SNMP trap capture

847 views
Skip to first unread message

Azhar Hj.Mohd Ghazali

unread,
Jan 12, 2023, 3:47:28 AM1/12/23
to Wazuh mailing list
Hi team,

Can wazuh monitor or capture any trap events of SNMP from NMS server that sends the logs to wazuh server.

Pls advise.

Thanks

Message has been deleted

Mauro Agustín Malara

unread,
Jan 20, 2023, 5:05:09 AM1/20/23
to Wazuh mailing list

Hi! Sorry for answering this so late.

Wazuh can be configured to receive logs from network devices using Remote Syslog as follows (/var/ossec/etc/ossec.conf):

<ossec_config> <remote> <connection>syslog</connection> <port>513</port> <protocol>tcp</protocol> <allowed-ips>192.168.2.0/24</allowed-ips> </remote> </ossec_config>

Another option is to write the logs to a file and configure Logcollector to collect them from the file path.

So, once your NMS server is sending logs to Wazuh you can create custom decoders and rules to trigger alerts according to the trap events you want to capture/monitor. I highly recommend to use our tool called Wazuh Logtest to test the decoders and rules created.

Let me know if it helps, and keep me posted in this process so that I can help you to configure Wazuh.

Regards.

Reply all
Reply to author
Forward
Message has been deleted
0 new messages