service".
•The service status, service stop, service start and service restart commands accept the value "snmp" as a <servicename> parameter (that is, you can start, stop or restart the snmp service – this represents some overlap with the sysconf enable and disable commands, but is provided for completeness).
The following are some points of interest, with regard to our reporting:
Swap usage - Covered by UCD-SNMP-MIB under memTotalSwap, memAvailSwap and memMinimumSwap OID
Physical Memory usage - Covered by UCD-SNMP-MIB under memTotalRea, memAvailReal, memTotalFree OID
Errors - Covered by UCD-SNMP-MIB under memSwapError and memSwapErrorMsg OID
Size of page file - Not covered
Page file usage - Not covered
Paging errors - Not covered
Note: UCD-SNMP-MIB/memory will report all the data that we get from the "free" command.
% Utilization Threads - Not covered
%user time - Covered by UCD-SNMP-MIB under ssCpuUsr OID
%system time - Covered by UCD-SNMP-MIB under ssCpuSystem OID
Top running processes - Not covered
Interface status - Covered
% utilization - Covered
Bytes in - Not covered
Bytes Out - Not covered
Errors - Covered
Note: All of the above are already covered by the RFC1213-MIB.
We do not currently keep any status on hardware failure.
We support only CPU and mother board temperature.
The above concerns status of various elements of the appliance, outside the contained HSM.
HSM status is separately handled by the SAFENET-HSM-MIB.
In the current implementation, the object ntlsCertExpireNotification has no value. If you query this object, the response is "Snmp No Such Object.
Information about the HSM, retrievable via SNMP, is similar to executing the following commands:
From SafeNet Network HSM (lunash:> commands)
• hsm show
•hsm showPolicies
•partition show
•partition showPolicies
•hsm displayLicense
•client show
From the Client (lunacm:> commands)
•hsm showinfo
•hsm showpolicies (SO not shown)
•partition showinfo
•partition showpolicies
The following MIBs are not supplied as part of the SafeNet Network HSM build, but can be downloaded from a number of sources. How they are implemented depends on your MIB utility. Support is restricted to active queries (trap captures only reboots).
•LM-SENSORS-MIB
•RFC1213-MIB
•SNMP-FRAMEWORK-MIB
•SNMP-MPD-MIB
•SNMP-TARGET-MIB
•SNMP-USER-BASED-SM-MIB
•SNMPv2-MIB
•SNMP-VIEW-BASED-ACM-MIB
In addition, the SAFENET-APPLIANCE-MIB is included within the SafeNet Network HSM appliance, to report Software Version.
You require the following MIB to monitor the status of the HSM:
•SAFENET-HSM-MIB.mib