000038677 - How To Configure SNMPv3 On NetWitness Hosts for Monitoring by a Network Management Software

Document created by RSA Customer Support Employee on Apr 14, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038677
Applies ToRSA Product Set: NetWitness Platform
RSA Product/Service Type: Core Appliances
RSA Version/Condition: 11.x
IssueHow to configure SNMP on NetWitness Hosts, create an SNMPv3 user and run an SNMPWalk to test the SNMP functionality. 
Resolution You can follow the steps below to enable SNMP, create SNMPv3 user and run an SNMPWalk to test on an NW Hosts.
  1. Verify iptables for SNMP access and that the customer is allowing it on any other internal firewall.    This is required for SNMP to work.
    (You may reference KB 37864 - https://community.rsa.com/docs/DOC-106839)
     

    #iptables -L --line-numbers       ===this would list out the rules with line numbers
    # service iptables save
    # cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup.$(date +"%Y%m%d_%H%M")     ===to make a backup of the iptables
    #iptables -I INPUT <line number before the drop line> -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT     ===port for SNMP 
    #iptables -I INPUT <line number before the drop line> -p udp -m state --state NEW -m udp --dport 162 -j ACCEPT     ===port for SNMPTRAP

  2. Restart iptables if modified.

    #service iptables restart
    #iptables -L --line-numbers       ===to confirm and verify iptables edited

  3. Stop snmpd if the service is running.

    #service snmpd status
    #service snmpd stop

  4. Configure snmpd to start at boot.

    #chkconfig snmpd on

  5. Create a new SNMP v3 user account (-A sets authentication password, -X encryption password). On the second example, SHA1 is used for the authentication and AES for the encryption of the traffic. You may change the algorithms if needed.
    e.g. 
    net-snmp-create-v3-user -A snmppassword -X snmppassword -x AES -a SHA snmpadmin
    -or-  
    net-snmp-create-v3-user -ro -A snmppassword -X snmppassword -a SHA -x AES snmpadmin2
    -or-
    net-snmp-create-v3-user -e ENGINEID -a snmppassword -x snmppassword -X AES -A SHA snmpadmin2

    Note: When it runs successfully, the following output will be returned.
    adding the following line to /var/lib/net-snmp/snmpd.conf:

    createUser snmpadmin MD5 " snmppassword " DES snmppassword
    adding the following line to /etc/snmp/snmpd.conf:
       rwuser snmpadmin
    ---------
    net-snmp-create-v3-user -ro -A snmppassword -X snmppassword -a SHA -x AES snmpadmin2


    Sample creating user with '-ro' option:

    [root@concen1 mibs]# net-snmp-create-v3-user -ro -A snmppassword -X snmppassword -a SHA -x AES snmpadmin2
    adding the following line to /var/lib/net-snmp/snmpd.conf:
       createUser snmpadmin2 SHA "snmppassword" AES snmppassword
    adding the following line to /etc/snmp/snmpd.conf:
       rouser snmpadmin2

          
  6. Open /etc/snmp/snmpd.conf and uncomment "master agentx".

    #vi /etc/snmp/snmpd.conf

  7. Change rwuser to rouser for the created user.  (if the command to create user was run without the '-ro' option)#vi /etc/snmp/snmpd.conf

    #vi /etc/snmp/snmpd.conf


    e.g. From 'rwuser snmpadmin' to 'rouser snmpadmin'
     
  8. Start snmpd.

    #service snmpd start

  9. Restart SA core services on the host being configured (stop capture or aggregation before restart).
    e.g. 'restart nwappliance', 'restart nwdecoder', 'restart nwconcentrator'..., 
     

    #systemctl restart nwappliance
    #systemctl restart nwdecoder
    #systemctl restart nwconcentrator

  10. Run snmpwalk to confirm

    #snmpwalk -v3 -a SHA -A snmppassword -u snmpadmin2 -x AES -X snmppassword -m "/usr/share/snmp/mibs/NETWITNESS-MIB.txt"  -l authNoPriv localhost .1.3.6.1.4.1.36807


    Sample output:

    [root@pdec1 ~]# snmpwalk -v3 -a SHA -A snmppassword -u snmpadmin2 -x AES -X snmppassword -m "/usr/share/snmp/mibs/NETWITNESS-MIB.txt"  -l authNoPriv localhost .1.3.6.1.4.1.36807
    NETWITNESS-MIB::nwDecoderNodeIndex.0 = INTEGER: 0
    NETWITNESS-MIB::nwDecoderNodeIndex.1 = INTEGER: 1
    NETWITNESS-MIB::nwDecoderNodeIndex.2 = INTEGER: 2
    NETWITNESS-MIB::nwDecoderNodeIndex.3 = INTEGER: 3
    NETWITNESS-MIB::nwDecoderNodeIndex.4 = INTEGER: 4
    NETWITNESS-MIB::nwDecoderNodeIndex.5 = INTEGER: 5
    NETWITNESS-MIB::nwDecoderNodeIndex.6 = INTEGER: 6
    NETWITNESS-MIB::nwDecoderNodeIndex.7 = INTEGER: 7
    NETWITNESS-MIB::nwDecoderNodeIndex.8 = INTEGER: 8
    NETWITNESS-MIB::nwDecoderNodeIndex.9 = INTEGER: 9
    NETWITNESS-MIB::nwDecoderNodeIndex.10 = INTEGER: 10
    NETWITNESS-MIB::nwDecoderNodeIndex.11 = INTEGER: 11
    ...
    ...

    --------

Notes--------Other Useful Links to Reference for SNMP Configurations on NetWitness Hosts--------

Enable SNMP on NW Host via System>Host Tasks.
Host GS: Hosts and Services Maintenance Procedures -- https://community.rsa.com/docs/DOC-110328#Set4

---
Article to Configure SNMP on NW Hosts
KB 26697: How to enable SNMP in OS on RSA NetWitness Platform -- https://community.rsa.com/docs/DOC-45725

---
Using SNMP Traps
You can monitor a NetWitness Platform component to proactively send alerts, using Simple Network Management Protocol (SNMP) that is based on thresholds or system failures.

You can monitor the following for NetWitness Platform components: 
  • CPU utilization that reaches a defined threshold
  • Memory utilization that reaches a defined threshold
  • Disk utilization that reaches a defined threshold

SNMP Configuration:
NetWitness Servers can be configured to send out SNMPv3 threshold traps and monitor traps. Threshold traps are sent in conjunction with node thresholds that are configured by the NetWitness Platform Core applications. Monitor traps are sent by the SNMP daemon for the items that are indicated in the SNMP configuration file. You must set up the SNMP daemon on another service to receive SNMP traps from NetWitness Platform. You can set up SNMP on NetWitness Platform in the configuration setting for the NetWitness Server. For more information, see "Service Configuration Settings" in the NetWitness Platform Host and Services Getting Started Guide for a specific type of host.

Sys Maintenance: Monitor Health and Wellness Using SNMP Alerts -- https://community.rsa.com/docs/DOC-80264

KB 26855: How to configure SNMP traps in RSA NetWitness Platform -- https://community.rsa.com/docs/DOC-67095
---
How to add FW rules for ports 161 and port 162 for SNMP to work on NW Hosts on 11.x
KB Article 37864: How to write iptable rules in NetWitness Platform 11.X appliances -- https://community.rsa.com/docs/DOC-106839

----------------------
System Logging Configurations (Parameters for SNMPV3)
Host GS: Core Service Logging Configuration -- https://community.rsa.com/docs/DOC-84813
 

Attachments

    Outcomes