Versions Compared

Old Version 3

changes.mady.by.user Andrew Madge

Saved on

compared with

New Version 4

changes.mady.by.user Steve Challans

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For the Snare Server SNMP is installed but not on by default as enabling any service by default, that is not specifically required by the user, can be considered a security risk. To enable SNMP if required, perform the following from the Snare Server console or on a Snare Central ssh session:

  1. Change the configuration in /etc/snmp/snmpd.conf and enable snmpd. Change the contact and community strings as needed.

  2. By default, the SNMP daemon will ONLY listen on the local loopback interface. To allow the daemon to respond to requests from other clients on the network, the agentAddress line should be modified. By default, it should have the following content:

    1. agentAddress udp:127.0.0.1:161

    2. In order to allow the snmpd daemon to listen on all network interfaces, modify the line as follows:

      1. udp:161 - ie remove 127.0.0.1:

  3. Update the setting in /etc/default/snmpd and remove the 127.0.0.1 from the SNMPDOPTS parameter - this needs to be done or you cant access the SNMP service from the network as its currently restricted to the local loop back address

  4. Update the section to allow the SNMP process to run. Change the SNMPDRUN=no to yes

    1. # snmpd control (yes means start daemon).

    2. SNMPDRUN=yes

  5. Restart the snmpd services /etc/init.d/snmpd restart . The snmp daemon should now be running and visible from the process list, using the command ps -aux |grep snmpd

  6. Test it and run the following from the Snare Server shell prompt snmpwalk -c -v2c  - it should respond and show some details.

  7. If you have the Snare firewall enabled then you will need to update the ufw firewall rules to allow UDP 161 in. Edit the /data/Snare/Supporting/configure-firewall.sh script to add in your rule for udp 161 as it only currently allows snmp traps on port 162. As of Snare Server patch 7.1.1 there is a new firewall management capability in the Snare Server Configuration Wizard.

NOTE: The Snare Enteprise Agents do not have any SNMP capability at present. If it is required to monitor the agent service on Windows servers then poll the SNMP status of services on the Windows server, as that will show that the agent is running but it will not show the status of sending events. Consult the Windows documentation on the SNMP mibs for polling a Windows Server. If you have your own SNMP software installed then it should show as part of that.

...

In order to download the MIB files:

  1. SSH into the Snare Central server, and log in as the ‘snare’ user account.

  2. Exit the default administration menu to the shell, and run the following command:

    1. sudo /usr/bin/snmp-mibs-downloader

  3. Enter the snare user password when prompted.

  4. Once the download is complete, please restart the snmp daemon once more:

    1. service snmpd restart or

    2. /etc/init.d/snmpd restart