Adding a Custom SNMP Trap to JSA
In JSA products, you can create a new option for
the SNMP trap selection in the custom rules wizard. The trap names
that are specified in the list box are configured in the
- Use SSH to log in to JSA as the root user.
- Go to the
- Create an SNMP settings file for the new trap.
Copy, rename, and modify one of the existing SNMP settings files.
- Make a backup copy of the
- Open the
snmp-master.xmlfile for editing.
- Add a new <include> element.
The <include> element has the following attributes:
Table 1: Attributes for the <include> Element
Displayed in the list box
The name of the custom SNMP settings file
<include name="Custom_Event_Name" uri="customSNMPdef01.xml"/>
The traps are displayed in the menu in the same order in which they are listed in the
- Save and close the file.
- Copy the file from the
/opt/qradar/confdirectory to the
- Log in to the JSA interface.
- Log in to the JSA as an administrator.
- On the navigation menu (), click Admin to open the admin tab.
- Select Advanced >Deploy Full Configuration.
JSA continues to collect events when you deploy the full configuration. When the event collection service must restart, JSA does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.