Configure SNMP Trap and Syslog Event Forwarding

BeyondInsight, Discovery Scanner, Password Safe, and Endpoint Privilege Management products can forward the following:

  • SNMP traps using versions 1, 2, or 3
  • Events through a syslog daemon

With this forwarding function, it is feasible to integrate critical event information directly into a NMS, SIM, NAC, or other log consolidation, or event management systems.

A standard SNMP MIB, EEYE-REM_EVENT-MIB.MIB, is available for decoding traps at the destination and is located at C:\Program Files (x86)\BeyondTrust\BeyondInsight. On a U-Series Appliance with Server 2016, the path is slightly different: either C:\Program Files (x86)\eEye Digital Security\Retina CS, or C:\Program Files (x86)\Security Scanner\Help\Snmp\.

This MIB is valid for BeyondInsight and Discovery Scanner.

You can configure SNMP and syslog event forwarding settings from the Connectors page. Both protocols work for all data aggregated by BeyondInsight and Discovery Scanner.

Enable SNMP Event Forwarding

  1. In BeyondInsight, go to Configuration > General > Connectors.
  2. From the Connectors pane, click Create New Connector.
  3. Enter a name for the connector.
  1. Select SNMP Event Forwarder.
  2. Leave Active (yes) enabled.
  3. Select an Output Format and provide the name of the SNMP Community.
  4. Provide the IP address and port for the SNMP Trap receiver.
  5. Select the events that you want to forward.
  6. Click Test Connector to send a test event message.
  7. Click Create Connector.

Enable Syslog Event Forwarding

  1. In BeyondInsight, go to Configuration > General > Connectors.
  2. From the Connectors pane, click Create New Connector.
  3. Enter a name for the connector.
  1. Select Syslog Event Forwarder under Connector Type.
  2. Click Create Connector to open Syslog Event Forwarder pane.
  3. Leave Active (yes) enabled.
  4. Provide the required details for the syslog server:
    • Select the Available Output Pipeline:TCP, TCP-SSL, or UDP.
    • Enter Host Name and Port.
  5. Select an output format: NewLine Delimited, Tab Delimited, or Comma Delimited.
  6. Select an optional syslog Facility from the list.
  7. Select Format Specification.
  8. Select the events that you want to forward.
  9. Click Test Connector to determine if event is successful.
  10. Click Create Connector.

If an event is received from Password Safe Cloud, a Resource Zone can now be associated with any connector that sends data using syslog. If selected, Password Safe Cloud proxies the syslog data through the Resource Brokers associated with that Resource Zone.