SNMP

The equipment can be monitored using protocol SNMP v2c. The HSM sends traps (unsolicited notifications) on the occurrence of certain events, which can be directed to a standard SNMP collector. The HSM also responds to messages from Getaccording to the list of supported OIDs.

Info

SNMP Set operations are not supported.

HSM has specific and proprietary OIDs under the entry .1.3.6.1.4.1.41054 (.iso.org.dod.internet.private.enterprises.dinamonetworks) in the MIB tree, defined in the proprietary MIB file. An OID is used for traps and another for Gets. IANA entry 41054 is registered to Dinamo Networks.

The SNMP configuration parameters via the console are:

Sys Contact: information returned by the HSM in the standard SNMP Get message with OID .1.3.6.1.2.1.1.4 (mib 2 system group, see below). The registered information is free text chosen by the operator, and as recommended by the SNMP standard, the purpose of this OID is: The textual identification of the contact person for this managed node, together with information on how to contact this person.
Sys Location: information returned by the HSM in the standard SNMP Get message with OID .1.3.6.1.2.1.1.6 (mib 2 system group, see below). The information entered is free text chosen by the operator, and as recommended by the SNMP standard, the purpose of this OID is: The physical location of this node (e.g.,'telephone closet,^3rd floor').
Trap Community Name: name of the SNMP community exclusively for sending traps. This name is only used for pairing in the protocol.
Trap Targets: the list of IP addresses to which the traps generated by the HSM should be sent. Up to 04 targets can be configured.

All the Get information returned by the HSM is non-sensitive or non-critical information and most of it is also available on the About screen of the Local Console, displayed before any operator authentication.

Gets are answered on HSM UDP port 161 and traps are sent to targets on UDP port 162.

Info

The SNMP community for Get is always public.

The formal definition of the HSM's proprietary OIDs is in the file Dinamo-MIB .txt.

The HSM responds to the Gets of the MIB-2 standard, including the groups:

system:

OID	name	value
.1.3.6.1.2.1.1.1	sysDescr	Text consisting of the HSM model and serial number, firmware version, hardware profile and TPKEY ID.
.1.3.6.1.2.1.1.2	sysObjectID	Text `hsm`literal.
.1.3.6.1.2.1.1.3	sysUpTime	Time elapsed since the HSM was switched on.
.1.3.6.1.2.1.1.4	sysContact	Text with the information registered in the HSM Console, see above.
.1.3.6.1.2.1.1.5	sysName	HSM serial number.
.1.3.6.1.2.1.1.6	sysLocation	Text with the information registered in the HSM Console, see above.

interfaces
ip
icmp
tcp
udp
snmp
host resources

The proprietary OIDs to which HSM responds Get are described in the table below. They are those below .1.3.6.1.4.1.41054 or .iso.org.dod.internet.private.enterprises.dinamonetworks.

OID	name	value
.1.3.6.1.4.1.41054.1.1.2.0.1	hsmUpTime	Time elapsed since the HSM was switched on.
.1.3.6.1.4.1.41054.1.1.2.0.2	cpuLoadAverage	Instant CPU consumption measured at the time of Get.
.1.3.6.1.4.1.41054.1.1.2.0.3	totalMemory	Total HSM memory in percent, fixed value: `100`.
.1.3.6.1.4.1.41054.1.1.2.0.4	usedMemory	Percentage of instantaneous use of physical memory.
.1.3.6.1.4.1.41054.1.1.2.0.7	hsmCryptoBattery	Percentage of charge in the safe zone of the tamper supervisor circuit battery.
.1.3.6.1.4.1.41054.1.1.2.0.8	diskBockSize	Size in bytes of the individual block of the HSM storage system.
.1.3.6.1.4.1.41054.1.1.2.0.9	diskBlockCount	Counting individual blocks of the storage system.
.1.3.6.1.4.1.41054.1.1.2.0.10	diskFreeBlockCount	Counting unused individual blocks in the storage system.
.1.3.6.1.4.1.41054.1.1.2.0.11	hsmTamperingState	HSM tamper status.
.1.3.6.1.4.1.41054.1.1.2.0.12	hsmNodeAlias	Alias chosen by the operator for the HSM. The alias is defined in the local console.
.1.3.6.1.4.1.41054.1.1.2.0.13	usrCount	Counting partitions in HSM.
.1.3.6.1.4.1.41054.1.1.2.0.14	objCount	Counting objects in the HSM (on all partitions).
.1.3.6.1.4.1.41054.1.1.2.0.15	slbeLen	Database size (in units of 4kb).
.1.3.6.1.4.1.41054.1.1.2.0.16	logSize	Log file size (in bytes).
.1.3.6.1.4.1.41054.1.1.2.0.17	atokenCacheCount	Number of a-tokens cached.
.1.3.6.1.4.1.41054.1.1.2.0.18	memTotal	Usable RAM (100%).
.1.3.6.1.4.1.41054.1.1.2.0.19	memAvailable	Estimated available memory (%).
.1.3.6.1.4.1.41054.1.1.2.0.20	memBuffers	Raw blocks on disk (%).
.1.3.6.1.4.1.41054.1.1.2.0.21	memCached	Memory cache (%)
.1.3.6.1.4.1.41054.1.1.2.0.22	memActive	Recent recallable memory, unless absolutely necessary (%).
.1.3.6.1.4.1.41054.1.1.2.0.23	memInactive	Old recallable memory, unless absolutely necessary (%).
.1.3.6.1.4.1.41054.1.1.2.0.24	anonPages	Memory pages mapped in userspace tables (%).
.1.3.6.1.4.1.41054.1.1.2.0.25	shMem	Memory consumed in IPC (%).
.1.3.6.1.4.1.41054.1.1.2.0.26	kernelSlab	(Slab) cache of kernel data structures (%).
.1.3.6.1.4.1.41054.1.1.2.0.27	kernelSReclaimable	Part of the slab that can be retrieved, such as caches (%).
.1.3.6.1.4.1.41054.1.1.2.0.28	sessionCount	Counting user sessions.

The events that can generate traps in HSM are:

Creating a private key
Destruction of a private key
Service start
Service stop
Automatic service recovery
Use of smart cards
HSM shutdown
HSM reboot
HSM database reset
Authentication failure
Changing user permissions
User creation
User removal
Backup file generation
Restoring a backup file
Firmware update
Private key export
Private key import
Lock in the local HSM console
Unlock in the local HSM console
Failure in the log subsystem(Broken Log)
Replication, Busy return
Replication, return from Peer Not Synced
Replication, return of Cannot Peer to Peer
Replication, return from Storage Layer Failure
Replication, return from Cannot Validate Event
Replication, Transaction Mismatch return
Replication, return from Database Live Sync Error
Replication, Transaction Log Error return
Replication, return from Cannot Start Manager