Symantec™ Security Gateways Reference Guide - Sawmill

108 Monitoring security gateway trafficNotificationsClientSometimes, a message sent by email or pager is not enough. Action may be needed immediately. Thesecurity gateway supports invoking a client application or script as a notification method. For example, youmay decide to shutdown a machine entirely, preventing all access until the administrator can fully assessthe situation, when a critical or emergency situation arises. For other situations, you may call a script toemail several people, instead of just one. If a client notification is configured, the security gateway calls thenamed program as it appears in the definition of the notification, and appends the date and contents of themessage text (including parameters) to the end of the command line.Information on configuring or modifying client notifications is found in your product’s administrator’sguide.SNMP notificationsThe Simple Network Management Protocol (SNMP) is a request/response protocol that communicatesmanagement information between applications and agents. SNMP provides support for traps, ornotifications, to advise an administration application when one or more conditions exist. Traps arenetwork packets that contain data about the host sending the trap.For SNMP managers to understand traps, the names of any device-specific variables to be exchanged mustbe agreed upon. These variable names are stored in the Management Information Base (MIB) of the agentand manager software. Although the appropriate MIB values for security gateway SNMP alerts are preconfigured,SNMP management stations that receive alerts from the security gateway must have thisinformation incorporated into their MIBs.The security gateway distribution CD-ROM includes MIB files for SNMPv1 and SNMPv2 alerts. Besidesconfiguring the MIB, the agent and manager must also agree upon how to verify that the traps aregenerated by the security gateway. The differences between SNMPv1 and SNMPv2 alerts are explained inthe following sections.SNMPv1 trapsSNMPv1 traps contain a community field, which is a text string holding a value agreed upon between amanager and the agents that it manages. The security gateway and any SNMPv1 managers with which itcommunicates must both be configured to accept the same community string. The administrator of theSNMP management station can assign a community value for the security gateway to use.Consult the SNMP management documentation for its configuration information. Configuration andmodification information for SNMPv1 traps is found in your product’s administrator’s guide.SNMPv2 trapsSNMPv2 traps contain object identifier (OID) values that represent the source and destination parties andtrap context. An OID is a sequence of integers separated by periods, such as 1.3.1.6.1.4. You can usedifferent privacy methods to hide the information in the trap as it crosses the network, and differentauthentication methods to ensure the identity of the trap originator.The security gateway supports only unauthenticated, non-private traps. However, the manager andsecurity gateway must still agree upon values for the source and destination parties and the trap context.The administrator can assign an OID to represent the security gateway (the source party) and tell you theOID that represents the management station (the destination party).The administrator should also assign an OID value for the trap context. The trap context must include bothInternet-defined MIB variables and security gateway-defined MIB variables. The snmpv2.mib file providesthe administrator with enough information to do this.Configuration and modification information for SNMPv2 traps is found in your product’s administrator’sguide.