Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6788 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to see if the SNMP server can receive AV traps

NalK

Hi,

Within the Sophos console, in the Anti virus and HIPS policy a SNMP server has been listed in the SNMP Trap destination however how can I check if it's being configured correctly?  We are receiving all other traps from that AV server except the Desktop AV alerts.

Thanks

:37141


This thread was automatically locked due to age.
Parents
  • 0

    Hello NalK,

    an alert in the Sophos console which in turn send a trap to the snmp server

    I might have a bad start today but AFAIK the console does only send mail, not SNMP messages. The AV policy applies to clients and therefore it's them sending the traps.

    Apart from this please be aware that detection and subsequent cleanup could (I've never tested it) result in more than one message being sent - if you automatically create a ticket you'd have to correlate them in some way. Perhaps you've already observed in the dashboard the number of virus/spyware alerts to rise and drop again after a few seconds (or computers to "come and go" in the Computers with alerts list). If you look at the details this is caused by detections for which the cleanup succeeds (soon) afterwards. SEC has the logic to correctly process this sequence of events.

    Christian 

    :37229
Reply
  • 0

    Hello NalK,

    an alert in the Sophos console which in turn send a trap to the snmp server

    I might have a bad start today but AFAIK the console does only send mail, not SNMP messages. The AV policy applies to clients and therefore it's them sending the traps.

    Apart from this please be aware that detection and subsequent cleanup could (I've never tested it) result in more than one message being sent - if you automatically create a ticket you'd have to correlate them in some way. Perhaps you've already observed in the dashboard the number of virus/spyware alerts to rise and drop again after a few seconds (or computers to "come and go" in the Computers with alerts list). If you look at the details this is caused by detections for which the cleanup succeeds (soon) afterwards. SEC has the logic to correctly process this sequence of events.

    Christian 

    :37229
Children
No Data