|Applies To||RSA Product Set: Security Analytics, NetWitness|
RSA Product/Service Type: Core Appliances
RSA Version/Condition: Security Analytics 10.x; NetWitness NextGen 9.6.x, 9.7.x, 9.8.x,10.x
Platform: CentOS, Fedora Core
Platform (Other): SNMP
O/S Version: FC9, EL5, EL6
|Issue||How to enable SNMP in RSA NetWitness NextGen 9.6 and above or in RSA Security Analytics.|
RSA NetWitness NextGen 9.6 introduced limited SNMP/MIB functionality, which is also present in RSA Security Analytics.
1. Ensure that the net-snmp package is installed on your system. If you are running CentOS (all Security Analytics 10.x appliances run on CentOS), it will already be installed.
2. Edit the /etc/snmp/snmpd.conf file and uncomment from the following line: #master agentx
3. Follow the appropriate step below based on your operating system. Issue the following command to confirm which operating system you are running: cat /etc/redhat-release
For steps on configuring SNMP traps for RSA NetWitness and RSA Security Analytics appliances, refer to the knowledgebase article How to configure SNMP traps in RSA NetWitness NextGen and RSA Security Analytics.
A common method for testing SNMP is to perform an snmpwalk. It is part of the net-snmp-utils package.
snmpwalk -v2c -Of -c netwitness 127.0.0.1
To test the NetWitness-specific MIB, issue the command below.
snmpwalk -v2c -Of -c netwitness 127.0.0.1 .188.8.131.52.4.1.36807
To display human readable text instead of numeric OIDs, follow the steps below.
SNMP sends data in the form of objects and each object is inherited to the main tree. Each line of snmpwalk has an address, which shows where each line belongs.
[root ~]# snmpwalk -v 2c -Of -c netwitness 127.0.0.1 .184.108.40.206.4.1.36807 | grep -i version
|Legacy Article ID||a59776|