Symantec Encryption Management Server (SEMS - formerly known as PGP Universal Server) allows you to use SNMP to monitor the condition of your server as well as the status of encrypted and decrypted messages. SEMS provides custom MIBs that are available for download via the administrative interface.
· Symantec Encryption Management Server 3.x or higher
· PC running MG-SOFT MIB Browser
To Enable SNMP on SEMS
1. Log in to the SEMS admin interface.
2. Click Services > SNMP and then select Enable SNMP.
3. Click Edit to select an interface for SNMP to use for communication.
4. Enter a Community name (public is a default for Read-Only).
Note: In SEMS 3.3.1 and previous, the Community name is similar to a username or password that allows access to the device’s statistics. Starting with SEMS 3.3.2, it is necessary to configure a username and password in the SNMP section of the server in order for this to work. This is because SNMP v1 and v2c are no longer used in SEMS 3.3.2, and SNMP version 3 is now used, which requires a username and password.
Symantec recommends that you change the default Community string to something not easily guessed.
5. Select SNMP Traps Recipient. Type the IP address or hostname of a PC that is running SNMP monitoring software.
Custom PGP MIB Files
These files are custom MIBs that enable your SNMP software to query the SEMS and receive the following information:
· Processed that day
· Encrypted and/or signed that day
· Decrypted that day
· Processed total
· Encrypted and/or signed total
· Decrypted total
· Currently in the mail queue
You can also use the standard SNMP MIB to poll the following system information:
· The number of instances of certain running processes
· System memory usage
· Disk usage
· System load information
Download the custom MIB files:
1. Log in to SEMS admin interface.
2. Click Services > SNMP.
3. Click the Download PGP MIBs button and save the zipped file.
Setup the SNMP software
1. Install SNMP software on your computer and then open the MIB Browser.
2. Type the IP address of the SEMS e.g.10.1.1.211.
3. Expand the MIB tree iso/org/dod/internet/mgmt/mib-2/system/
4. Right-click sysName and click Contact. A successful connection to your server should result in the sysUpTime, displaying a value similar to 0 days 00h:05m:50s.
· If it reads TIMEOUT – the software cannot contact the SEMS
· Verify your network connectivity.
· Verify that SNMP is enabled on SEMS.
5. Right-click sysName again, select Get. The result output should return the name of your SEMS.
6. Close the MIB Browser.
7. Add the custom PGP MIBs to work with your SNMP software. The MIBs will need to be compiled and then loaded into the software.
8. Unzip the custom PGP MIB files.
9. Open the MG-SOFT MIB Compiler then click File > Open > PGP-SMI.mib.
10. Click Tools > Compile and select PGP-SMI.mib.
11. When prompted select PGP-SMI.mib and click Save.
The files are saved to the C:\Program Files\MS-SOFT\MIB Browser\MIB\SMIDB directory.
12. Repeat steps 9 – 11 for the PGP-UNIVERSAL-MIB.mib.
13. Open the MIB Browser.
14. Click the MIB tab.
For the evaluation version there can be only 3 loaded MIB modules.
· Keep only RFC1213-MIB
· Load PGP-SMI
· Load PGP-UNIVERSAL-MIB
15. Click the Query tab and expand the tree to the SEMS folder.
16. Right-click one of the available messaging objects, e.g. messagesProcessedTotal, and select Contact. The sysUpTime should be returned.
17. Right-click sysUpTime again and select Get. The total number of messages processed should be returned.
18. Test that SNMP Traps are working correctly.
A. Run the Trap Ringer Console in the MIB Browser (Tools > Trap Ringer Console).
B. Stop one of the following processes on SEMS:
You should receive a notification in the SNMP Trap Ringer Console.
C. Raise the CPU system load to a value that exceeds one of these values to get a notification:
· 4% over a 1 minute average
· 1% over a 5 minute average
· 1% over a 15 minute average
D. Decrease the amount of free space on your hard drive to get a notification:
· 20% or less on /
· 20% of less on /boot
To test SNMP functionality and see if it is enabled from the backend, run the following:
Symantec Encryption Management Server 3.3.1 or previous:
snmpwalk -v 1 SEMS-IP-Address public system
This command will confirm that v1 is enabled and working. If this does not work, a "timeout" response will be displayed. Confirm SNMP is enabled on the server and that the sytnax is correct, including IP address of SEMS and try again.
Symantec Encryption Management Server 3.3.2 and above:
SNMP v3 is supported on this version, which requires a username and password to be configured on the SEMS. If this has not been done, please add this first and try the following command where username is "snmpuser" and password s 1234ABCD and IP address of 10.1.1.211:
snmpwalk -v 3 -l authNoPriv -a SHA -A 1234ABCD -u snmpuser 10.1.1.211
If the above command does not work, ensure SNMP is enabled, and that the syntax is correct, including username, password and IP address.