We have been using the emailalert.pl script to send emails when certain sigs fire. Previously we had all 4.x sensors and now we have upgraded them all to 5.x. The script still works however, the "Actions taken:" part of the email is blank. Does anyone know of a way to have it list the new 5.x actions (denypacket)? I suppose a new script may have to be written. Is cisco going to update this?
Hmmm, I'll get onto it. I wrote the scripts and I must apologise I did some quick testing when v5 came out and saw that it still produced alerts and left it at that. I'll get onto it as soon as I can and will update the web site with the details, my apologies.
My apologies, been a mad house here for the past few months and this completely slipped through the cracks. I'll get onto it next week when I have some time and will post the finalised script here for your use. Again, my apologies.
OK, here 'tis, finally. Sorry for the delays. Let me know if it doesn't work correctly.
Change its name to emailalertv5.pl (I wasn't allowed to attach .pl files up here), and save it into the same directory as your current script. Then change your SecMon Notifications config to point to this script, leave the Query variable the same.
Hello. You wrote the scripts? Maybe you can help me. I opened a TAC incident a couple of years ago and they failed to resolve this for me. I've been using 4.x sensors for 3 years now, and the emailalert script has never reliably worked. I received a few odd emails here and there and then it stopped working and I haven't been able to get it working since. It isn't an email issue, because I can use blat from the command line to send emails from the VMS box all day long. If I look at the temp file, it just never gets updated. I have a rule set now that should trip constantly. I set it up for testing purposes. It's set to run the script after every single occurrence of any type pf alarm, but it never does a thing. Can you tell me what I may be doing wrong? If I run the script manually I get an email containing this:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :