I am trying to have our Web Security Triton server send messages to our SIEM via SNMP alerts. The server itself has a SIEM agent running on it that can monitor its event logs. My plan was to have Websense send SNMP alerts to localhost (already configured a community string and saved the information on the Triton config settings), trap those messages locally and have them show up as WMI events on the servers event logs.
I am not sure if this sort of configuration is beyond the scope of Websense's support, but I am having trouble with loading the Websense MIB.I followed the instructions from Microsoft on http://msdn.microsoft.com/en-us/library/windows/desktop/aa393621%28v=vs.85%29.aspx#installing_the_snmp_provider
I found WEBSENSE-MIB.txt (renamed it to .mib), which I loaded with smi2smir2 and created a .mof file. loaded the .mof file with the mofcomp command. Even after all that trouble I still don't see any WMI events related to websense alerts in the application log. If anyone knows what I may be doing wrong or knows how to setup SNMP alerts to the localhost as WMI events, please help me out.