Hello all:
We need to monitor via SNMP the Deep Security Appliance configured on our environment. According to the appliance, it send the events via SMP, so i assume i need to configure from my end a passive monitoring (receive the events instead of "ask for them"). i have the OID's and the Eventnames i should "check", but i have no idea how should implement this.
Is there a way to have some assistance on this?
regards.
Monitoring Deep Security 10.0 via SNMP
Re: Monitoring Deep Security 10.0 via SNMP
You'll want to implement snmptraps which is covered in https://assets.nagios.com/downloads/nag ... ios_XI.pdf.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Monitoring Deep Security 10.0 via SNMP
Thanks i have successfully configured the SNMP Traps, now i have the option available.
But i still cannot figure out how to add the new server.
Should i add the node as SNMP and then run the snmp trap wizard?
But i still cannot figure out how to add the new server.
Should i add the node as SNMP and then run the snmp trap wizard?
-
npolovenko
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: Monitoring Deep Security 10.0 via SNMP
@lpereira, Is your device already sending SNMP traps to the Nagios server? If so please upload the following log files in this ticket:
Do you have anything in unconfigured objects? Admin -> Unconfigured Objects
Code: Select all
/var/log/snmptt/snmptt.log
/var/log/snmptt/snmpttunknown.log
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Monitoring Deep Security 10.0 via SNMP
These are the steps i have followed so far:npolovenko wrote:@lpereira, Is your device already sending SNMP traps to the Nagios server? If so please upload the following log files in this ticket:Do you have anything in unconfigured objects? Admin -> Unconfigured ObjectsCode: Select all
/var/log/snmptt/snmptt.log /var/log/snmptt/snmpttunknown.log
1) I have downloaded and configured SNMP Traps plugin on the server
2 i have uploaded the MIB file (as a .txt extension)
3) i have checked the SMPTT has a "deep security" entry on the file.
4) i Added a "Generic Network Device" with the name and IP of the appliance i need to receive the Traps.
5) i tried to add the SNMP Trap service, but in step 3 i got a message saying that there are no monitoring options with SNMP traps for the device i selected. (attached is a screenshot)
6) i have nothing under Admin -> Unconfigured Objects And logs are empty.
I Need to know which steps i'm missing here..
You do not have the required permissions to view the files attached to this post.
Re: Monitoring Deep Security 10.0 via SNMP
To further troubleshoot this issue, we would need to see the SNMP configuration files and the MIB files from the server so can you run the following 3 commands as root.
Then post these 3 files so we can check the settings and the MIB files for any errors.
Also, run this as root and post the output to the ticket.
If you know what the Description of the OID the device is sending, add that to the post as well.
Thanks
Code: Select all
tar cvfz /tmp/snmp.tgz /etc/snmp/*
tar cvfz /tmp/sharesnmp.tgz /usr/share/snmp/mibs/*
tar cvfz /tmp/snmplog.tgz /var/log/snmptt/*Code: Select all
/tmp/snmp.tgz
/tmp/sharesnmp.tgz
/tmp/snmplog.tgzCode: Select all
ps -ef --cols=300Thanks
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitoring Deep Security 10.0 via SNMP
Attached are the files you asked for..tgriep wrote:To further troubleshoot this issue, we would need to see the SNMP configuration files and the MIB files from the server so can you run the following 3 commands as root.Then post these 3 files so we can check the settings and the MIB files for any errors.Code: Select all
tar cvfz /tmp/snmp.tgz /etc/snmp/* tar cvfz /tmp/sharesnmp.tgz /usr/share/snmp/mibs/* tar cvfz /tmp/snmplog.tgz /var/log/snmptt/*Also, run this as root and post the output to the ticket.Code: Select all
/tmp/snmp.tgz /tmp/sharesnmp.tgz /tmp/snmplog.tgzIf you know what the Description of the OID the device is sending, add that to the post as well.Code: Select all
ps -ef --cols=300
Thanks
also the output of the command
Code: Select all
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 May18 ? 00:00:01 /sbin/init
root 2 0 0 May18 ? 00:00:00 [kthreadd]
root 3 2 0 May18 ? 00:00:03 [migration/0]
root 4 2 0 May18 ? 00:00:04 [ksoftirqd/0]
root 5 2 0 May18 ? 00:00:00 [stopper/0]
root 6 2 0 May18 ? 00:00:00 [watchdog/0]
root 7 2 0 May18 ? 00:00:11 [migration/1]
root 8 2 0 May18 ? 00:00:00 [stopper/1]
root 9 2 0 May18 ? 00:00:01 [ksoftirqd/1]
root 10 2 0 May18 ? 00:00:00 [watchdog/1]
root 11 2 0 May18 ? 00:00:03 [migration/2]
root 12 2 0 May18 ? 00:00:00 [stopper/2]
root 13 2 0 May18 ? 00:00:01 [ksoftirqd/2]
root 14 2 0 May18 ? 00:00:00 [watchdog/2]
root 15 2 0 May18 ? 00:00:10 [migration/3]
root 16 2 0 May18 ? 00:00:00 [stopper/3]
root 17 2 0 May18 ? 00:00:01 [ksoftirqd/3]
root 18 2 0 May18 ? 00:00:00 [watchdog/3]
root 19 2 0 May18 ? 00:00:12 [events/0]
root 20 2 0 May18 ? 00:00:16 [events/1]
root 21 2 0 May18 ? 00:00:12 [events/2]
root 22 2 0 May18 ? 00:01:54 [events/3]
root 23 2 0 May18 ? 00:00:00 [events/0]
root 24 2 0 May18 ? 00:00:00 [events/1]
root 25 2 0 May18 ? 00:00:00 [events/2]
root 26 2 0 May18 ? 00:00:00 [events/3]
root 27 2 0 May18 ? 00:00:00 [events_long/0]
root 28 2 0 May18 ? 00:00:00 [events_long/1]
root 29 2 0 May18 ? 00:00:00 [events_long/2]
root 30 2 0 May18 ? 00:00:00 [events_long/3]
root 31 2 0 May18 ? 00:00:00 [events_power_ef]
root 32 2 0 May18 ? 00:00:00 [events_power_ef]
root 33 2 0 May18 ? 00:00:00 [events_power_ef]
root 34 2 0 May18 ? 00:00:00 [events_power_ef]
root 35 2 0 May18 ? 00:00:00 [cgroup]
root 36 2 0 May18 ? 00:00:00 [khelper]
root 37 2 0 May18 ? 00:00:00 [netns]
root 38 2 0 May18 ? 00:00:00 [async/mgr]
root 39 2 0 May18 ? 00:00:00 [pm]
root 40 2 0 May18 ? 00:00:00 [sync_supers]
root 41 2 0 May18 ? 00:00:00 [bdi-default]
root 42 2 0 May18 ? 00:00:00 [kintegrityd/0]
root 43 2 0 May18 ? 00:00:00 [kintegrityd/1]
root 44 2 0 May18 ? 00:00:00 [kintegrityd/2]
root 45 2 0 May18 ? 00:00:00 [kintegrityd/3]
root 46 2 0 May18 ? 00:00:04 [kblockd/0]
root 47 2 0 May18 ? 00:00:01 [kblockd/1]
root 48 2 0 May18 ? 00:00:05 [kblockd/2]
root 49 2 0 May18 ? 00:00:01 [kblockd/3]
root 50 2 0 May18 ? 00:00:00 [kacpid]
root 51 2 0 May18 ? 00:00:00 [kacpi_notify]
root 52 2 0 May18 ? 00:00:00 [kacpi_hotplug]
root 53 2 0 May18 ? 00:00:00 [ata_aux]
root 54 2 0 May18 ? 00:00:00 [ata_sff/0]
root 55 2 0 May18 ? 00:00:00 [ata_sff/1]
root 56 2 0 May18 ? 00:00:00 [ata_sff/2]
root 57 2 0 May18 ? 00:00:00 [ata_sff/3]
root 58 2 0 May18 ? 00:00:00 [ksuspend_usbd]
root 59 2 0 May18 ? 00:00:00 [khubd]
root 60 2 0 May18 ? 00:00:00 [kseriod]
root 61 2 0 May18 ? 00:00:00 [md/0]
root 62 2 0 May18 ? 00:00:00 [md/1]
root 63 2 0 May18 ? 00:00:00 [md/2]
root 64 2 0 May18 ? 00:00:00 [md/3]
root 65 2 0 May18 ? 00:00:00 [md_misc/0]
root 66 2 0 May18 ? 00:00:00 [md_misc/1]
root 67 2 0 May18 ? 00:00:00 [md_misc/2]
root 68 2 0 May18 ? 00:00:00 [md_misc/3]
root 69 2 0 May18 ? 00:00:00 [linkwatch]
root 72 2 0 May18 ? 00:00:00 [khungtaskd]
root 73 2 0 May18 ? 00:00:00 [kswapd0]
root 74 2 0 May18 ? 00:00:00 [ksmd]
root 75 2 0 May18 ? 00:00:27 [khugepaged]
root 76 2 0 May18 ? 00:00:00 [aio/0]
root 77 2 0 May18 ? 00:00:00 [aio/1]
root 78 2 0 May18 ? 00:00:00 [aio/2]
root 79 2 0 May18 ? 00:00:00 [aio/3]
root 80 2 0 May18 ? 00:00:00 [crypto/0]
root 81 2 0 May18 ? 00:00:00 [crypto/1]
root 82 2 0 May18 ? 00:00:00 [crypto/2]
root 83 2 0 May18 ? 00:00:00 [crypto/3]
root 90 2 0 May18 ? 00:00:00 [kthrotld/0]
root 91 2 0 May18 ? 00:00:00 [kthrotld/1]
root 92 2 0 May18 ? 00:00:00 [kthrotld/2]
root 93 2 0 May18 ? 00:00:00 [kthrotld/3]
root 94 2 0 May18 ? 00:00:00 [pciehpd]
root 96 2 0 May18 ? 00:00:00 [kpsmoused]
root 97 2 0 May18 ? 00:00:00 [usbhid_resumer]
root 98 2 0 May18 ? 00:00:00 [deferwq]
root 130 2 0 May18 ? 00:00:00 [kdmremove]
root 131 2 0 May18 ? 00:00:00 [kstriped]
root 164 2 0 May18 ? 00:00:00 [ttm_swap]
root 267 2 0 May18 ? 00:00:00 [scsi_eh_0]
root 268 2 0 May18 ? 00:00:00 [scsi_eh_1]
root 272 2 0 May18 ? 00:00:05 [mpt_poll_0]
root 273 2 0 May18 ? 00:00:00 [mpt/0]
root 274 2 0 May18 ? 00:00:00 [scsi_eh_2]
root 406 2 0 May18 ? 00:00:00 [kdmflush]
root 408 2 0 May18 ? 00:00:00 [kdmflush]
root 426 2 0 May18 ? 00:00:39 [jbd2/dm-0-8]
root 427 2 0 May18 ? 00:00:00 [ext4-dio-unwrit]
root 508 2 0 May18 ? 00:01:24 [flush-253:0]
root 510 1 0 May18 ? 00:00:00 /sbin/udevd -d
root 648 2 0 May18 ? 00:00:03 [vmmemctl]
root 834 2 0 May18 ? 00:00:00 [jbd2/sda1-8]
root 835 2 0 May18 ? 00:00:00 [ext4-dio-unwrit]
root 928 2 0 May18 ? 00:00:04 [kauditd]
root 1202 1 0 May18 ? 00:00:10 auditd
root 1224 1 0 May18 ? 00:00:07 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
dbus 1239 1 0 May18 ? 00:00:00 dbus-daemon --system
root 1290 1 0 May18 ? 00:00:00 /usr/sbin/sshd
root 1301 1 0 May18 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
ntp 1312 1 0 May18 ? 00:00:01 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root 1324 1312 0 May18 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root 1583 1 0 May18 ? 00:00:02 /usr/libexec/postfix/master
postfix 1594 1583 0 May18 ? 00:00:01 qmgr -l -t fifo -u
root 1596 1 0 May18 ? 00:00:09 /usr/sbin/httpd
nagios 1622 1 0 May18 ? 00:00:21 /usr/local/nagios/bin/npcd -d -f /usr/local/nagios/etc/pnp/npcd.cfg
ajaxterm 1654 1 0 May18 ? 00:01:12 python /usr/share/ajaxterm/ajaxterm.py --daemon --port=8022 --uid=ajaxterm
root 1728 1 0 May18 tty1 00:00:00 /sbin/mingetty /dev/tty1
root 1730 1 0 May18 tty2 00:00:00 /sbin/mingetty /dev/tty2
root 1732 1 0 May18 tty3 00:00:00 /sbin/mingetty /dev/tty3
root 1734 1 0 May18 tty4 00:00:00 /sbin/mingetty /dev/tty4
root 1736 1 0 May18 tty5 00:00:00 /sbin/mingetty /dev/tty5
root 1738 1 0 May18 tty6 00:00:00 /sbin/mingetty /dev/tty6
root 1742 510 0 May18 ? 00:00:00 /sbin/udevd -d
root 1743 510 0 May18 ? 00:00:00 /sbin/udevd -d
root 4507 1 0 May18 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql 4627 4507 1 May18 ? 01:07:14 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
nagios 4693 1 0 May18 ? 00:00:00 /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
apache 5479 1596 0 06:23 ? 00:04:54 /usr/sbin/httpd
postfix 7083 1583 0 15:18 ? 00:00:00 pickup -l -t fifo -u
root 8016 1 0 15:19 ? 00:00:00 crond
root 11142 1 0 May18 ? 00:00:04 /usr/sbin/snmptrapd -Lsd -p /var/run/snmptrapd.pid
root 13612 1596 0 May20 ? 00:00:00 perl -x /usr/share/thruk/thruk_auth
apache 13613 1596 0 May20 ? 00:00:02 /usr/sbin/httpd
apache 21771 1596 0 12:39 ? 00:01:25 /usr/sbin/httpd
root 23047 1290 0 15:39 ? 00:00:00 sshd: root@notty
root 23051 23047 0 15:39 ? 00:00:00 /usr/libexec/openssh/sftp-server
root 33825 8016 0 15:54 ? 00:00:00 CROND
root 33826 8016 0 15:54 ? 00:00:00 CROND
root 33827 8016 0 15:54 ? 00:00:00 CROND
root 33828 8016 0 15:54 ? 00:00:00 CROND
root 33829 8016 0 15:54 ? 00:00:00 CROND
root 33830 8016 0 15:54 ? 00:00:00 CROND
nagios 33831 33825 0 15:54 ? 00:00:00 /bin/sh -c /usr/bin/php -q /usr/local/nagiosxi/cron/perfdataproc.php >> /usr/local/nagiosxi/var/perfdataproc.log 2>&1
nagios 33833 33828 0 15:54 ? 00:00:00 /bin/sh -c /usr/bin/php -q /usr/local/nagiosxi/cron/eventman.php >> /usr/local/nagiosxi/var/eventman.log 2>&1
nagios 33838 33830 0 15:54 ? 00:00:00 /bin/sh -c /usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.php >> /usr/local/nagiosxi/var/sysstat.log 2>&1
nagios 33839 33831 0 15:54 ? 00:00:00 /usr/bin/php -q /usr/local/nagiosxi/cron/perfdataproc.php
nagios 33841 33826 0 15:54 ? 00:00:00 /bin/sh -c /usr/bin/php -q /usr/local/nagiosxi/cron/feedproc.php >> /usr/local/nagiosxi/var/feedproc.log 2>&1
nagios 33842 33829 0 15:54 ? 00:00:00 /bin/sh -c /usr/bin/php -q /usr/local/nagiosxi/cron/cmdsubsys.php >> /usr/local/nagiosxi/var/cmdsubsys.log 2>&1
nagios 33843 33827 0 15:54 ? 00:00:00 /bin/sh -c /usr/bin/php -q /usr/local/nagiosxi/cron/event_handler.php >> /usr/local/nagiosxi/var/event_handler.log 2>&1
nagios 33844 33833 0 15:54 ? 00:00:00 /usr/bin/php -q /usr/local/nagiosxi/cron/eventman.php
nagios 33845 33838 0 15:54 ? 00:00:00 /usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.php
nagios 33849 33842 0 15:54 ? 00:00:00 /usr/bin/php -q /usr/local/nagiosxi/cron/cmdsubsys.php
nagios 33850 33843 0 15:54 ? 00:00:00 /usr/bin/php -q /usr/local/nagiosxi/cron/event_handler.php
nagios 33851 33841 0 15:54 ? 00:00:00 /usr/bin/php -q /usr/local/nagiosxi/cron/feedproc.php
nagios 34285 82809 0 15:54 ? 00:00:00 /usr/local/nagios/libexec/check_icmp -H 172.29.80.21 -w 3000.0 80 -c 5000.0 100 -p 5
nagios 34304 82807 0 15:54 ? 00:00:00 /usr/local/nagios/libexec/check_icmp -H 172.29.60.10 -w 3000.0 80 -c 5000.0 100 -p 5
nagios 34306 82811 0 15:54 ? 00:00:00 /usr/local/nagios/libexec/check_icmp -H 172.30.220.247 -w 3000.0 80 -c 5000.0 100 -p 5
nagios 34312 82811 0 15:54 ? 00:00:00 /usr/local/nagios/libexec/check_nt -H 172.30.219.19 -s -p 12489 -v SERVICESTATE -l SQLSERVERAGENT -d SHOWALL
root 34313 114547 0 15:54 pts/0 00:00:00 ps -ef --cols=300
apache 45118 1596 0 10:13 ? 00:02:35 /usr/sbin/httpd
apache 47875 1596 0 07:21 ? 00:04:20 /usr/sbin/httpd
apache 58438 13613 0 May21 ? 00:00:02 /usr/bin/perl /usr/share/thruk/script/thruk_fastcgi.pl
apache 58651 13613 0 May21 ? 00:00:00 /usr/bin/perl /usr/share/thruk/script/thruk_fastcgi.pl
apache 58750 1596 0 07:36 ? 00:04:10 /usr/sbin/httpd
apache 63217 1596 0 07:42 ? 00:03:58 /usr/sbin/httpd
root 81116 1 0 11:02 ? 00:00:08 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
nagios 82804 1 0 11:04 ? 00:01:09 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
nagios 82806 82804 0 11:04 ? 00:00:03 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
nagios 82807 82804 0 11:04 ? 00:00:03 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
nagios 82808 82804 0 11:04 ? 00:00:03 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
nagios 82809 82804 0 11:04 ? 00:00:03 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
nagios 82810 82804 0 11:04 ? 00:00:03 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
nagios 82811 82804 0 11:04 ? 00:00:03 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
nagios 82820 4693 0 11:04 ? 00:00:05 /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
nagios 82821 82820 1 11:04 ? 00:02:54 /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
nagios 82834 82804 0 11:04 ? 00:00:00 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
root 82866 1 0 11:04 ? 00:00:00 /usr/bin/perl /usr/sbin/snmptt --daemon
snmptt 82869 82866 0 11:04 ? 00:00:00 /usr/bin/perl /usr/sbin/snmptt --daemon
apache 98812 1596 0 05:32 ? 00:05:50 /usr/sbin/httpd
apache 99467 1596 0 05:33 ? 00:05:58 /usr/sbin/httpd
apache 100188 1596 0 05:34 ? 00:05:57 /usr/sbin/httpd
apache 103818 1596 0 05:39 ? 00:05:47 /usr/sbin/httpd
apache 108940 1596 0 05:46 ? 00:05:39 /usr/sbin/httpd
apache 109358 1596 0 14:39 ? 00:00:27 /usr/sbin/httpd
apache 112744 1596 0 08:49 ? 00:03:11 /usr/sbin/httpd
apache 112753 1596 0 08:49 ? 00:03:08 /usr/sbin/httpd
apache 112754 1596 0 08:49 ? 00:03:08 /usr/sbin/httpd
apache 112904 1596 0 11:45 ? 00:01:43 /usr/sbin/httpd
apache 113306 1596 0 08:50 ? 00:03:11 /usr/sbin/httpd
root 114483 1290 0 08:51 ? 00:00:00 sshd: root@pts/0
root 114547 114483 0 08:51 pts/0 00:00:00 -bash
apache 116251 1596 0 05:56 ? 00:05:25 /usr/sbin/httpd
apache 120825 1596 0 06:02 ? 00:05:25 /usr/sbin/httpd
You do not have the required permissions to view the files attached to this post.
Re: Monitoring Deep Security 10.0 via SNMP
The settings look like they should work for your device but let's run a test to be sure.
Run the following as root on the Nagios XI server to send a test trap.
After this, go in to the XI GUI and see if the trap show up in the Admin > Unconfigured Objects menu with localhost as the host.
If it works, then we know the configuration settings are good.
Then to see if the firewall is still enabled on the Nagios XI server, run the following
You should see an inbound rule for UDP port 162
If not, this article has instructions for setting that up.
https://support.nagios.com/kb/article/s ... es-87.html
Then to see if the remote system is sending, you can install tcpdump on the server by running the following
Then to setup a capture run this
Let it run enough to capture some data from the remote host, or force a trap if possible and upload the 162.cap file to the post.
Run the following as root on the Nagios XI server to send a test trap.
Code: Select all
snmptrap -v 2c -c public localhost "" .1.3.6.1.4.1.26911.0.1 systemEventID i 1If it works, then we know the configuration settings are good.
Then to see if the firewall is still enabled on the Nagios XI server, run the following
Code: Select all
iptables -LIf not, this article has instructions for setting that up.
https://support.nagios.com/kb/article/s ... es-87.html
Then to see if the remote system is sending, you can install tcpdump on the server by running the following
Code: Select all
yum install tcpdump -yCode: Select all
tcpdump -i any -s 65535 -w 162.cap -n udp port 162Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitoring Deep Security 10.0 via SNMP
i was able to run the command, but on nagios GUI, "unconfigured objects" is empytgriep wrote:The settings look like they should work for your device but let's run a test to be sure.
Run the following as root on the Nagios XI server to send a test trap.After this, go in to the XI GUI and see if the trap show up in the Admin > Unconfigured Objects menu with localhost as the host.Code: Select all
snmptrap -v 2c -c public localhost "" .1.3.6.1.4.1.26911.0.1 systemEventID i 1
If it works, then we know the configuration settings are good.
Then to see if the firewall is still enabled on the Nagios XI server, run the followingYou should see an inbound rule for UDP port 162Code: Select all
iptables -L
If not, this article has instructions for setting that up.
https://support.nagios.com/kb/article/s ... es-87.html
Then to see if the remote system is sending, you can install tcpdump on the server by running the followingThen to setup a capture run thisCode: Select all
yum install tcpdump -yLet it run enough to capture some data from the remote host, or force a trap if possible and upload the 162.cap file to the post.Code: Select all
tcpdump -i any -s 65535 -w 162.cap -n udp port 162
also UDP is allowed
Code: Select all
[root@nagios ~]# snmptrap -v 2c -c public localhost "" .1.3.6.1.4.1.26911.0.1 systemEventID i 1
No log handling enabled - turning on stderr logging
systemEventID: Unknown Object Identifier (Sub-id not found: (top) -> systemEventID)
[root@nagios ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
[b]ACCEPT udp -- anywhere anywhere state NEW udp dpt:snmptrap[/b]
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationRe: Monitoring Deep Security 10.0 via SNMP
First, check the log files in the /var/log/snmptt folder to see if it was received.
If so, which file did the trap show up in and can you post what was received?
If so, which file did the trap show up in and can you post what was received?
Be sure to check out our Knowledgebase for helpful articles and solutions!