IBM Security QRadar

Hello all,

Is anyone know how we can  monitor the free space in the /store partition using SNMP trap and send this information  to  Nagios for exemple?

Thank  you  for  you  help.

Regards.

------------------------------
cherbani samir
------------------------------

SNMP trap is something dispatched in response to some condition.

QRadar already has some notifications about free space for the partitions. You can create a QRadar rule which monitors the file partition (/store in this case) for a pre-defined theshold and as a response, can send SNMP trap, syslog etc to Nagios.
Hope this helps.

P.S. You can also do the same with a custom script. Just saying.

------------------------------
Chinmay Kulkarni
------------------------------

Original Message:
Sent: Wed October 23, 2019 12:30 PM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello all,

Is anyone know how we can  monitor the free space in the /store partition using SNMP trap and send this information  to  Nagios for exemple?

Thank  you  for  you  help.

Regards.

------------------------------
cherbani samir
------------------------------

Hello Chinmay Kulkarni,

Thank  you for your reply, I'd like to create a rule  which monitor the /stor partition but How can I do that which  kind of rule should I use (event, flow or commun rule) if you have any idea on how can  I do that please share with me.

Regards.

------------------------------
cherbani samir
------------------------------

Original Message:
Sent: Fri October 25, 2019 09:55 AM
From: Chinmay Kulkarni
Subject: SNMP trap configuration in Qradar

SNMP trap is something dispatched in response to some condition.

QRadar already has some notifications about free space for the partitions. You can create a QRadar rule which monitors the file partition (/store in this case) for a pre-defined theshold and as a response, can send SNMP trap, syslog etc to Nagios.
Hope this helps.

P.S. You can also do the same with a custom script. Just saying.

------------------------------
Chinmay Kulkarni

Original Message:
Sent: Wed October 23, 2019 12:30 PM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello all,

Is anyone know how we can  monitor the free space in the /store partition using SNMP trap and send this information  to  Nagios for exemple?

Thank  you  for  you  help.

Regards.

------------------------------
cherbani samir
------------------------------

Hi @cherbani samir,

So, this will be an event rule as we want to correlate on an event.(We would choose flow rule or common rule if we needed a flow condition in the rule.)

You can approach this in two ways: One, monitor if the disk space usage exceeds the warning threshold and max threshold which is 90% and 95% respectively. Second, you can actively monitor the disk space usage and availability from the internal QRadar Health Metric log source.

For one, refer the following URL where support illustrates how to setup the alerting.
https://www.ibm.com/support/pages/qradar-configuring-qradar-remote-alerts-about-disk-usage

For second, do the same thing for creating an event rule but instead of using Disk Sentry log source, use "Health Metics" log source, a custom property Partition equals to /store and another custom property Value to monitor the value and put a syslog as output to Nagios. Rfer the image for the rule description. In rule responses, you can use Send to forwarding destination to send it to Nagios

Let me know if this helps.

------------------------------
Chinmay Kulkarni
------------------------------

Original Message:
Sent: Fri October 25, 2019 10:30 AM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello Chinmay Kulkarni,

Thank  you for your reply, I'd like to create a rule  which monitor the /stor partition but How can I do that which  kind of rule should I use (event, flow or commun rule) if you have any idea on how can  I do that please share with me.

Regards.

------------------------------
cherbani samir

Original Message:
Sent: Fri October 25, 2019 09:55 AM
From: Chinmay Kulkarni
Subject: SNMP trap configuration in Qradar

SNMP trap is something dispatched in response to some condition.

QRadar already has some notifications about free space for the partitions. You can create a QRadar rule which monitors the file partition (/store in this case) for a pre-defined theshold and as a response, can send SNMP trap, syslog etc to Nagios.
Hope this helps.

P.S. You can also do the same with a custom script. Just saying.

------------------------------
Chinmay Kulkarni

Original Message:
Sent: Wed October 23, 2019 12:30 PM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello all,

Is anyone know how we can  monitor the free space in the /store partition using SNMP trap and send this information  to  Nagios for exemple?

Thank  you  for  you  help.

Regards.

------------------------------
cherbani samir
------------------------------

Hi Chinmay,

Thank  you  very much  it's working very well for me thank  you  very much  for your help

Regards.

------------------------------
cherbani samir
------------------------------

Original Message:
Sent: Tue October 29, 2019 06:15 AM
From: Chinmay Kulkarni
Subject: SNMP trap configuration in Qradar

Hi @cherbani samir,

So, this will be an event rule as we want to correlate on an event.(We would choose flow rule or common rule if we needed a flow condition in the rule.)

You can approach this in two ways: One, monitor if the disk space usage exceeds the warning threshold and max threshold which is 90% and 95% respectively. Second, you can actively monitor the disk space usage and availability from the internal QRadar Health Metric log source.

For one, refer the following URL where support illustrates how to setup the alerting.
https://www.ibm.com/support/pages/qradar-configuring-qradar-remote-alerts-about-disk-usage

For second, do the same thing for creating an event rule but instead of using Disk Sentry log source, use "Health Metics" log source, a custom property Partition equals to /store and another custom property Value to monitor the value and put a syslog as output to Nagios. Rfer the image for the rule description. In rule responses, you can use Send to forwarding destination to send it to Nagios

Let me know if this helps.

------------------------------
Chinmay Kulkarni

Original Message:
Sent: Fri October 25, 2019 10:30 AM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello Chinmay Kulkarni,

Thank  you for your reply, I'd like to create a rule  which monitor the /stor partition but How can I do that which  kind of rule should I use (event, flow or commun rule) if you have any idea on how can  I do that please share with me.

Regards.

------------------------------
cherbani samir

Original Message:
Sent: Fri October 25, 2019 09:55 AM
From: Chinmay Kulkarni
Subject: SNMP trap configuration in Qradar

SNMP trap is something dispatched in response to some condition.

QRadar already has some notifications about free space for the partitions. You can create a QRadar rule which monitors the file partition (/store in this case) for a pre-defined theshold and as a response, can send SNMP trap, syslog etc to Nagios.
Hope this helps.

P.S. You can also do the same with a custom script. Just saying.

------------------------------
Chinmay Kulkarni

Original Message:
Sent: Wed October 23, 2019 12:30 PM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello all,

Is anyone know how we can  monitor the free space in the /store partition using SNMP trap and send this information  to  Nagios for exemple?

Thank  you  for  you  help.

Regards.

------------------------------
cherbani samir
------------------------------

You are most welcome.
I am glad I could be of help! :)

------------------------------
Chinmay Kulkarni
------------------------------

Original Message:
Sent: Tue October 29, 2019 10:08 AM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hi Chinmay,

Thank  you  very much  it's working very well for me thank  you  very much  for your help

Regards.

------------------------------
cherbani samir

Original Message:
Sent: Tue October 29, 2019 06:15 AM
From: Chinmay Kulkarni
Subject: SNMP trap configuration in Qradar

Hi @cherbani samir,

So, this will be an event rule as we want to correlate on an event.(We would choose flow rule or common rule if we needed a flow condition in the rule.)

You can approach this in two ways: One, monitor if the disk space usage exceeds the warning threshold and max threshold which is 90% and 95% respectively. Second, you can actively monitor the disk space usage and availability from the internal QRadar Health Metric log source.

For one, refer the following URL where support illustrates how to setup the alerting.
https://www.ibm.com/support/pages/qradar-configuring-qradar-remote-alerts-about-disk-usage

For second, do the same thing for creating an event rule but instead of using Disk Sentry log source, use "Health Metics" log source, a custom property Partition equals to /store and another custom property Value to monitor the value and put a syslog as output to Nagios. Rfer the image for the rule description. In rule responses, you can use Send to forwarding destination to send it to Nagios

Let me know if this helps.

------------------------------
Chinmay Kulkarni

Original Message:
Sent: Fri October 25, 2019 10:30 AM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello Chinmay Kulkarni,

Thank  you for your reply, I'd like to create a rule  which monitor the /stor partition but How can I do that which  kind of rule should I use (event, flow or commun rule) if you have any idea on how can  I do that please share with me.

Regards.

------------------------------
cherbani samir

Original Message:
Sent: Fri October 25, 2019 09:55 AM
From: Chinmay Kulkarni
Subject: SNMP trap configuration in Qradar

SNMP trap is something dispatched in response to some condition.

QRadar already has some notifications about free space for the partitions. You can create a QRadar rule which monitors the file partition (/store in this case) for a pre-defined theshold and as a response, can send SNMP trap, syslog etc to Nagios.
Hope this helps.

P.S. You can also do the same with a custom script. Just saying.

------------------------------
Chinmay Kulkarni

Original Message:
Sent: Wed October 23, 2019 12:30 PM
From: cherbani samir
Subject: SNMP trap configuration in Qradar

Hello all,

Is anyone know how we can  monitor the free space in the /store partition using SNMP trap and send this information  to  Nagios for exemple?

Thank  you  for  you  help.

Regards.

------------------------------
cherbani samir
------------------------------