Solved: SNMP monitoring (Poll or Traps) for certificate expiry warnings, date or valid period on ISE v2

danostergren · ‎06-14-2021

Hi,

We are trying to figure out if there is a way to monitor certificate valid period / expiry date via SNMP on ISE v2.

From earlier posts this kind of monitoring seems to usually be done via SMTP or syslog. However, this solution is not preferable with the monitoring system that is implemented today.

Therefore, we are looking for a way this could be handled with SNMP, either access-able MIB for poll or if any trap option could be used for warnings, retrieval of valid period or expiry date.

Does anyone know if SNMP is an option/does allow for this kind of monitoring?

BR Dan

Greg Gibbs · ‎06-15-2021

See the following post for info on which MIBs are supported for polling.

Monitoring ISE health using SNMP Polling

None of these MIBs would have access into the ISE application database where the certificates are stored, so polling for certificate info is not currently possible.

View solution in original post

Greg Gibbs · ‎06-15-2021

See the following post for info on which MIBs are supported for polling.

Monitoring ISE health using SNMP Polling

None of these MIBs would have access into the ISE application database where the certificates are stored, so polling for certificate info is not currently possible.

Arne Bier · ‎06-16-2021

The best hope you have here is to enable email alerting. To be honest, as primitive as it may sound, it's quite effective, as long as someone actually reads those emails and acts on them. Then again, the same point applies to monitoring and acting on the barrage of SNMP and SYSLOG events.