Log Collection: Configure SNMP Event Sources

Document created by RSA Information Design and Development on Sep 11, 2017Last modified by RSA Information Design and Development on Sep 12, 2018
Version 12Show Document
  • View in full screen mode
 

This topic tells you how to configure the SNMP collection protocol.

Configure the SNMP Trap Event Source

To add the SNMP Event Source:

Note: If you have previously added the snmptrap type, you cannot add it again. You can edit it, or manage users.

  1. Go to ADMIN > Services from the NetWitness Platform menu.
  2. Select a Log Collection service.
  3. Under Actions, select actions menu > View > Config to display the Log Collection configuration parameter tabs.
  4. Click the Event Sources tab.

    Event Sources tab is displayed.

  1. In the Event Sources tab, select SNMP/Config from the drop-down menu.
  2. In the Event Categories panel toolbar, click add icon.

    The Available Event Source Types dialog is displayed.

  3. Select the snmptrap event source type and click OK.

    The newly added event source type is displayed in the Event Categories panel.

  4. Select snmptrap in the Event Categories panel.
  5. Select snmptrap in the Sources panel and then click the Edit icon, edit icon, to edit the parameters.

  6. Update any of the parameters that you need to change and click OK.

(Optional) Configure SNMP Users

If you are using SNMPv3, follow this procedure to update and maintain the SNMP v3 users.

To configure SNMPv3 Users:

  1. Go to Admin > Services.

  2. In the Services grid, select a Log Collector service.

  3. Click actions menu under Actions and select View > Config.

  4. In the Log Collector Event Sources tab, select SNMP/SNMP v3 User Manager from the drop-down menu.

    The SNMPv3 User panel is displayed with the existing users, if any.

  5. Click add icon to open the Add SNMP User dialog.

  6. Fill in the dialog with the necessary parameters. The available parameters are described below.

SNMP User Parameters

The following table describes the parameters that you need to enter when you create an SNMPv3 user.

Note: Required parameters are marked with an asterisk. All other parameters are optional.

                                           
ParameterDescription

Username *

User name (or more accurately in SNMP terminology, security name). NetWitness Platform uses this parameter and the Engine ID parameter to create a user entry in the SNMP engine of the collection service.

The Username and Engine ID combination must be unique (for example, logcollector).

Engine ID

(Optional) Engine ID of the event source. For all event sources sending SNMP v3 traps to this collection service, you must add the username and engine id of the sending event source.

For all event sources sending SNMPv3 informs, you must add just the username with a blank engine id.

Authentication
Type

(Optional) Authentication protocol. Valid values are as follows:

  • None (default) - only security level of noAuthNoPriv can be used for traps sent to this service

  • SHA - Secure Hash Algorithm

  • MD5 - Message Digest Algorithm

    IMPORTANT: DO NOT USE: do not select MD5, as it conflicts with the Log Collector running in FIPS mode.

Authentication
Passphrase

Optional if you do not have the Authentication Type set. Authentication passphrase.

Privacy Type

(Optional) Privacy protocol. You can only set this parameter if Authentication Type parameter is set. Valid values are as follows:

  • None (default)

  • AES - Advanced Encryption Standard

  • DES - Data Encryption Standard

    IMPORTANT: DO NOT USE: do not select DES, as it conflicts with the Log Collector running in FIPS mode.

Privacy
Passphrase

Optional if you do not have the Privacy Type set. Privacy passphrase.

Close

Closes the dialog without adding the SNMPv3 user or saving modifications to the parameters.

Save

Adds the SNMPv3 user parameters or saves modifications to the parameters.

You are here
Table of Contents > Collection Protocols > Log Collection: Configure SNMP Event Sources

Attachments

    Outcomes