SNMP
SNMP (Simple Network Management Protocol) can be used to monitor the health of your appliance. supports versions 2c and 3 of SNMP.
SNMP Configuration
You can configure SNMP polling and notifications. If SNMP polling is configured, a manager station can query the SNMP agent residing on the . The information retrieved provides detailed information at the hardware and operating system level.
To configure SNMP polling:
-
In the main menu bar, click Administration > Setup> System Admin
-
In the navigation tree, under System, click SNMP.
-
On the SNMPPoll Configuration tab, ensure Enabled is selected.
- For Port, the default is 161 but can be any available port. Ensure the specified port is open on your firewall.
- For SNMP version, select V2c or V3,
- If V2c is selected, specify a community string of between 6 and 128 alphanumeric, underscore, and dash characters.
- If V3 is selected, specify the username (alphanumeric lower-case string of 4-16 characters, which must begin with an alphabetic characters and may include underscores), authentication protocol, authentication passphrase (4 to 256 characters), privacy protocol, and privacy passphrase (4 to 256 characters).
- Click Save.
If an SNMP destination is configured, can send notifications for a limited set of events (see Viewing SNMP System Information).
SNMP notifications differ from those sent by connectors, which are for a generic ArcSight event. The notifications listed here are specific to a single event, making them easier for understanding by a network management system.
To configure the destination for SNMP notifications:
-
In the main menu bar, click Administration > System Admin
-
In the navigation tree, under System, click SNMP.
-
On the SNMP Destination tab, ensure Enabled is selected. Then, specify values for the other parameters that match your existing NMS SNMP settings.
- For Port, specify 162. Note: Specifying a non-default port may cause a brief delay. Give the process time to complete.
- For SNMP version, select V2c or V3,and then specify values for the prompted settings.
- Click Save
Viewing SNMP System Information
SNMP notifications are viewable in any MIB browser. The following SNMP notifications are supported:
- Application
- Login attempt failed
- Password change attempt failed
- User account locked
- Reboot command launched
- Manual backup failed
- Enable FIPS mode successful
- Disable FIPS mode successful
- Enable FIPS mode failed
- Disable FIPS mode failed
- Platform
-
CPU Usage
-
Memory Usage
-
Disk Almost Full
-
Fan Failure
-
Power Supply Failure
-
Temperature Out of Range
-
Ethernet Link Down
-
To view system notifications in an MIB browser:
On your appliance:
You can download the ArcSight MIB file and other standard Net-SNMP MIB files using the following URLs:
- https://<system_name_or_ip>/platform-service/ARCSIGHT-EVENT-MIB.txt
- https://<system_name_or_ip>/platform-service/DISMAN-EVENT-MIB.txt
- https://<system_name_or_ip>/platform-service/HOST-RESOURCES-MIB.txt
- https://<system_name_or_ip>/platform-service/IF-MIB.txt
- https://<system_name_or_ip>/platform-service/UCD-SNMP-MIB.txt
In any standard MIB browser:
-
Load the MIB in the browser.
-
Specify the address and port number of the SNMP agent—your appliance, in this case.
-
Configure the community string that is set on your appliance.
-
Initiate the SNMP WALK operation of the OID from the browser.
-
Once the SNMP data is returned, interpret it based on the information described earlier in this section.
MIB Contents
Notifications are written to the following modules of the MIB file:
Module | Notification Types |
---|---|
HOST-RESOURCES-MIB | Standard hardware parameters. |
IF-MIB | Objects for network interfaces. |
IP-MIB | IP and ICMP implementations. |
DISMAN-EVENT-MIB | Event triggers and actions for standard network management. |