SNMP Traps and Syslog Settings
(Feature available only in the Enterprise Edition)

Password Manager Pro (PMP) allows you to raise SNMP Traps and send Syslog messages to your log management systems on the occurrence of various password actions and audit events. Sending SNMP traps and forwarding syslog messages is a two-step process:

  1. Configuring Settings for SNMP Traps and Syslog Messages
  2. Configuring the Audit Events

1. Configuring Settings for SNMP Traps and Syslog Messages

Password Manager Pro has built-in support to send a SNMP v2c trap to the desired host and port. The varbinds include the resource name, account name, name of the user who operated, IP address from which the user operated, date and time, and the reason of the operation that resulted in the event.

1.1 Configuring SNMP Trap Settings

Follow the below steps to configure SNMP trap settings:

  1. Navigate to Admin >> Integration >> SNMP Trap / Syslog Settings.
  2. In the dialog box that opens, click the SNMP Trap Receiver tab. Here, enter the name of the host server which will receive the traps, its port, the SNMP community, and click Save.

1.2 Configuring Syslog Settings

Password Manager Pro generates an RFC-3164 compliant Syslog message and sends it to the configured host server, using the chosen protocol (TCP or UDP). Default facility name will be AUTH, but you can change it to any unassigned facility name from the pick list.

Follow the below steps to specify Syslog settings:

  1. Navigate to Admin >> Integration >> SNMP Trap / Syslog Settings.
  2. In the dialog box that opens, switch to Syslog Collector tab. Here, enter the Collector Hostname and Port, choose the Protocol and Facility Name. Once done, click Save.

1.2.1 Format of the Syslog Messages Sent from Password Manager Pro

Password Manager Pro uses different Syslog message formats for Resource Audit and User Audit. The RFC-3164 compliant Syslog message indicates the type of audit event at the start of the message, followed by the username and IP address from which the operation was performed. The message typically includes details such as the type of operation, the timestamp, and status. It also displays the name of the PMP server where the operation was carried out, along with the resource & account name details. A notable difference between the Syslog messages for MSP and Non-MSP is that the MSP format includes the ORG_NAME in the message.

i. Syslog Format for MSP

Resource Audit

[ResourceAudit:LOGGED_IN_USERNAME:IPADDRESS] [OPERATION_TYPE] [OPERATED_TIME] [STATUS_OF_OPERATION] [PMP_SERVER_NAME] [ORG_NAME-RESOURCE_NAME:ACCOUNT_NAME:REASON]

User Audit

[UserAudit:LOGGED_IN_USERNAME:IPADDRESS] [OPERATION_TYPE] [OPERATED_TIME] [STATUS_OF_OPERATION] [PMP_SERVER_NAME] [ORG_NAME-LOGGED_IN_USERNAME:REASON]

ii. Syslog Format for Non-MSP

Resource Audit

[ResourceAudit:LOGGED_IN_USERNAME:IPADDRESS] [OPERATION_TYPE] [OPERATED_TIME] [STATUS_OF_OPERATION] [PMP_SERVER_NAME] [RESOURCE_NAME:ACCOUNT_NAME:REASON]

User Audit

[UserAudit:LOGGED_IN_USERNAME:IPADDRESS] [OPERATION_TYPE] [OPERATED_TIME] [STATUS_OF_OPERATION] [PMP_SERVER_NAME] [LOGGED_IN_USERNAME:REASON]

2. Configuring the Audit Events

After configuring the required settings, select the events for which you wish to generate the SNMP traps or syslog messages. There are two ways to do this:

  1. Operation-oriented: To generate traps or syslog messages regarding the account operations performed within Password Manager Pro, navigate to Audit >> Audit Actions >> Configure Resource Audit and select the required options. You can customize the audit events for User Audit, Task Audit, and Keys Audit as well.
  2. Password-oriented: To generate password-related SNMP traps and syslog messages, navigate to Groups >> Actions (of desired group) >> Configure Notifications. Select the required options in the window that appears and click Save.

©2014, ZOHO Corp. All Rights Reserved.

Top