Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Turn off the SNMP traps to the SNMP server for any Deep Inspection alerts/alarms

0

0

Article ID: KB20544 KB Last Updated: 18 Oct 2012Version: 2.0
Summary:
SNMP traps can be sent for Emergency, Alert and Critical level events. The Deep Inspection attacks are logged based on the Severity that is set on the policy.
Symptoms:
Stop Deep Inspection alerts/alarms to get logged into the SNMP server.
Solution:

Specific alerts, such as DI alerts/alarms, cannot be turned off. You will have to turn off all the alerts by stopping the sending of all ALERT level logs to the SNMP server or by deleting the complete SNMP community.

However, there is a way to change the severity of DI alarms. By setting the severity for Deep Inspection messages, we can specifically stop the DI alerts getting logged to the SNMP server.

By default, only the critical alarms/alerts are sent to the SNMP server.

DI-severity specifies the severity of events that generate error messages. The possible event levels are info, low, medium, high, and critical.

The severity of Deep Inspection alarms can be set as info because by doing so the DI related messages are still be logged into the event logs but they are no more treated as critical alarms but information. Hence the DI messages would not be trapped into the SNMP server.

To set the severity of DI alerts /alarms, follow the below given steps:

WEBUI:

  1. Click on Policy.
  2. Edit the policy for which you want to change the DI severity
  3. There is a severity drop-down box at the top, change the severity to “info”.

CLI:
set di-severity info

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search