Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Configuring SNMP and Syslog in SIM

Created: 16 Oct 2008 • Updated: 22 May 2010 | 2 comments

I need to send seleted events/incidents to our Syslog and SNMP aggregators which are not Symantec products.  I can see in the Rules how to configure a rule to alert to Syslog or SNMP.  And I think I've found where to configure the SNMP settings  (System > Product Configurations > Manager Components Configurations).  What I can't do is actually edit anything in the Manager Components Configurations, nor can I find where to configure the external Syslog server's address.

 

One other possibility that I gleaned from reading SIM Help is that it is configured in the web-based appliance configuration.  The "Forwarding events from a SESA Manager" help page says to connect to the SESA console at https://<ip_address>/sesa/ssmc.  I can connect to the appliance and I see configuration options, but I see nothing for SESA configuration, nor does the address in the help page work.  

 

What do I need to do to get SSIM to report events and incidents to a Syslog and/or SNMP server? 

Comments 2 CommentsJump to latest comment

olaf's picture

To edit settings in the Manager Components Configurations you have to create a new configuration and assign it to the SSIM appliance. You can't edit the Defaulf configuration.

 

Syslog events are send to the local Syslog server which is running on the SSIM appliance.

It is using the local0 log facility. To forward these events from the local syslog server to a remote syslog server you will have to add the following line to the syslog.conf file on the SSIM appliance.

 

local0.*        @<IP-address>

 

Where <IP-address> must be replaced with the IP-address of your remote syslog server.

 

Olaf

 

 

 

Blenky's picture

Can you trigger an SNMP trap based on an incident creation?