Configuring SNMP Alerting for Intrusion Events
After you enable external SNMP alerting in an intrusion policy, you can configure individual rules to send SNMP alerts when they trigger. These alerts are sent from the managed device.
Note | External alerting for intrusion events using SNMP at the intrusion policy or intrusion rule level is supported on Firewall Threat Defense devices running the Snort 2 inspection engine. For devices with Snort 3, SNMP trap destination is inherited from the logging settings in the access control policy. |
Procedure
Step 1 | Choose and click Snort 2 Version. |
Step 2 | In the intrusion policy editor's navigation pane, click Advanced Settings. |
Step 3 | Make sure SNMP Alerting is Enabled, then click Edit. A message at the bottom of the page identifies the intrusion policy layer that contains the configuration. |
Step 4 | Choose an SNMP Version, then specify configuration options as described in Intrusion SNMP Alert Options. |
Step 5 | In the navigation pane, click Rules. |
Step 6 | In the rules pane, choose the rules where you want to set SNMP alerts, then from the Alerting drop-down list, choose Add SNMP Alert. |
Step 7 | To save changes you made in this policy since the last policy commit, choose Policy Information, then click Commit Changes. If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy. |
What to do next
-
Deploy configuration changes.