Configuring SolarWinds Orion to communicate with QRadar®
To collect events in IBM
QRadar from SolarWinds Orion,
you must configure your SolarWinds Orion Alert Manager device to create SNMP traps.
Procedure
Log in to your SolarWinds Orion Alert Manager device.
Select Start > All Programs > SolarWinds Orion > Alerting, Reporting, and Mapping > Advanced Alert Manager.
In the Alert Manager Quick Start window, click Configure
Alerts.
In the Manage Alerts window, select an existing alert and
then click Edit.
Click the Triggered Actions tab.
Click Add New Action.
In the Select an Action window, select Send an SNMP
Trap and then click OK.
To configure SNMP Trap Destinations, type the IP address of the QRadar
Console or QRadarEvent Collector.
To configure the Trap Template, select
ForwardSyslog.
To configure the SNMP Version, select the SNMP version that you want to
use to forward the event:
SNMPv2c - Type the SNMP Community String to use for
SNMPv2c authentication. The default SNMP Community String value is
public.
Note: To verify that your SNMP trap is configured properly, select an alert that you edited and
click Test. This action triggers and forwards the events to QRadar.
SNMPv3 - Type the Username and then select the
Authentication Method to use for SNMPv3.
Note: To verify that your SNMP trap is configured properly, select an alert that you edited and
click Test. This action triggers and forwards the events to QRadar.
Click OK.
What to do next
Repeat these steps to configure the SolarWinds Orion Alert Manager with all of the SNMP
trap alerts that you want to monitor in QRadar.