Cisco Support Community
Community Member

Custom scripts for IDS e-mail alerting

I need an idiots guide (for want of a better word) on how to write custom scripts for the IDS alerting from the Unix director. Currently the notification script is taken from the eventd directory. The format of the default mails is poor and it would be difficult for anyone outside of our department to be able to decipher them.

Can any of you point me in the right direction? Thanks

Community Member

Re: Custom scripts for IDS e-mail alerting

The following link will be helpful for you in writing custom scripts.


Community Member

Re: Custom scripts for IDS e-mail alerting

Are you using the Event Processing -> Applications tab or the Event Processing -> E-mail?

If you write a custom script for the Applications setup, then the positional parameters are the fields of the director log files as described in the Netranger User's Guide. You can do whatever you want at this point, including DNS lookups, cross-referencing of the signature numbers with a locally written file of caveats and notes, etc.

Could you describe better what you want to do?

Community Member

Re: Custom scripts for IDS e-mail alerting

I have got the script defined in the event processing -> applications tab, but I have the alarm events defined in the e-mail tab for each of the severities of alarms. When any of our sensors recieves and alarm it's sent to the director and the director mails the details of the alarm. I want the content of that mail to be a lot more descriptive so anyone can understand what the mail is about. I would like it to say in plain english what IDS sensor the alarm is from, what the alarm is, the source and destination address and some instructions for the recipient of the alarm to tell them how to react to the alert e.g call this number......!

Doesn't sound like it should be much of a change, but I have tried to edit the event script (after first creating a copy!!) and it just stopped alerting so I must have done something wrong.

CreatePlease to create content