Cryptographic Security Platform exposes the following Management Information Bases (MIBs) to SNMP (Simple Network Management Protocol) managers.

MIB object identifier 

MIB object description

MIB object path

SNMPv2-MIB::system

System information (e.g., uptime)

.1.3.6.1.2.1.1

UCD-SNMP-MIB::systemStats

CPU statistics

.1.3.6.1.4.1.2021.11

UCD-SNMP-MIB::memory

Memory usage

.1.3.6.1.4.1.2021.4

UCD-SNMP-MIB::laTable

Load averages

.1.3.6.1.4.1.2021.10

HOST-RESOURCES-MIB::hrFSTable

File system table

.1.3.6.1.2.1.25.3.8

HOST-RESOURCES-MIB::hrSystem

Host system info

.1.3.6.1.2.1.25.1

IF-MIB::ifTable

Network interface table

.1.3.6.1.2.1.2.2

For an SNMP manager to consume this information, you must enable at least one of the following SNMP authentication methods.

As explained in Required ports for incoming traffic, the SNMP port must be open to incoming traffic.

Enabling SNMP access

To enable access to the SNMP service, run the following command on each Cryptographic Security Platform node.

sudo systemctl enable --now snmpd

Configuring SNMPv2c authentication

Configuring SNMPv2c authentication requires performing the following steps on each Cryptographic Security Platform node. 

To configure SNMPv2c authentication on a node

  1. Run the following command to edit the SNMP configuration file. 
    sudo vi /etc/snmp/snmpd.conf
  2. Find the following line.  
    # rocommunity <PASSWORD> default -V systemonly
  3. Remove # and change <PASSWORD>  with a secure password – for example: 
    rocommunity MySecret default -V systemonly
  4. Save the file changes.
  5. Run the following command to restart the snmpd service.
    sudo systemctl restart snmpd

Configuring SNMPv3 authentication

Configuring SNMPv3 authentication requires performing the following steps on each Cryptographic Security Platform node. 

To configure SNMPv3 authentication on a node

  1. Stop the snmpd service. 
    sudo systemctl stop snmpd
  2. Create a user. 
    sudo net-snmp-create-v3-user -a SHA -x AES -ro
  3. When prompted, enter a name and password for the new user.
  4. Run the following command to edit the SNMP configuration file. 
    sudo vi /etc/snmp/snmpd.conf
  5. Find a line with the "rouser <username>" content. For example, if the new user's name is "snmpser", find the following line. 
    rouser snmpuser
  6. Append "priv -V systemonly" to the line, for example: 
    rouser snmpuser priv -V systemonly
  7. Save the file changes.
  8. Restart the snmpd service. 
    sudo systemctl start snmpd