Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Adding a Custom SNMP Trap to JSA

In JSA products, you can create a new option for the SNMP trap selection in the custom rules wizard. The trap names that are specified in the list box are configured in the snmp-master.xmlconfiguration file.

Note:

SNMPv3 rule responses are sent out as SNMP informs and not traps.

  1. Use SSH to log in to JSA as the root user.
  2. Go to the /opt/qradar/conf directory.
  3. Create an SNMP settings file for the new trap.
    Tip:

    Copy, rename, and modify one of the existing SNMP settings files.

  4. Make a backup copy of the snmp-master.xml file.
  5. Open the snmp-master.xml file for editing.
  6. Add a new <include> element.

    The <include> element has the following attributes:

    Table 1: Attributes for the <include> Element

    Attribute

    Description

    name

    Displayed in the list box

    uri

    The name of the custom SNMP settings file

    Example:

    The traps are displayed in the menu in the same order in which they are listed in the snmp-master.xml file.

  7. Save and close the file.
  8. Copy the snmp-master.xml file and the customSNMPdef01.xml file from the /opt/qradar/conf directory to the /store/configservices/staging/globalconfig directory.
  9. Log in to the JSA interface.
  10. Log in to the JSA as an administrator.
  11. On the navigation menu (), click Admin.
  12. Select Advanced >Deploy Full Configuration.
    Note:

    JSA continues to collect events when you deploy the full configuration. When the event collection service must restart, JSA does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.