SA Cfg: Configure Syslog and SNMP Settings

Document created by RSA Information Design and Development on Jul 22, 2016Last modified by RSA Information Design and Development on Dec 2, 2016
Version 4Show Document
  • View in full screen mode
  

On the Legacy Notifications panel, you can configure syslog and SNMP notification settings. These configurations are used for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

Configure and Enable Syslog Settings

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Legacy Notifications.
    The Legacy Notifications Configuration panel is displayed.
  3. In the Server Name and Server Port fields under Syslog Settings, type the host name where the target syslog process is running and the port where the target syslog process is listening.
  4. In the Facility, Encoding, Format, and Max length fields, specify the syslog facility, message text encoding, message format, and maximum message length.
  5. In the Protocol field, select either UDP or TCP.
  6. (Optional) Select the options for what to include in messages: Truncate overly large syslog messages, Include the local timestamp in syslog messages, and Include the local hostname in syslog messages.
  7. (Optional) Configure syslog to prepend an Identity String before each syslog alert.
  8. Click the Enable checkbox.
  9. Click Apply.
    Syslog notifications are immediately enabled.

Legacy Notifications Configuration Panel provides detailed information about these settings.

Configure and Enable SNMP Settings

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Legacy Notifications.
    The Legacy Notifications Configuration panel is displayed.
  3. In the Server Name and Server Port fields under SNMP Settings, type the host name and listening port of the SNMP trap host.
  4. Select the SNMP version in the drop-down menu, v1 or v2c.
  5. In the Trap OID field. specify the object ID for the SNMP trap on the trap host that receives the audit event. The default value is 0.0.0.0.0.1.
  6. In the Community field, specify the community string used to authenticate on the SNMP trap host, the default value is public.
  7. Click the Enable checkbox.
  8. Click Apply.
    SNMP notifications are immediately enabled.

Legacy Notifications Configuration Panel provides detailed information about these settings.

Disable Syslog or SNMP Settings

To disable syslog or SNMP settings on this Security Analytics instance:

  1. Clear the appropriate Enable checkbox.
  2. Click Apply.
    The selected settings are immediately disabled.
You are here
Table of Contents > Standard Procedures > Configure Syslog and SNMP Settings

Attachments

    Outcomes