Alerting

Deployment and Installation Center | Web and Email Security Solutions | Version 7.8.x

Applies to:

In this topic

Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.8.x

Email Security Gateway and Email Security Gateway Anywhere, v7.8.x

V10000 G2, V10000 G3, and V5000 G2, v7.8.x

Enable SNMP polling (monitoring)

Enable SNMP traps

Enable specific alerts

Use the Configuration > Alerting page to enable and configure SNMP alerting.

There are 2 methods of SNMP alerting that you can enable on the Setup tab:

Allow your SNMP manager to poll the appliance for standard SNMP counters (see Enable SNMP polling (monitoring)).

Configure the appliance to send SNMP traps for selected events to your SNMP manager (see Enable SNMP traps).

After enabling the SNMP trap server on the appliance, use the Alerts tab to configure which events cause a trap to be sent. See Enable specific alerts.

Enable SNMP polling (monitoring)

Under Monitoring Server, click On.

Select the SNMP version (v1, v2c, or v3) used in your network.

With SNMP v1 and v2c, a suffix (-wcg, -wws, -na, or -esg) is appended to the community name to indicate the originating module for the counter.

With SNMP v3, you can specify the context name (WCG, WWS, NA, or ESG) to poll counters for each module.

If you selected v1 or v2c, provide the Community name for the appliance, and then click OK.

You have completed your SNMP monitoring configuration.

If you selected v3, select the Security level (None, Authentication only, or Authentication and Encryption) used in your network, and the User name to associate with SNMP communication.

If you selected a security level that includes authentication, also enter the Password for the selected user name, then select the Authentication protocol (MD5 or SHA).

If you selected authentication and encryption, select the Encryption protocol (DES or AES), and then enter and confirm the Encryption key used for encryption.

Click OK to implement your changes.

Enable SNMP traps

Before enabling the appliance to send SNMP traps, download the appliance MIB file using the link in the Trap Server section of the Configuration > Alerting page. The MIB file must be installed in your SNMP manager before it can interpret traps sent by the appliance.

When you are ready for the appliance to start sending SNMP traps:

Under Trap Server, click On, and then select the SNMP version (v1, v2c, or v3) used in your network.

For SNMP v1 or v2c, provide the following information:

The Community name to associate with traps sent by the appliance

The IP address and port used by your SNMP manager

To verify your configuration, click Send Test Trap. If the test trap succeeds, click OK to apply and save your changes. See Enable specific alerts to configure which events cause a trap to be sent.

If there is a problem sending the test trap, verify the community name, IP address, and port, and make sure that the network allows communication between the appliance C interface and the SNMP manager.

For SNMP v3, enter the Engine ID and IP address of your SNMP manager, as well as the Port used for SNMP communication.

Select the Security level (None, Authentication only, or Authentication and Encryption) used in your network, and the User name to associate with SNMP communication.

If you selected a security level that includes authentication, also enter and confirm the Password for the selected user name, then select the Authentication protocol (MD5 or SHA).

If you selected authentication and encryption, select the Encryption protocol (DES or AES), and then enter the Privacy password used for encryption.

To verify your configuration, click Send Test Trap. If the test trap succeeds, click OK to implement your changes. See Enable specific alerts to configure which events cause a trap to be sent.

If there is a problem sending the test trap, verify the community name, IP address, and port, and make sure that the network allows communication between the appliance and the SNMP manager.

Enable specific alerts

The appliance can send traps for each of its modules: Appliance Controller, Websense Content Gateway, Websense Web Security, Network Agent, and Email Security Gateway. The Alerts tab of the Configuration > Alerting page lists the alerts associated with only the modules that you have enabled.

A table for each module lists:

The hardware or software Event that triggers the alert (for example, a network interface link going down or coming up, or a Websense service stopping).

The Threshold, if applicable, that defines the alert condition (for example, CPU usage exceeding 90%, or free disk space reaching less than 10% of the total disk size).

The Type of alert (system resource or operational event).

Whether or not an SNMP trap is sent when the event occurs or the threshold is reached.

To enable all alerts for a module, select the check box next to SNMP in the table header. All check boxes in the column are selected.

Otherwise, mark the check box next to an event name to enable SNMP alerts for that event. To disable alerts for an event, clear the associated check box.

Time-based thresholds: Most of the events that have a configurable threshold also have a configurable time-based threshold, specified in minutes. When the time-based threshold is set and both thresholds are exceeded, an alert is sent. To enable time-based thresholds, select the Enable time-based thresholds check box at the top of the page. The time-based threshold is enabled on every event for which it is configurable.

Event-cleared alerts: In addition to generating event condition alerts, you can configure alerts to be sent when conditions return below the threshold. These are called event-cleared alerts. To enable event-cleared alerts, select the Generate event-cleared alerts check box at the top of the page.

The following events do not generate event-cleared alerts:

Hostname change

IP address change

Scheduled backup failure

SNMP authentication failure

When you have finished configuring alerts, click OK to implement the changes.

Proceed next to Configuring Web Security components.