Trancemission
Technical User
I have a netscreen Firewall which I am currently testing with OpenView.
I have built maps etc and all this is fine, I am now trying to sort out SNMP traps. One problem that I have found is that the Netscreen only has one OID for traps that it sends. The device has many conditions when it sends traps [SYN attacks, port scans etc..] but they all have the same OID, but the description that it sends [which is comprhensive and has all the information] changes dependent on the type of attack.
I want to be able to take the description and make decisions based on that which regards to what alarm to raise. I have had the idea of creating a Unix system, which has openview client running with snmpTrapd and then making this recieve the trap, evaluate it and then create an openview event. This is not going to be ideal in the real-world enviroment so I was wondering what options [if any] there are in openview, however any help is always welcomed
Many Thanks
Trancemission
=============
If it's logical, it'll work!
I have built maps etc and all this is fine, I am now trying to sort out SNMP traps. One problem that I have found is that the Netscreen only has one OID for traps that it sends. The device has many conditions when it sends traps [SYN attacks, port scans etc..] but they all have the same OID, but the description that it sends [which is comprhensive and has all the information] changes dependent on the type of attack.
I want to be able to take the description and make decisions based on that which regards to what alarm to raise. I have had the idea of creating a Unix system, which has openview client running with snmpTrapd and then making this recieve the trap, evaluate it and then create an openview event. This is not going to be ideal in the real-world enviroment so I was wondering what options [if any] there are in openview, however any help is always welcomed
Many Thanks
Trancemission
=============
If it's logical, it'll work!