|Applies To||RSA Product Set: NetWitness Platform|
RSA Product/Service Type: Decoder
RSA Version/Condition: 10.6.x, 11.x
|Issue||How to configure SNMP traps in RSA NetWitness.|
Once the SNMP agent has been enabled, following the instructions in the KB article How to enable SNMP in OS on RSA NetWitness, how do I configure it to send SNMP traps?
Follow the instructions below to configure SNMP traps for the appliance. The examples provided are for a Decoder but apply the same to Concentrators and Brokers.
If you wish to alert when the dropped packet percentage exceeds 5%, right click on capture.dropped.percent and select "Properties".
From the drop-down menu below, select "setLimit" then enter "high=5" without the quotes in the Parameters field and click on the Send button.
You can confirm the current value by selecting "getLimit" from the menu.
Now, if the Decoder's dropped percentage rate exceeds 5%, it will send an SNMP trap.
Similarly, to alert when a string statistic changes, i.e. /decoder/stats/capture.started, enter the state you would like to alert on in the 'low' parameter. For instance, if you would like to alert when capture is in a stopped state, "setLimit" to "low=stopped".
|Legacy Article ID||a58872|