SNMPv2 log source parameters for Cisco CSA

If QRadar does not automatically detect the log source, add a Cisco CSA log source on the QRadar Console by using the SNMPv2 protocol.

When using the SNMPv2 protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect SNMPv2 events from Cisco CSA devices:
Table 1. SNMPv2 log source parameters for the Cisco CSA DSM
Parameter Value
Log Source Name Type a name for your log source.
Log Source type Cisco CSA
Protocol Configuration SNMPv2
Log Source Identifier Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco CSA device.

Community Type the SNMP community name required to access the system containing SNMP events. The default is Public.
Include OIDs in Event Payload

Clear the Include OIDs in Event Payload checkbox, if selected.

This options allows the SNMP event payload to be constructed using name-value pairs instead of the standard event payload format. Including OIDs in the event payload is required for processing SNMPv2 or SNMPv3 events from certain DSMs.

For more information about the SNMPv2 protocol, see SNMPv2 protocol configuration options.