How can I monitor the SecureSphere appliances via SNMP for builds 6230 and higher?

1.    Login via SSH as root and run command: service snmpd restart
       If snmpd has started and running (use ps -ef|grep snmpd), skip installation steps 2 and 3.
2.    Please install the attached packages in this order with the following commands (only when step 1 ends up with failing to start snmp daemon):

      rpm -ivh ./lm_sensors-2.10.0-3.1.i386.rpm
 
      rpm -ivh ./net-snmp-5.3.1-24.el5_2.1.i386.rpm

      rpm -ivh ./net-snmp-utils-5.3.1-24.el5_2.1.i386.rpm

      rpm -ivh --force ./net-snmp-libs-5.3.1-24.el5_2.1.i386.rpm

3.    /etc/init.d/snmpd start

4.    chkconfig --list | grep snmpd

5.    chkconfig --level 3  snmpd on

6.    chkconfig --level 4  snmpd on

7.    chkconfig --level 5  snmpd on

8.   chkconfig –list | grep snmpd  (check that level 3,4,5 are ON)

 
Configure /etc/snmp/snmpd.conf and customize based on the needs.  You can use net-snmp-config command to configure version 3 options.
 
Some useful snmp commands:
 
snmpget -v 1 localhost -c public sysUpTime.0

There are many mib counters for data collection current version of SNMP agent (net-snmp) available in SecureSphere.  You can point any SNMP monitoring software to collect data from those mibs.  All mibs are available in directory: /usr/share/snmp/mibs directory in MX. Also, there are not many SNMP trap options available out of the box.
 
From a configuration perspective, edit /etc/snmp/snmpd.conf and comment these lines.  This would allow snmp manager to pull all mibs (removes all restrictions):
 
#view    systemview    included   .1.3.6.1.2.1.1
#view    systemview    included   .1.3.6.1.2.1.25.1.1
 
and add a line below:
 
view    systemview    included   .1
 
Run command:
 
service snmpd stop
service snmpd start
 
To run the agent.  
 
Use command: snmpwalk -v 2c localhost -c public
to verify/list all available mibs/counters.
 
Users can write own scripts to use these mibs and traps.
 
Available traps are:
 
snmp agent warm start, cold start, snmp authentication failure – Refer /usr/share/snmp/mibs/snmpv2-mibs.txt
NIC related traps, If up, If down, etc – Refer /usr/share/snmp/mibs/IF-MIB.txt
 
SNMP agent can be started/stopped by command: service snmpd start/stop

Comments:
 
In case you upgraded from previous Secure sphere builds and have already SNMP packages installed.

1. rpm -e --nodeps net-snmp-..... (need to remove net-snmp,net-snmp-libs,net-snmp-utils) 
2. Copy attached rpm to appliance via winscp 
3. Install rpms via "rpm -ihv --nodeps net-snmp" 
4. Follow step 4-9 as described above.
 
In case you are trying to install the files on the 6442 build and receive the following error:
 
[root@localhost snmp]# rpm -ihv  net-snmp-5.3.1-24.el5_2.1.i386.rpm
warning: net-snmp-5.3.1-24.el5_2.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
error: Failed dependencies:
        libcrypto.so.6 is needed by net-snmp-5.3.1-24.el5_2.1.i386
 
 
Please run the command with "--nodeps" switch as shown in  example below:
 
rpm -ihv --nodeps net-snmp-5.3.1-24.el5_2.1.i386.rpm