Unsolved
This post is more than 5 years old
1 Message
0
3069
October 12th, 2015 08:00
FireEye Appliances and SNMP V3 AuthPriv traps
Being new to SMARTS, I have question regarding receiving SNMP traps from FireEye appliances. The FireEye appliances are configured for SNMP V3 AuthPriv (Authenticated and Encrypted SNMP) I can do a SNMP GET and SNMP GET-Next and can see the SNMP traffic. I have not been able to successfully receive a test trap from the FireEye Appliance. Does SMARTS need a special configuration to receive these SNMP V3 AuthPriv traps?
The command line I am using to send the test trap from the FIreEye appliance is:
snmp-server traps send-test
and
snmp-server notify send-test
Any help would be greatly appreciated.
No Events found!
dkeith55
6 Posts
0
October 13th, 2015 01:00
You need to add the v3 parameters to a seed file specified in the trap receiver on smarts.
Sent from my iPhone
dkeith55
6 Posts
0
October 13th, 2015 02:00
You'll also need to change the trap-receiver service to also read the
seedfile (and stop and start the service). I forget which manual specified
it, but the seedfile is the same format as the discovery seedfile.
Thanks,
Dave
On Tue, Oct 13, 2015 at 3:38 AM, cycleman
dkeith55
6 Posts
0
October 13th, 2015 19:00
Here is a sample line for the seedfile. This seedfile goes in
/opt/InCharge/SAM/smarts/local/conf/icoi
10.100.6.30 SNMPVERSION=V3 USER=wrnm_smarts AUTHPROTOCOL=SHA
AUTHPASS=PASSword1234!@ PRIVPROTOCOL=AES PRIVPASS=PASSword1234!@
ENGINEID=8000000b043030
3a31653a30623a64353a61653a3661
You also specify this or similar as the service command (this is unix)
sm_trapd --name=TRAP-INCHARGE-OI --server=INCHARGE-OI --config=icoi
--port=162 --model=sm_actions --rules=icoi-trapd/trap_mgr_parse.asl
--seed=seedfile --output=TRAP-INCHARGE-OI.log
Thanks
Dave
Thanks
Dave
On Tue, Oct 13, 2015 at 10:40 PM, cycleman