SNMP traps can be sent for Emergency, Alert and Critical level events. The Deep Inspection attacks are logged based on the Severity that is set on the policy.

Stop Deep Inspection alerts/alarms to get logged into the SNMP server.

Specific alerts, such as DI alerts/alarms, cannot be turned off. You will have to turn off all the alerts by stopping the sending of all ALERT level logs to the SNMP server or by deleting the complete SNMP community.

However, there is a way to change the severity of DI alarms. By setting the severity for Deep Inspection messages, we can specifically stop the DI alerts getting logged to the SNMP server.

By default, only the critical alarms/alerts are sent to the SNMP server.

DI-severity specifies the severity of events that generate error messages. The possible event levels are info, low, medium, high, and critical.

The severity of Deep Inspection alarms can be set as info because by doing so the DI related messages are still be logged into the event logs but they are no more treated as critical alarms but information. Hence the DI messages would not be trapped into the SNMP server.

To set the severity of DI alerts /alarms, follow the below given steps:

WEBUI:

1. Click on Policy.
2. Edit the policy for which you want to change the DI severity
3. There is a severity drop-down box at the top, change the severity to “info”.

CLI:

set di-severity info