Configuring SNMP and Syslog in SIM
I need to send seleted events/incidents to our Syslog and SNMP aggregators which are not Symantec products. I can see in the Rules how to configure a rule to alert to Syslog or SNMP. And I think I've found where to configure the SNMP settings (System > Product Configurations > Manager Components Configurations). What I can't do is actually edit anything in the Manager Components Configurations, nor can I find where to configure the external Syslog server's address.
One other possibility that I gleaned from reading SIM Help is that it is configured in the web-based appliance configuration. The "Forwarding events from a SESA Manager" help page says to connect to the SESA console at https://<ip_address>/sesa/ssmc. I can connect to the appliance and I see configuration options, but I see nothing for SESA configuration, nor does the address in the help page work.
What do I need to do to get SSIM to report events and incidents to a Syslog and/or SNMP server?
Comments 2 Comments • Jump to latest comment
To edit settings in the Manager Components Configurations you have to create a new configuration and assign it to the SSIM appliance. You can't edit the Defaulf configuration.
Syslog events are send to the local Syslog server which is running on the SSIM appliance.
It is using the local0 log facility. To forward these events from the local syslog server to a remote syslog server you will have to add the following line to the syslog.conf file on the SSIM appliance.
local0.* @<IP-address>
Where <IP-address> must be replaced with the IP-address of your remote syslog server.
Olaf
Can you trigger an SNMP trap based on an incident creation?
Would you like to reply?
Login or Register to post your comment.