I'm trying to get triggered events from our IPS 4235 to report in HPOV. I've configured SNMP and see IPS system events in OpenView. I've updated the signatures that show up in the events database to include the "Request SNMP Trap. However, I don't see any signature triggered events. From what I've read, this should be working. Any thoughts?
I have enabled SNMP gets/set, Enabled SNMP traps (have select Fatal, Error & Warning), and Enabled detailed traps for alerts. On my signatures, I have added the action "request SNMP trap". Is there something else I need to do?
I am assuming you also configured the trap-destinations in the notification configuration as the OpenView station besides the community strings for read and write. Make sure the signatures are seen on cli as being fired. Otherwise that's all we do to get the traps sent.
Another quick way to test the same is adding a gobal override for request-snmp-trap in "service event-action-rules". This setting will send traps for every alert even if you have not set the event-action on signatures to request-snmp-trap. You can also verify the statistics under "show statistics notification" to confirm the number of gets, sets and traps.
Appears like there is no issue on the Sensor end as per the stats. A packet snoop on your OpenView station (if permitted) would help you to debug on the packets recieved. Also I am assuming you have complied the new CIDS MIB fine on the OpenView. If you have any other management tool handy like traprcv you can confirm the reciept of traps to eliminate the sensor problem.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :