Configure SNMP Event Sources

Document created by RSA Information Design and Development on Sep 11, 2017Last modified by RSA Information Design and Development on Oct 12, 2017
Version 7Show Document
  • View in full screen mode
  

This topic tells you how to configure the SNMP collection protocol.

Configure the SNMP Trap Event Source

To add the SNMP Event Source:

Note: If you have previously added the snmptrap type, you cannot add it again. You can edit it, or manage users.

  1. Go to ADMIN> Services from the NetWitness Suite menu.
  2. Select a Log Collection service.
  3. Under Actions, select > View > Config to display the Log Collection configuration parameter tabs.
  4. Click the Event Sources tab.

    Event Sources tab is displayed.

  1. In the Event Sources tab, select SNMP/Config from the drop-down menu.
  2. In the Event Categories panel toolbar, click .

    The Available Event Source Types dialog is displayed.

  3. Select the snmptrap event source type and click OK.

    The newly added event source type is displayed in the Event Categories panel.

  4. Select snmptrap in the Event Categories panel.
  5. Select snmptrap in the Sources panel and then click the Edit icon, , to edit the parameters.

  6. Update any of the parameters that you need to change and click OK.

(Optional) Configure SNMP Users

If you are using SNMPv3, follow this procedure to update and maintain the SNMP v3 users.

Configure SNMP v3 Users

  1. Go to Admin > Services.

  2. In the Services grid, select a Log Collector service.

  3. Click under Actions and select View > Config.

  4. In the Log Collector Event Sources tab, select SNMP/SNMP v3 User Manager from the drop-down menu.

    The SNMP v3 User panel is displayed with the existing users, if any.

  5. Click to open the Add SNMP User dialog.

  6. Fill in the dialog with the necessary parameters. The available parameters are described below.

SNMP User Parameters

The following table describes the parameters that you need to enter when you create an SNMP v3 user.

                                           
ParameterDescription

Username *

User name (or more accurately in SNMP terminology, security name). NetWitness Suite uses this parameter and the Engine ID parameter to create a user entry in the SNMP engine of the collection service.

The Username and Engine ID combination must be unique (for example, logcollector).

Engine ID

(Optional) Engine ID of the event source. For all event sources sending SNMP v3 traps to this collection service, you must add the username and engine id of the sending event source.

For all event sources sending SNMPv3 informs, you must add just the username with a blank engine id.

Authentication
Type

(Optional) Authentication protocol. Valid values are as follows:

  • None (default) - only security level of noAuthNoPriv can be used for traps sent to this service

  • SHA - Secure Hash Algorithm

  • MD5 - Message Digest Algorithm DO NOT USE: do not select MD5, as it conflicts with the Log Collector running in FIPS mode.

Authentication
Passphrase

Optional if you do not have the Authentication Type set. Authentication passphrase.

Privacy Type

(Optional) Privacy protocol. You can only set this parameter if Authentication Type parameter is set. Valid values are as follows:

  • None (default)

  • AES - Advanced Encryption Standard

  • DES - Data Encryption Standard DO NOT USE: do not select DES, as it conflicts with the Log Collector running in FIPS mode.

Privacy
Passphrase

Optional if you do not have the Privacy Type set. Privacy passphrase.

Close

Closes the dialog without adding the SNMP v3 user or saving modifications to the parameters.

Save

Adds the SNMP v3 user parameters or saves modifications to the parameters.

You are here
Table of Contents > Collection Protocols > Configure SNMP Event Sources

Attachments

    Outcomes