Skip to main content
Skip table of contents

Create New SNMP Alarm Notification Policies

An SNMP Manager must be configured to accept the SNMP traps generated by LogRhythm. All SNMP Managers are configured differently, so you must consult the documentation provided with the SNMP Manager for exact details. Configuration is performed by using a Management Information Base (MIB), provided by LogRhythm. All three MIB files must be compiled into the SNMP Manager for it to recognize the fields in a LogRhythm alarm trap:


Click here to download the MIB files.

  1. Do one of the following to access the Notification Policy Manager:
    • Administrators. On the main toolbar, click Deployment Manager. On the Tools menu, click Distribution, click Notifications and Collaboration, and then click Notification Policy Manager from the main menu.
    • Non-Administrators. On the My LogRhythm menu, click My Notification Policies.
  2. In the Policy Name field, enter a name for your policy. As a best practice, the name of the SNMP Manager should be included in the name of the SNMP Trap Notification Policy for easy identification.
  3. (Optional) On the Additional Info tab, enter a Brief Description and add details or other notes.
  4. Select one of the SNMP Protocols:
    • SNMP v1
    • SNMP v2c
    • SNMP v3
  5. On the Network tab
    • Enter the ARM Local Endpoint: IP address.
    • Enter the ARM Local Endpoint: Port (Default = 161)
    • Enter the Remote Endpoint: Remote Host
    • Enter the Remote Endpoint: Post (Default = 162)
  6. Do one of the following:
    • If you entered SNMP v1 or v2c, select the v1/v2c Security tab.
      • Enter the SNMP Community String. This is a text string that acts as a password and authenticates messages that are sent between the LogRhythm ARM (acting as an SNMP agent) and the management station (the SNMP manager). The community string is included in every packet that is transmitted between the SNMP agent and the SNMP manager.
    • If you entered SNMP v3, select the v3 Security tab and
      • Enter the SNMP v3 Authentication:
        • Algorithm: None, MD5, or SHA
        • User
        • Password
        • Confirm Password
      • If you selected the MD5 or SHA algorithm, enter the SNMP v3 Encryption:
        • Algorithm: None, DES, AES, Triple DES
        • Password
        • Confirm Password
  7. In the Include Alarm Fields section, select the boxes of the items to include in the alarm notification. You can right-click anywhere in the list to display a menu that allows you to Select All or Unselect All.
    The selected items appear in the notification in the same order that they appear in this list.
  8. (Optional) To reorder them, select an item and use the Field Order arrows at the top of the list. Arrows with lines above or below move an item to the top or bottom of the list. The other arrows move an item up or down one line at a time.
  9. Click OK.

Best practice is to create a unique role or Person Record for each SNMP Trap Notification Policy. Include the name of the SNMP Manager as the name of the Person Record and the SNMP Trap Notification Policy.

A new private policy is created. To create a group policy that can be used by others, see Create Group Notifications for Alarms.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.