Configure Syslog and SNMP Settings

On the Legacy Notifications panel, you can configure syslog and SNMP notification settings. These configurations are used for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

Configure and Enable Syslog Settings

  1. Go to netwitness_adminicon_25x22.png (Admin) > System.
  2. In the options panel, select Legacy Notifications.

    The Legacy Notifications Configuration panel is displayed.

    122_legNot_1122.png

  3. In the Server Name and Server Port fields under Syslog Settings, type the host name where the target syslog process is running and the port where the target syslog process is listening.
  4. In the Facility, Encoding, Format, and Max length fields, specify the syslog facility, message text encoding, message format, and maximum message length.
  5. In the Protocol field, select either UDP or TCP.
  6. (Optional) Select the options for what to include in messages: Truncate overly large syslog messages, Include the local timestamp in syslog messages, and Include the local hostname in syslog messages.
  7. (Optional) Configure syslog to prepend an Identity String before each syslog alert.
  8. Set the Enable checkbox.
  9. Click Apply.

Syslog notifications are immediately enabled. Legacy Notifications Configuration Panel provides detailed information about these settings.

Configure and Enable SNMP Settings

  1. Go to netwitness_adminicon_25x22.png (Admin) > System.
  2. In the options panel, select Legacy Notifications.

    ​The Legacy Notifications Configuration panel is displayed, with SNMP Settings at the bottom of the panel.

    netwitness_legsnmp79.png

  3. In the Server Name and Server Port fields under SNMP Settings, type the host name and listening port of the SNMP trap host.
  4. Select the SNMP version in the drop-down menu, v1 or v2c.
  5. In the Trap OID field. specify the object ID for the SNMP trap on the trap host that receives the audit event. The default value is 0.0.0.0.0.1.
  6. In the Community field, specify the community string used to authenticate on the SNMP trap host, the default value is public.
  7. Set the Enable checkbox.
  8. Click Apply.

SNMP notifications are immediately enabled. Legacy Notifications Configuration Panel provides detailed information about these settings.

Disable Syslog or SNMP Settings

To disable syslog or SNMP settings on this NetWitness instance:

  1. Clear the appropriate Enable checkbox.
  2. Click Apply.
    The selected settings are immediately disabled.