SNMP Settings

SNMP Settings

Simple Network Management Protocol (SNMP) is a set of protocols used in managing network devices, such as bridges, routers, and hubs over a TCP/IP network.

In the SNMP management architecture, one or more computers on the network act as a network management station (NMS) and poll the managed devices to gather information about their performance and status. Each managed device has a software module, known as an agent, which communicates with the NMS.

Security

Managed devices can protect their Management Information Base (MIBs) by granting only specific network management stations access. One way of doing this is through authentication. Managed devices can require that all NMSs belong to a community, the name of which acts as a password that the managed devices use to authenticate management stations attempting to gain access. Additionally, the settings for a community can include access privileges, such as READ-ONLY and READ-WRITE, that are granted to NMSs.

Supported SNMP Agent specifications and Supported SNMP Traps specifications enumerate the supported Threat Mitigator SNMP specifications:

Supported SNMP Agent specifications

Specifications

Community-based SNMPv2 (SNMPv2c)

Access privileges

READ ONLY (the GET command)

Management Information Base (MIB)

MIB II, with the following standard objects:

  • System group

  • Interfaces group

  • Enterprise group, including system status and memory utilization

Accepted community names

Community names with the following characteristics:

  • Default name: public

  • Access privileges: READ ONLY (the get command)

  • Maximum number of community names: 5

  • Maximum length of community name: 33 alphanumeric characters

Trusted Network Management Stations (NMS)

Allows up to 255 specific network management station IP addresses to access the agent

SNMP Agent Limitations

The following are the SNMP agent limitations:

SNMP Traps and Queries

In addition to the standard SNMP traps, Threat Mitigator defines the following additional traps and queries:

Supported SNMP Traps specifications

Specifications

Details

Community name

One community name allowed

Destination Network Management Station (NMS) IP addresses

One NMS IP address allowed per community name

SNMP Traps and Queries

Object Name

Object Identifier (OID)

Description

coldStart

.1.3.6.1.6.3.1.1.5.1

Signifies that the SNMP entity, supporting a notification originator application, is reinitializing itself and that its configuration may have been altered

Shutdown

.1.3.6.1.4.1.
8072.4.0.2

Signifies that Threat Mitigator was shut down

ProductVersion

.1.3.6.1.4.1.
6101.3001.1.0

Returns the Threat Mitigator version

RequiringPost
Assessment
Cleanup

.1.3.6.1.4.1.
6101.3001.2.1.0

Returns the number of endpoints requiring post-assessment cleanup, as indicated on the Threat Management screen

RequiringCustomSolution

.1.3.6.1.4.1.
6101.3001.2.2.0

Returns the number of endpoints requiring custom cleanup, as indicated on the Threat Management screen

OnDemandScan
Fail

.1.3.6.1.4.1.
6101.3001.2.3.0

Returns the number of endpoints that encountered On-demand Scan problems, as indicated on the Threat Management screen

bootFactory

.1.3.6.1.4.1.
6101.3001.3.4

Threat Mitigator booted to the default factory partition.

bootPrevious

.1.3.6.1.4.1.
6101.3001.3.5

Threat Mitigator booted to the previous partition.

databaseMaintenance

.1.3.6.1.4.1.
6101.3001.3.7

The database shrink process was carried out to reduce the size of the database.

logPurge

.1.3.6.1.4.1.
6101.3001.3.8

Database logs were purged.

This object references "logPurgeType" to check whether purging was done manually or automatically.

connectTMSPFail

.1.3.6.1.4.1.
6101.3001.3.9

Threat Mitigator was unable to connect to TMSP. Threat Mitigator establishes connections at 10-minute intervals.

This object references "serverLocation" to determine the IP address or host name of TMSP.

NTPFail

.1.3.6.1.4.1.
6101.3001.3.10

Threat Mitigator was unable to synchronize its system time with the NTP server.

customSolution
Downloaded

.1.3.6.1.4.1.
6101.3001.3.11

A pattern required for custom cleanup is ready for deployment to affected endpoints. This object references the following objects:

  • solutionType: Type of pattern required for custom cleanup (Custom pattern or Smart Scan Agent Pattern)

  • solutionVersion: Version of the custom pattern required for custom cleanup

  • endpointList: List of endpoints requiring custom cleanup

connectAUFail

.1.3.6.1.4.1.
6101.3001.3.12

An attempt to connect to the Trend Micro ActiveUpdate server was unsuccessful.

component
UpdateFail

.1.3.6.1.4.1.
6101.999.2.2

Connection with the Trend Micro ActiveUpdate was established but the update session was unsuccessful. Each session updates one or several components. The component names are listed, but version numbers are not.

To configure SNMP settings:

  1. Select the check box to enable SNMP Trap.

  2. Type the Community name and Server IP address.

  3. Select the check box to enable SNMP agent.

  4. Type the System location and System contact.

  5. Type a Community name to add under Accepted Community Name(s). You can add up to 5 SNMP Accepted Community Names.

  6. Click Add to. The community name displays in the table.

  7. Type the IP Address to add under Trusted Network Management IP Address(es). You can add up to 255 SNMP Trusted Network Management IP Addresses.

  8. Click Add to. The IP address displays in the table.

  9. Click Save.

  10. To export the MIB file and view its content:

    1. Click Export MIB file.

    2. Save the file to the preferred location on the computer.

See also: