This article explains how to perform the following:
- Configure the Sensor to allow an SNMP pull
- Configure the Manager to send traps to the SNMP server
Configure the Sensor to allow an SNMP pull:
- Open the Manager and select Devices.
- Select the Sensor to be configured.
- Navigate to Setup, Remote Access, NMS.
- Under NMS Users, define the account used to access the Sensor:
- Select Remote Access, NMS User.
- Add a user with authentication with a minimum 8 character username.
- Create an Authentication Key and Private Key.
NOTE: Set the length of the Authentication and Private key between 8 and 15 characters. Special characters aren't allowed.
- Assign the Manager User to the Sensor.
NOTE: You can create multiple SNMPv3 user accounts for the Sensors to help manage or track which devices are allowed to poll the Sensors.
- Add the IP address of the client that queries the Sensor:
- Select the Sensor and click Remote Access, NMS Devices.
- Add the IP address of the client. You can add multiple IP addresses.
- Click Assign to assign the IP address to the Sensor.
- Activate or allow the new Manager (SNMPv3) users and IP addresses on the Sensor. Click Deploy Pending Changes to the Sensor.
Configure the External (NMS) Device to Poll the Sensor (Load the Sensor MIB onto the devices that poll the Sensors):
NOTES:
- MIBs are provided in the Manager installation directory in the \config folder.
- The MCAFEE-INTRUVERT-EMS-TRAP-MIB is for the Manager, and the others are for the Sensor.
- Open your MIB Browser client.
- Import the Sensor MIBS to your NMS device using the vendor-recommended method.
- Configure the user account that polls the Sensor:
- Select SNMPv3.
NOTE: The Sensor only supports V3 for this section of the configuration because encryption is needed.
- Select the Algorithm SHA and Privacy Algorithm AES algorithms.
- Add the username and password. These credentials were previously configured in the Manager.
- Load the MIB. You see the MIB:
iso.org.dod.internet.private.enterprise.mcafee-intruvert,
This MIB translates to 1.3.6.1.4.1.8962 at the top of the entry.
NOTE: The translation is: iso - 1, org - 3, dod - 6, internet - 1, private - 4, enterprise - 1, and mcafee-intruvert - 8962.
To test the
SNMPv3 configuration, perform an
SNMPGET/SNMPWALK on a Sensor:
- Open a command-line session on a Linux client.
- Use the snmpwalk command to locate the Sensor model number.
Type the following and then press Enter:
snmpwalk –v3 –t10 –a SHA –A <authentication-key> –x AES –X <private-key> –u <username> –l authPriv <sensor-IP> .1.3.6.1.4.1.8962.2.1.2.1.1.1
IMPORTANT: If you copy and paste the command in the command line using a plain text conversion process, you might see an error. The error occurs because the process replaces the dash marks with a similar but different character. Replace the dashes in Notepad or the command line before you execute the query.
- You see the Sensor model number displayed.
NOTE: You can also choose the OID and pull the specific information instead.