Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Adding a Custom SNMP Trap to JSA

In JSA products, you can create a new option for the SNMP trap selection in the custom rules wizard. The trap names that are specified in the list box are configured in the snmp-master.xmlconfiguration file.


SNMPv3 rule responses are sent out as SNMP informs and not traps.

  1. Use SSH to log in to JSA as the root user.
  2. Go to the /opt/qradar/conf directory.
  3. Create an SNMP settings file for the new trap.

    Copy, rename, and modify one of the existing SNMP settings files.

  4. Make a backup copy of the snmp-master.xml file.
  5. Open the snmp-master.xml file for editing.
  6. Add a new <include> element.

    The <include> element has the following attributes:

    Table 1: Attributes for the <include> Element




    Displayed in the list box


    The name of the custom SNMP settings file


    The traps are displayed in the menu in the same order in which they are listed in the snmp-master.xml file.

  7. Save and close the file.
  8. Copy the snmp-master.xml file and the customSNMPdef01.xml file from the /opt/qradar/conf directory to the /store/configservices/staging/globalconfig directory.
  9. Log in to the JSA interface.
  10. Log in to the JSA as an administrator.
  11. On the navigation menu (), click Admin.
  12. Select Advanced >Deploy Full Configuration.

    JSA continues to collect events when you deploy the full configuration. When the event collection service must restart, JSA does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.