You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > System Management > Logging and Monitoring > Configuring SNMP

Configuring SNMP

If you prefer, you can use a third-party SNMP manager, such as HP OpenView, to monitor system health. The system supports SNMP v2c and SNMPv3.

To configure the SNMP agent:

  1. Select System > Log/Monitoring.
  2. Click the SNMP tab to display the SNMP configuration page.

    Figure 196 shows the configuration page for Pulse Connect Secure.

  1. Complete the configuration as described in Table 150.
  2. Save the configuration.

    Figure 196: SNMP Configuration Page – Pulse Connect Secure

    Table 150: SNMP Configuration Settings

    Settings

    Guidelines

    MIB File

    Use the Pulse Secure MIB file link to download the device management information base MIB file. You add this file to your SNMP manager configuration.

    SNMP Version

    Select your SNMP server version:

    • v2c
    • v3

    Agent Properties

    SNMP Queries

    Select to support SNMP queries.

    SNMP Traps

    Select to send SNMP traps.

    System Name

    Specify a system name.

    System Location

    Specify a system location.

    System Contact

    Specify a system contact.

    Community String

    • Required only for SNMPv2c.
    • To query the system, your network management station must send it to the request with this community string.
    • To stop the SNMP system, clear the community field.

    SNMPv3 Configuration

    Username

    Specify the SNMPv3 username. The User-Based Security Model (USM) is the default Security Module for SNMPv3. The system supports only one user at a time to be registered with an SNMP engine. Editing the SNMPv3 user attributes overwrite any already registered SNMPv3 user. The SNMPv3 user must have read-only access on all MIBs supported by the system. SNMPv3 user configuration attributes can also be used for SNMP traps.

    Security Level

    Selection

    Auth Protocol

    Auth Password

    Priv Protocol

    Priv Password

    No Auth, NoPriv

    Auth, NoPriv

    Select MD5 (HMAC-MD5-96) or SHA (HMAC-SHA-96).

    Enter an authentication password. The password can contain any ASCII characters and must be at least 8 characters in length.

    Auth, Priv

    Select MD5 (HMAC-MD5-96) or SHA (HMAC-SHA-96).

    Enter an authentication password. The password can contain any ASCII characters and must be at least 8 characters in length.

    Select either CBC-DES or CFB-AES-128.

    Enter a privacy password. The password can contain any ASCII characters and must be at least 8 characters in length.

    Trap Thresholds

    NOTE: Setting a threshold value to 0 disables that respective trap.

    Check Frequency

    Specify the frequency in seconds for sending traps. The default is 180 seconds.

    Log Capacity

    Specify the percent of log space used. The default is 90%.

    Users

    Specify the percent of user capacity used. The default is 100%.

    Physical Memory

    Specify the percent of physical memory used. The default is 0 (not reported).

    Swap Memory (Virtual Memory)

    Specify the percent of swap memory used. The default is 0 (not reported).

    NOTE: We recommend you monitor swap memory to alert you to potential memory issues. The threshold for traps for physical memory usage might be reached even if the system is not experiencing any difficulties.

    Disk

    Specify the percent of disk utilization. The default is 80%.

    CPU

    Specify the percent of CPU utilization. The default is 0 (not reported).

    Meeting Users

    Specify the percent of meeting users. The default is 100%.

    Optional Traps

    Critical Log Events

    Send traps when the system logs critical events.

    Major Log Events

    Send traps when the system logs major events.

    Save SNMP Settings?

    Click Save Changes to update the SNMP agent configuration. The page is refreshed and displays the SNMP engine ID. If the configuration is changed to move from SNMP v2c to SNMP v3, the system generates new Engine ID which is used for both SNMP queries and traps.

    SNMP Servers

    Hostname / IP address

    Specify the hostname or IP address for the SNMP servers to which the system will send any traps it generates.

    Port

    Specify the port for the SNMP server. Typically, SNMP uses port 162.

    Community

    Specify the community string (if necessary).

Keep the following configuration tips in mind when you configure your SNMP manager to listen for this SNMP agent:

Table 151 is a reference of MIB objects for the system. Some objects apply only to Connect Secure.

Table 151: MIB Objects

Object

Description

logFullPercent

Returns the percentage of available file size filled by the current log as a parameter of the logNearlyFull trap.

signedInWebUsers

Returns the number of users signed in through a Web browser.

signedInMailUsers

Returns the number of users signed in to the e-mail client.

blockedIP

Returns the IP address—blocked due to consecutive failed login attempts—sent by the iveToomanyFailedLoginAttempts trap. The system adds the blocked IP address to the blockedIPList table.

authServerName

Returns the name of an external authentication server sent by the externalAuthServerUnreachable trap.

productName

Returns the licensed product name.

productVersion

Returns the software version.

fileName

Returns the file name sent by the archiveFileTransferFailed trap.

meetingUserCount

Returns the number of concurrent meeting users sent by the meetingUserLimit trap.

iveCpuUtil

Returns the percentage of CPU used during the interval between two SNMP polls. This value is calculated by dividing the amount of CPU used by the amount of CPU available during the current and previous SNMP polls. If no previous poll is available, the calculation is based on the interval between the current poll and system boot.

iveMemoryUtil

Returns the percentage of memory utilized by the system at the time of an SNMP poll. The system calculates this value by dividing the number of used memory pages by the number of available memory pages.

iveConcurrentUsers

Returns the total number of users logged in.

clusterConcurrentUsers

Returns the total number of users logged in for the cluster.

iveTotalHits

Returns the total number of hits to the system since last reboot. Includes total values from iveFileHits, iveAppletHits, meetingHits, and iveWebHits.

iveFileHits

Returns the total number of file hits to the system since last reboot.Incremented by the Web server with each GET/POST corresponding to a file browser request.

iveWebHits

Returns the total number of hits by means of the Web interface since last reboot. Incremented by the Web server for each http request received by the system, excluding file hits, applet hits, and meeting hits.

iveAppletHits

Returns the total number of applet hits to the system since last reboot.Incremented by the Web server for each GET request for a Java applet.

ivetermHits

Returns the total number of terminal hits to the system since last reboot.

logName

Returns the name of the log (admin/user/event) for the logNearlyFull and iveLogFull traps.

iveSwapUtil

Returns the percentage of swap memory pages used by the system at the time of an SNMP poll. The system calculates this value by dividing the number of swap memory pages used, by the number of available swap memory pages.

diskFullPercent

Returns the percentage of disk space used in the system for the iveDiskNearlyFull trap. The system calculates this value by dividing the number of used disk space blocks by the number of total disk space blocks.

blockedIPList

Returns a table with the 10 most recently blocked IP addresses. The blockedIP MIB adds blocked IP addresses to this table

ipEntry

An entry in the blockedListIP table containing a blocked IP address and its index (see IPEntry).

IPEntry

The index (ipIndex) and IP address (ipValue) for an entry in the blockedIPList table.

ipIndex

Returns the index for the blockedIPList table.

ipValue

A blocked IP address entry in the blockedIPList table.

logID

Returns the unique ID of the log message sent by the logMessageTrap trap.

logType

Returns a string sent by the logMessageTrap trap stating whether a log message is major or critical.

logDescription

Returns a string sent by the logMessageTrap trap stating whether a log message is major or critical.

ivsName

Returns the name of a virtual system.

ocspResponderURL

Returns the name of an OCSP responder.

fanDescription

Returns the status of the system fans.

psDescription

Returns the status of the system power supplies.

raidDescription

Returns the status of the system RAID device.

iveLogNearlyFull

The log file (system, user access, or administrator access) specified by the logName parameter is nearly full. When this trap is sent, the logFullPercent (%of log file full) parameter is also sent. You can configure this trap to be sent at any percentage. To disable this trap, set the Log Capacity trap threshold to 0%. The trap’s default value is 90%.

NOTE: When SNMP traps are enabled, the iveLogNearlyFull and iveLogFull traps are sent when the log files are 90% full and 100% full respectively, even if the threshold is set to 0 (disabled).

iveLogFull

The log file (system, user access, or administrator access) specified by the logName parameter is completely full.

NOTE: When SNMP traps are enabled, the iveLogNearlyFull and iveLogFull traps are sent when the log files are 90% full and 100% full respectively, even if the threshold is set to 0 (disabled).

iveMaxConcurrentUsersSignedIn

Maximum number or allowed concurrent users are currently signed in. You can configure this trap to be sent at any percentage. To disable this trap, set the Users trap threshold to 0%. The trap’s default value is 100%.

iveTooManyFailedLoginAttempts

A user with a specific IP address has too many failed sign-in attempts. Triggered when a user fails to authenticate according to the settings for the Lockout options on the Security Options tab.

When the system triggers this trap, the system also triggers the blockedIP (source IP of login attempts) parameter.

externalAuthServerUnreachable

An external authentication server is not responding to authentication requests.

When the system sends this trap, it also sends the authServerName (name of unreachable server) parameter.

iveStart

The system has just been turned on.

iveShutdown

The system has just been shut down.

iveReboot

The system has just been rebooted.

archiveServerUnreachable

The system is unable to reach the configured archive server.

archiveServerLoginFailed

The system is unable to log into the configured archive server.

archiveFileTransferFailed

The system is unable to successfully transfer files to the configured archive server. When the system sends this trap, it also sends the fileName parameter.

iveRestart

Supplies notification that the system has restarted according to the administrator’s instruction.

iveDiskNearlyFull

Supplies notification that the system disk drive is nearly full. When the system sends this trap, it also sends the diskFullPercent parameter. You can configure this trap to be sent at any percentage. To disable this trap, set the Disk trap threshold to 0%. This trap’s default value is 80%.

iveDiskFull

Supplies notification that the system disk drive is full.

logMessageTrap

The trap generated from a log message. When the system sends this trap, it also sends the logID, logType, and logDescription parameters.

memUtilNotify

Supplies notification that the system has met the configured threshold for memory utilization. To disable this trap, set the Physical Memory trap threshold to 0. The threshold is 0%, by default.

cpuUtilNotify

Supplies notification that the system has met the configured threshold for CPU utilization. To disable this trap, set the CPU trap threshold to 0. The threshold is 0%, by default.

swapUtilNotify

Supplies notification that the system has met the configured threshold for swap file memory utilization. To disable this trap, set the Swap Memory trap threshold to 0. The threshold is 0%, by default.

iveFanNotify

Supplies notification that the status of the fans has changed.

ivePowerSupplyNotify

Supplies notification that the status of the power supplies has changed.

iveRaidNotify

Supplies notification that the status of the RAID device has changed.

iveNetExternalInterfaceDownTrap (nicEvent)

Supplies the type of event that brought down the external interface. The nicEvent parameter can contain values of “external” for an external event and “admin” for an administrative action.

iveNetInternalInterfaceDownTrap (nicEvent)

Supplies the type of event that brought down the internal interface. The nicEvent parameter can contain values of “external” for an external event and “admin” for an administrative action.

iveClusterDisableNodeTrap (clusterName,nodeList)

Supplies the name of the cluster that contains disabled nodes, as well as a string containing the names of all disabled nodes. Node names are separated by white space in the string.

iveClusterChangedVIPTrap(vipType, currentVIP, newVIP)

Supplies the status of a virtual IP for the cluster. The vipType indicates whether the changed VIP was external or internal. The currentVIP contains the VIP prior to the change, and newVIP contains the VIP after the change.

iveNetManagementInterfaceDownTrap (nicEvent)

Supplies the type of event that brought down the management port. The nicEvent parameter can contain values of “external” for an external event and “admin” for an administrative action.

iveClusterDelete(nodeName)

Supplies the name of the node on which the cluster delete event was initiated.

Related Topics