Jump to content

Recommended Posts

Posted

Hello.
We have trouble enabling SNMP notifications to monitor ESET with Nagios core. I followed this instruction (How to configure an SNMP Trap Service), but it doesn't seem to work for us. Information on our setup.
We are running ESET PROTECT Server (Version 9.xx) on a Windows Server and Nagios Core on a Raspberry Pi. 
I followed the instruction and enabled the SNMP Service on the ESET PROTECT Server. (set community to public, Add IP of the PI, allow all packets from any hosts)
After that, I followed the Linux instructions but won't receive any notifications. Also, what I noticed after installing the package was that the snmptrapd.conf was missing in /etc/snmp/. So I additionally installed snmptrapd and added the changes there. Unfortunately, that did not work for us. I presume that the instruction might be outdated. Would it be possible to revise the instruction and check if it still works? Thank you very much for any help provided. 

Here the .conf Files
/etc/default/snmpd 

# This file controls the behaviour of /etc/init.d/snmpd
# but not of the corresponding systemd service file.
# If needed, create an override file in
# /etc/systemd/system/snmpd.service.d/local.conf
# see man 5 systemd.unit and man 5 systemd.service

# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
# export MIBS=

# snmpd options (use syslog priority warning, close stdin/out/err).
#SNMPDOPTS='-LSwd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
TRAPDRUN=yes

/etc/snmp/snmpd.conf

rocommunity public
syslocation "Testing ESET PROTECT"
syscontact admin@PROTECT.com

/etc/snmp/snmptrapd.conf

# EXAMPLE-trap.conf:
#   An example configuration file for configuring the Net-SNMP snmptrapd agent.
#
###############################################################################
#
# This file is intended to only be an example.
# When the snmptrapd agent starts up, this is where it will look for it.
# All lines beginning with a '#' are comments and are intended for you
# to read.  All other lines are configuration commands for the agent.

#
# PLEASE: read the snmptrapd.conf(5) manual page as well!
#
#authCommunity log,execute,net private 
authCommunity log,execute,net public
#
## send mail when get any events
#traphandle default /usr/bin/traptoemail -s smtp.example.org foobar@example.org
#
## send mail when get linkDown
#traphandle .1.3.6.1.6.3.1.1.5.3 /usr/bin/traptoemail -s smtp.example.org foobar@example.org

 

  • ESET Staff
Posted

Could you please clarify whether you are using ESET PROTECT on Windows or Linux? On Windows, different mechanisms for configuration is used, as there is SNMP support directly in operating system.

In case of ESET PROTECT for Linux: we are unfortunately aware of issue with configuration and that is why we dropped support for it in recent ESET PROTECT Appliances (based on CentOS7), as mentioned in documentation for recent versions: https://help.eset.com/protect_admin/90/en-US/how_to_configure_snmp.html
If I recall correctly, proper configuration was not found to this time - even that application part has not changed for years, there is definitely some problem, most probably related to permissions/access rights. PROTECT is technically invoking "snmptrap" command line utility, which is supposed to communicate with local daemon, and in case there are no errors reported in PROTECT logs it would mean that this commend is executed successful, just trap is not properly forwarded or dropped due to access rights.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...