Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000026855 - How to configure SNMP traps in RSA NetWitness Platform

Document created by RSA Customer Support

on Jan 11, 2017•Last modified by RSA Customer Support on Oct 1, 2019

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000026855
Applies To	RSA Product Set: NetWitness Platform RSA Product/Service Type: Decoder RSA Version/Condition: 10.6.x, 11.x
Issue	How to configure SNMP traps in RSA NetWitness. Once the SNMP agent has been enabled, following the instructions in the KB article How to enable SNMP in OS on RSA NetWitness, how do I configure it to send SNMP traps?
Resolution	Follow the instructions below to configure SNMP traps for the appliance. The examples provided are for a Decoder but apply the same to Concentrators and Brokers. Log in to the RSA NetWitness UI. 2. For 10.6.x, navigate to Administration > Services > Decoder > Explore For 11.x, navigate to ADMIN > Services > Decoder > Explore Navigate to /logs/config/log.snmp.agent. Enter the IP address of your SNMP trap receiver into the right-hand column. SNMP traps can be generated when an integer statistic reaches a low or high threshold or a string statistic changes its status. Locate a statistic that you would like to alert on in Explore view. Take for instance /decoder/stats/capture.dropped.percent. If you wish to alert when the dropped packet percentage exceeds 5%, right click on capture.dropped.percent and select "Properties". From the drop-down menu below, select "setLimit" then enter "high=5" without the quotes in the Parameters field and click on the Send button. You can confirm the current value by selecting "getLimit" from the menu. Now, if the Decoder's dropped percentage rate exceeds 5%, it will send an SNMP trap. Similarly, to alert when a string statistic changes, i.e. /decoder/stats/capture.started, enter the state you would like to alert on in the 'low' parameter. For instance, if you would like to alert when capture is in a stopped state, "setLimit" to "low=stopped". If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
Legacy Article ID	a58872

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links