Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 3877 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Console SNMP Message Configuration

Azwan

Hi Everyone,

 
Currently 1 of our customer request to implement SNMP Messaging on PC Incfected with Virus, We have succesfully setup test enviroment for Sophos Console SNMP Messaging option at Anti-Virus and HIPS policy has been configured and enable  .
SNMP manager server succesfully receive SNMP logs from affected PC, however we didn't found any information related with sophos errror that we have configured at sophos console.
Please refer SNMP logs attached from SNMP Manager server logs for detail information, appriciate if anyone can verify and advice detail steps on configuring Sophos SNMP Message option . Thanks
Test Enviroment :
Server : 1) Windows 2003 R2 Standard Edition 
                 Hostname : Migration (SNMP Manager)
                 IP             : 172.16.116.170
                 SNMP Manager Software : IReasoning MIB Browser
                 SNMP Community Name : Sophos
             2) Windows 2003 R2 Standard Edition 
                 Hostname : Sophos711 (Client)
                 IP            : 172.16.116.169 
                 SOPHOS Console : 5.0
Anti-Virus & HIPS SNMP Message configuration
             Enable SNMP Messaging 
             Message to send (select all option for testing purpose)
             SNMP trap destination :  172.16.116.170
             SNMP Community Name : Sophos
:22429


This thread was automatically locked due to age.
Parents
  • 0

    Hi Everyone,

    As per last post above, objective of the test is to verify key point below if SNMP message policy enable at console that I want to share result of the test. 

    Basic SNMP for windows server to publish SNMP string is that server must use windows server SNMP services to publish and SNMP Trap for capture and manage SNMP string from different server or 3rd party application and agent.

    Test Objective:

    1)     Verify SNMP string trigger is trigger by client or sophos console server as relay server to SNMP server 

    2)     Verify SNMP string publish contain information from sophos database

    Test Result:

    1)     Client that configure policy enable SNMP server will sent SNMP string direct to SNMP server through port  UDP 162 and didn’’’’t use Sophos server as a relay .

    2)     Client  don’’’’t have to configure Windows SNMP service since Sophos SAV act as SNMP agent  to publish the SNMP string that tally with basic SNMP information either use Windows SNMP service or 3rd party agent or  Application in this case Sophos SAV is the 3rd party agent use to publish the SNMP string.

    3)     SNMP string publish by client  contain information from Microsoft Event  logs since Windows SNMP services is tally with Microsoft Event 

    Hopefully someone can verify and correct me if the info receive from the test is wrong or lack of information.

    Kindly share with if anyone can correct or have better explanation on Sophos SNMP. Thanks

    :22799
Reply
  • 0

    Hi Everyone,

    As per last post above, objective of the test is to verify key point below if SNMP message policy enable at console that I want to share result of the test. 

    Basic SNMP for windows server to publish SNMP string is that server must use windows server SNMP services to publish and SNMP Trap for capture and manage SNMP string from different server or 3rd party application and agent.

    Test Objective:

    1)     Verify SNMP string trigger is trigger by client or sophos console server as relay server to SNMP server 

    2)     Verify SNMP string publish contain information from sophos database

    Test Result:

    1)     Client that configure policy enable SNMP server will sent SNMP string direct to SNMP server through port  UDP 162 and didn’’’’t use Sophos server as a relay .

    2)     Client  don’’’’t have to configure Windows SNMP service since Sophos SAV act as SNMP agent  to publish the SNMP string that tally with basic SNMP information either use Windows SNMP service or 3rd party agent or  Application in this case Sophos SAV is the 3rd party agent use to publish the SNMP string.

    3)     SNMP string publish by client  contain information from Microsoft Event  logs since Windows SNMP services is tally with Microsoft Event 

    Hopefully someone can verify and correct me if the info receive from the test is wrong or lack of information.

    Kindly share with if anyone can correct or have better explanation on Sophos SNMP. Thanks

    :22799
Children
No Data