Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Sending SNMP Traps to a Specific Host


By default, in JSA products, SNMP traps are sent to the host that is identified in your host.conf file. You can customize the snmp.xml file to send SNMP traps to a different host.

  1. Use SSH to log in to JSA as the root user.
  2. Go to the /opt/qradar/conf directory and make backup copies of the following files:
    • eventCRE.snmp.xml

    • offenseCRE.snmp.xml

  3. Open the configuration file for editing.
    • To edit the SNMP parameters for event rules, open the eventCRE.snmp.xml file.

    • To edit the SNMP parameters for offense rules, open the offenseCRE.snmp.xml file.

  4. Add no more than one <trapConfig> element inside the <snmp> element inside the <creSNMPTrap> element and before any other child elements.
  5. Use the following table to help you update the attributes.

    Table 1: Attribute Values to Update in the <trapConfig> Element




    The new host to which you want to send SNMP traps.

    The value for thesnmpVersion attribute for <snmpHost> element must be 2 or 3.


    The community string for the host


    An authentication protocol, security level, and password for the host.


    The decryption protocol and password for the host.


    SNMP user

  6. Save and close the file.
  7. Copy the file from the /opt/qradar/conf directory to the /store/ configservices/staging/globalconfig directory.
  8. Log in to the JSA as an administrator.
  9. On the navigation menu (), click Admin.
  10. Select Advanced >Deploy Full Configuration.Note

    JSA continues to collect events when you deploy the full configuration. When the event collection service must restart, JSA does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.