Cannot get any email notifications

thanhlv · ‎04-21-2002

I would like to congfigure the Unix Director to email to my mailbox the alarm

details. Although I went through the Configuration Guide many times, I failed.

Here are the steps that I did. Can you please tell me where I am wrong?

1. Configuring sendmail on my host to send mails through the ISP's smart host:

- mail program works properly. I tested " mail thanhle@hcmpt.vnn.vn". It was

successfull.

2. Enable eventd on the Director.

In the dialog setting Event Processing for Director

- Applicatons: /usr/nr/bin/eventd/event

-Email: Alarm=1

Severity level=1

Source=either

Destination=either

Recipient=thanhle@hcmpt.vnn.vn

-Timing:

Consolidation interval: 200

Alarm count thresholds:1

3. Configure smid to forward the events to eventd.

In the Director Forwarding dialog, I added a new entry

- HOst: ids.NETSOFT

Service: eventd

Min level:1

Alarms: yes

Commands:no

Iplogs: no

Errors: no

In the Destination dialog, i added a new entry with the following parameters:

Host: ids.NETSOFT

Service: eventd

min level: 1

Command:no

Alarm: yes

ip log:no

marcabal · ‎04-22-2002

Step 2 in your list is actually 2 steps.

The first half of the the step sets up the execution of /usr/nr/bin/eventd/event for level 1 alarms and higher, and then the second half of the step sets up for who receives the email for which alarms.

Try repeating the second half of step 2 for severity 2 alarms, severity 3 alarms, severity 4 alarms, and severity 5 alarms. If my memmory serves me that one small email piece is different then the rest of the IDS director configuration. Instead of emailing for that severity or higher, it is sending email for only that severity. So you need a different line for each severity you want alarms for.