Jump to content

ESET Monitoring with SNMP (Nagios core)


Jamin
 Share

Recommended Posts

Hello.
We have trouble enabling SNMP notifications to monitor ESET with Nagios core. I followed this instruction (How to configure an SNMP Trap Service), but it doesn't seem to work for us. Information on our setup.
We are running ESET PROTECT Server (Version 9.xx) on a Windows Server and Nagios Core on a Raspberry Pi. 
I followed the instruction and enabled the SNMP Service on the ESET PROTECT Server. (set community to public, Add IP of the PI, allow all packets from any hosts)
After that, I followed the Linux instructions but won't receive any notifications. Also, what I noticed after installing the package was that the snmptrapd.conf was missing in /etc/snmp/. So I additionally installed snmptrapd and added the changes there. Unfortunately, that did not work for us. I presume that the instruction might be outdated. Would it be possible to revise the instruction and check if it still works? Thank you very much for any help provided. 

Here the .conf Files
/etc/default/snmpd 

# This file controls the behaviour of /etc/init.d/snmpd
# but not of the corresponding systemd service file.
# If needed, create an override file in
# /etc/systemd/system/snmpd.service.d/local.conf
# see man 5 systemd.unit and man 5 systemd.service

# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
# export MIBS=

# snmpd options (use syslog priority warning, close stdin/out/err).
#SNMPDOPTS='-LSwd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
TRAPDRUN=yes

/etc/snmp/snmpd.conf

rocommunity public
syslocation "Testing ESET PROTECT"
syscontact admin@PROTECT.com

/etc/snmp/snmptrapd.conf

# EXAMPLE-trap.conf:
#   An example configuration file for configuring the Net-SNMP snmptrapd agent.
#
###############################################################################
#
# This file is intended to only be an example.
# When the snmptrapd agent starts up, this is where it will look for it.
# All lines beginning with a '#' are comments and are intended for you
# to read.  All other lines are configuration commands for the agent.

#
# PLEASE: read the snmptrapd.conf(5) manual page as well!
#
#authCommunity log,execute,net private 
authCommunity log,execute,net public
#
## send mail when get any events
#traphandle default /usr/bin/traptoemail -s smtp.example.org foobar@example.org
#
## send mail when get linkDown
#traphandle .1.3.6.1.6.3.1.1.5.3 /usr/bin/traptoemail -s smtp.example.org foobar@example.org

 

Link to comment
Share on other sites

  • ESET Staff

Could you please clarify whether you are using ESET PROTECT on Windows or Linux? On Windows, different mechanisms for configuration is used, as there is SNMP support directly in operating system.

In case of ESET PROTECT for Linux: we are unfortunately aware of issue with configuration and that is why we dropped support for it in recent ESET PROTECT Appliances (based on CentOS7), as mentioned in documentation for recent versions: https://help.eset.com/protect_admin/90/en-US/how_to_configure_snmp.html
If I recall correctly, proper configuration was not found to this time - even that application part has not changed for years, there is definitely some problem, most probably related to permissions/access rights. PROTECT is technically invoking "snmptrap" command line utility, which is supposed to communicate with local daemon, and in case there are no errors reported in PROTECT logs it would mean that this commend is executed successful, just trap is not properly forwarded or dropped due to access rights.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...