SNMP Log Monitoring

The ICS must be configured to forward all log failure events where the detection and/or prevention function is unable to write events to local log record or send an SNMP trap that can be forwarded.

Event logs are also updated to local logs by default in addition to the central syslog server. However, if the site uses SNMP, the following must be configured since SNMP is disabled by default.

In the ICS Web UI, navigate to System > Log/Monitoring > SNMP.

1.Under SNMP Version data, select v3.

2.Under Agent Properties, check SNMP Traps.

3. Under Agent Properties, configure a System Name, Location, and Contact.

4.Under User 1, type in a valid username. Select AuthPriv.
- The auth protocol must be set to at least SHA. Type the Auth Password.
- The priv protocol must be set to at least CFB-AES-128. Type in the priv password.

5.Under Trap Thresholds, ensure Check Frequency is 180 seconds, Log Capacity is 75%, Users is 100%, Physical Memory is 0%, "Swap Memory" is 0%, Disk is 75%, CPU is 0%, and Meeting Users is 100%.

6.Under Optional Traps, check the boxes for Critical and Major Log Events.

7.Under SNMP Trap Servers, configure an IPv4/IPv6 address for the valid trap server/receiver, type in the port (default is 162), and select the user to use (use the user from step #4 above).