6.0.3 - Actionable Incident Notification

Unanswered Question
May 11th, 2009

Well there's supposedly a new feature in 6.0.3 that says I can send SNMP traps when a incident is created.

Anyone have any idea how to do this without going through each and every rule to edit the "action"?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
richardackroyd Thu, 05/14/2009 - 04:46

You have to create a rule like you would have before. Set the action to SNMP trap/email/whatever.

When the severity is set, for example to RED, it now alerts on RED incidents, not RED Events. I have been using this since the update to email our staff upon certain Incidents. Seems to work well.

If you want an alert when any Incident fires, leave every field as "any" and you should be good to go.

mhellman Mon, 05/18/2009 - 12:39

Richard, not sure what your saying here. The only way I've found to sort of accomplish this is to create an inspection rule using the MARS itself as the reporting device. It doesn't appear to work in newer versions. Is that what you did?

mhellman Mon, 05/18/2009 - 12:17

I believe you will have to configure for each inspection rule.


This Discussion