Breadcrumbs

Monitoring

The Monitoring tab and subtabs allow you to configure monitoring for the Hardware Appliance.

Syslog

Use this tab to configure interactions with external monitoring systems. Here you can specify a syslog server to which the syslog of Hardware Appliance should be sent. The syslog of the Hardware Appliance contains the syslog of all internal systems as well as the EJBCA audit log. The syslog will be shipped by UDP in unencrypted, unsigned traffic.

WebConf Monitoring Syslog.png


You have the following options:

Syslog target IP addresses:
Enter the IP address of the syslog server.

Add:
Select Add to add the syslog server with the specified IP address.

Simple Network Management Protocol

Use this tab to activate and configure Simple Network Management Protocol (SNMP) access to the Hardware Appliance. SNMP allows an external monitoring system to query the state (health) of the Hardware Appliance.

WebConf Monitoring SNMPv2.png




Your options in this tab depend on your selection for SNMP version:

SNMP Version:

Disabled:
Disables the SNMP daemon.

SNMPv2:
Enables SNMP with Community string authentication. You will see the SNMPv2 options.

SNMPv3:
Enables SNMP with various authentication options, including password and encryption. You will see the SNMPv3 options.
Note that SNMP v3 does not support traps.


SNMPv2 options:

Credentials:

Community:
The Community string for SNMP v2 authentication is mandatory. It must match the following rules:

  • length 4 and max. length 128 characters

  • Valid characters:

    • Lower case letters [a-z]

    • Upper case letters [A-Z]

    • Digits [0-9]

    • Minus sign: -

    • Underscore sign: _


SNMPv3 options:

SNMP v3 offers the following authentication options:

  • Username only

  • Username and Password

  • Username, Password, and Encryption.

The minimum requirement for authentication is Username. Combining it with Password and Encryption increases security.

WebConf Monitoring SNMPv3.png



Authentication:

Username:
The Username for SNMP v3 authentication is mandatory. It must match the same rules as the Community string for SNMPv2.

Method:
Supported authentication methods are None, SHA-1 and MD5.

Password:
The Password is mandatory for the authentication methods SHA-1 and MD5. It must match the following rules:

  • length 8 and max. length 64 characters

  • Valid characters:

    • ASCII characters only

    • No double quotation marks:

Encryption:

Method:
Supported encryption methods are None, AES, and DES.

Secret:
The Secret is mandatory for the encryption methods AES and DES. It must match the same rules as the Password.


Apply:
Select Apply to confirm your changes and enable/disable SNMP access.

Overview of SNMP Object Identifiers (OIDs)

All SNMP requests are combined in the public community. The Hardware Appliance will answer to the two standards MIBS SNMPv2-MIB and HOST-RESOURCES-MIB.
Additionally, the following parameters can be accessed with the following OIDs:

OID
Example Value


Value

.1.3.6.1.4.1.22408.1.1.2.1.2.118.109.1
Status of all VMs, 0 if all are running, 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.1.3.99.112.117.1
Temperature of the CPU


27

.1.3.6.1.4.1.22408.1.1.2.1.4.118.100.98.49.1
Database usage in %


2

.1.3.6.1.4.1.22408.1.1.2.1.4.118.100.98.50.1
1 if space for db exceeds 80% usage, 0 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.49.1
rpm of cpu fan


1025

.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.50.1
rpm of system fan 1


1126

.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.51.1
rpm of system fan 2


1028

.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.52.1
rpm of system fan 3


982

.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.53.1
0 if cpu fan ok, 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.1.4.102.97.110.54.1
0 if system fans are ok, 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.49.1
Load average of the system. Intervals are 1 min, 5 min, 15 min


0.19 0.10 0.06

.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.50.1
Load average of the system. Intervals is 1 min


0.19

.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.51.1
Load average of the system. Intervals is 5 min


0.10

.1.3.6.1.4.1.22408.1.1.2.1.5.108.111.97.100.52.1
Load average of the system. Intervals is 15 min


0.06

.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.49.1
Status of RAID, 0 if clean or active, 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.50.1
Status of RAID as string


clean

.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.51.1
Devices in RAID


Total Devices : 2

.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.52.1
Devices in RAID as int


2

.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.53.1
Devices active in RAID


Raid Devices : 2

.1.3.6.1.4.1.22408.1.1.2.1.5.114.97.105.100.54.1
Devices active in RAID as int


2

.1.3.6.1.4.1.22408.1.1.2.1.7.118.101.114.115.105.111.110.1
Version of PKI Appliance


PrimeKeyAppliance.2.3.0

.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.49.1
Local node ID


1

.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.50.1
Db cluster size


3

.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.51.1
Currently active nodes in db cluster


3

.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.52.1
Local db cluster (galera) state


4

.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.53.1
Local db cluster (galera) state as string


Synced

.1.3.6.1.4.1.22408.1.1.2.1.8.99.108.117.115.116.101.114.54.1
Last transaction ID


208

.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.101.49.1
EJBCA healthcheck as raw string


ALLOK

.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.101.50.1
EJBCA healthcheck returns 0 for "ALLOK", 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.115.49.1
Signserver healthcheck as raw string


ALLOK

.1.3.6.1.4.1.22408.1.1.2.1.8.104.101.97.108.116.104.115.50.1
Signserver healthcheck returns 0 for "ALLOK", 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.49.1
Status of HSM as string


STATUS_is_OPER

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.50.1
Enum of Status of HSM


0

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.51.1
Status of HSM, 0 if operational, 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.52.1
Battery voltage of HSM


3.100 V

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.53.1
Battery state, 0 if ok, 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.55.1
Battery voltage of external HSM battery


3.272 V

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.56.1
Battery state, 0 if ok or absent, 1 otherwise


0

.1.3.6.1.4.1.22408.1.1.2.2.4.104.115.109.54.1
Serial Number of HSM

CS445661



Alternatively, all OIDs can be reached by the following snmpwalk commands. Replace the IP address in each command with the one of your system:

# for the standard group
snmpwalk -v2c -On -c public 192.168.5.162
# for the system group
snmpwalk -v2c -On -c public 192.168.5.162 .1.3.6.1.4.1.22408.1.1.2.1
# for the HSM group
snmpwalk -v2c -On -c public 192.168.5.162 .1.3.6.1.4.1.22408.1.1.2.2