Alerts

 < Day Day Up > 

Alerts are configurable via the Events menu, with options of how, where, and why alerts should be sent. By default, events are logged in the event log; support staff notification occurs only if they examine the CSA MC screens. To take a more proactive approach to managing security-impacting events, configure alerts for notification.

To configure an alert from the Alerts page, click the New button. As with all other configurable items, you need to configure a name and a description for the alert. After the Name and Description fields, you see the following configuration information, as shown in Figure 8-20:

  • Send Alerts for the Following Event Sets Specify the event set match that will trigger alerts. You must configure an event set to identify which specific events will cause alerts to be sent.

    Note

    Event set time options are not used when applied to alerts. Alerts such as pager and e-mail notification are sent in real time as events are received from agents and placed in the CSA MC event log, and historical timeframes are not applied.


  • Alert Method You must configure one of the following methods of alert delivery:

    • Email The Alert is sent via e-mail. Configurable parameters for this type of alert include recipient(s) address(es), sender address, mail server name/IP, and subject line.

    • Pager The alert is sent to a pager. Configurable parameters include telephone number, PIN, modem init string, modem dial string, characters per block, port, and baud rate. This alert type requires the CSA MC to have a Hayes-compatible modem installed locally.

    • SNMP The alert is delivered as an SNMP trap. Configurable parameters include community name and SNMP management station IP address.

    • Log The alert is written to a log file. The only configurable parameter for this alerting mechanism is the log file location, including path and name. The log file created contains several fields that are explained in detail within the CSA Help files and documentation.

      Note

      The log file created as part of the alerting mechanism will only reach 1 MB in size before the file is closed and prepended with a timestamp. Another file is then opened in its place with the same filename as before.


    • Custom The alert is handed to a custom program as a parameter to the executable. The parameter passed is the log file created to send to the program. This file is temporary and only exists until it is passed to the application. The program name and path are the only configurable options.

      Note

      The custom program must be located in the CSCOpx directory or subdirectory for it to work according to CSA MC policies, and the execution of the custom application cannot require any user input.


    • Named Pipe The alert is handed to a third-party application via a named pipe. The application must be local because the prepended named pipe information is \\ .\pipe\, where the period denotes the local machine. The only configurable parameter is the rest of the named pipe location or the name of the local system.

Figure 8-20. Alert Configuration Screen


Alerts can be sent via one or more mechanisms by checking the appropriate check boxes at configuration time. Another option you have for controlling the sending of alerts is the Purge Pending Events button. This button enables you to purge the list of alerts queued for sending that have not yet been sent. You might want to purge alerts if you are already working an issue that spurned many alerts. You would not need to receive any more alerts relating to the event triggers in this particular case, and all further alerts queued up for delivery could be removed.

     < Day Day Up > 


    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net