RSA NetWitness allows for the configuration of SNMP via the Web User Interface (UI). When configuring multiple hosts however, it can be more efficient to utilize the Command Line Interface (CLI). This document gives a brief walk-through for enabling SNMP on RSA NetWitness Hosts and updating the onboard Firewall with the appropriate Rules. To configure SNMP via the WebUI, checkout Set SNMP - RSA Security Analytics Documentation
Task: Enabling SNMP on RSA NetWitness Appliances
Process: First we must ensure the onboard Firewall within CentOS is properly configured to allow SNMP traffic, UDP Port 161. Login to the CLI with elevated privileges.
1.) Ensure that SNMP is not currently running with the following command:
#service snmpd status
2.) The response should be:
#snmpd is stopped
Next, review the current IP Tables of CentOS to determine if UDP Port 161 is listed.
3.) Utilize the following command to list the rules in all chains:
#sudo iptables -L
4.) Out of the box configuration does not include a rule for UDP. Enter the following command to create a rule allowing traffic on UDP Port 161:
#sudo iptables -I INPUT -p udp -m udp --dport 161 -j ACCEPT
#sudo service iptables save
5.) The Firewall Rules have now been updated to include UDP 161. Enter the following command to start the SNMP service:
#service snmpd start
6.) To ensure that the SNMP daemon starts automatically after restart, utilize the following command
#chkconfig snmpd on
Conclusion: At this point, the RSA NetWitness appliances you have configured should be discoverable through SNMP. Further configuration of the /etc/snmpd/snmpd.conf file will allow you to name your device, add a POC, identify a community string, and a host of other options.
Additionally: The possibility exists to utilize Puppet to configure these changes across your deployment. I'll be adding a follow-up document that illustrates how to utilize this method. As always, feedback and suggestions from the community are welcome. Please drop your two-cents as there is always room for improvement!
Credit: Thank you KEVIN DIENST for the reminder about #chkconfig snmpd on , Good looking out!
Thanks,
RSA Bob
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.