Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Custom SNMP Trap to JSA

 

In JSA products, you can create a new option for the SNMP trap selection in the custom rules wizard. The trap names that are specified in the list box are configured in the snmp-master.xmlconfiguration file.

  1. Use SSH to log in to JSA as the root user.
  2. Go to the /opt/qradar/conf directory.
  3. Create an SNMP settings file for the new trap.Tip

    Copy, rename, and modify one of the existing SNMP settings files.

  4. Make a backup copy of the snmp-master.xml file.
  5. Open the snmp-master.xml file for editing.
  6. Add a new <include> element.

    The <include> element has the following attributes:

    Table 1: Attributes for the <include> Element

    Attribute

    Description

    name

    Displayed in the list box

    uri

    The name of the custom SNMP settings file

    Example:

    The traps are displayed in the menu in the same order in which they are listed in the snmp-master.xml file.

  7. Save and close the file.
  8. Copy the file from the /opt/qradar/conf directory to the /store/configservices/staging/globalconfig directory.
  9. Log in to the JSA interface.
  10. Log in to the JSA as an administrator.
  11. On the navigation menu (), click Admin to open the admin tab.
  12. Select Advanced >Deploy Full Configuration.Note

    JSA continues to collect events when you deploy the full configuration. When the event collection service must restart, JSA does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.