Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Customizing the SNMP Trap Information Sent to Another System

 

In JSA, you can edit the SNMP trap parameters to customize the information that is sent to another SNMP managing system when a rule condition is met.

Note

The SNMP trap parameters are displayed in the custom rules wizard only if SNMP is enabled in the JSA system settings.

  1. Use SSH to log in to JSA as the root user.
  2. Go to the /opt/qradar/conf directory and make backup copies of the following files:
    • eventCRE.snmp.xml

    • offenseCRE.snmp.xml

  3. Open the configuration file for editing.
    • To edit the SNMP parameters for event rules, open the eventCRE.snmp.xml file.

    • To edit the SNMP parameters for offense rules, open the offenseCRE.snmp.xml file.

  4. Inside the <snmp> element and before the <creSNMPTrap> element, insert the following section, updating the labels as needed:
  5. Save and close the file.
  6. Copy the file from the /opt/qradar/conf directory to the /store/configservices/staging/globalconfig directory.
  7. Log in to the JSA interface.
  8. On the Admin tab, select Advanced >Deploy Full Configuration.

    When you deploy the full configuration, JSA restarts all services. Data collection for events and flows stops until the deployment completes.

Customizing the SNMP Trap Output.