Sanford,
Yes, this is possible.
SiteProtector Central Responses allows you to set up SNMP responses,
and check multiple SNMP "Response Objects" that you want to send to.
In this way, as long as you have a Central Response set up for that
event (or events, since you can do wildcard matches), you can send to
multiple SNMP servers each time the Central Response fires. Note:
Central Responses are not designed to be sensor specific, so they will
apply to events firing on all sensors. This is convenient if, for
example, you want to send an SNMP response to two SNMP managers for
all High priority events. Or as another example, you can send the
SNMP responses for all High Priority events which start with HTTP*.
If you plan to use Central Responses with SNMP, please make sure you
are at Core Service Pack 5.2, since many SNMP enhancements were added.
There's always more information available about Central Responses in
the SiteProtector Help or the SiteProtector documentation:
For responses on the sensors, you can send different SNMP responses
for different events, but you can't send to two SNMP servers for a
single event. Note: Responses on the sensors are completely unrelated
to Central Responses (and will therefore fire independently). If you
want to fire to different managers for different events, edit the
Global Responses and derive a new name under the SNMP responses. Once
you have different names set up, merge the changes into your response
policy for your sensor, then re-push the response policy to the
sensor. Now when you edit your policy you will see the named
responses available from the drop down when you check the SNMP
response for an event.
On 5/31/05, Sanford Whitehouse <swhitehouse@loglogic.com> wrote:
Sanford Whitehouse wrote:
No. Have you run into this?
Sanford
Yup, I have the same problem at work, we need to split the traps to two
destinations (two HP Openview boxes) for resilience.
It's probably possible on Unix variants to snmp back to the localhost
then forward to two different ips from there, but i've had no lab time
in the last 3 months to test it. Windows is a different matter, i'm not
sure if that could handle it, plus its snmp service is pretty flakey.
regards,
Nick.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
