Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
4
Replies

IDS Notification

rjohnson
Level 1
Level 1

‎07-11-2002 07:20 AM - edited ‎03-08-2019 11:31 PM

Hi All,

How do I get my IDS 4210 to notify me with the actual alarm as opposed to just notifying me there is a High Alarm.

Thanks,

Rich

Labels:
0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎07-11-2002 08:47 PM

Not sure what you mean here. If you're using CSPM or HP OpenView, then when an alarm comes in you can see a bunch of information about it, including alarm severity, signature number, source/dest IP address, etc.

Where are you just seeing that there's an alarm present, without actually seeing information about it?

0 Helpful

rjohnson
Level 1
Level 1
In response to gfullage

‎07-12-2002 05:04 AM

CSPM emails me out....In the body of the e-mail it simply says Medium Severity Alarms. I would like it to say, Medium Severity Alarms then tell me what the alarm is for. As opposed to me having to wait till I can access the CSPM server.

Rich

0 Helpful

sdesbrough
Level 1
Level 1
In response to rjohnson

‎07-12-2002 07:30 AM

I only het "High Severity Alarm" or "Medium Severity alarm" also. I don't receive any information regarding the signature or what triggered the alarm. I have CSPM 2.3.3i and the S26 signatures.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to sdesbrough

‎07-12-2002 10:11 AM

You have to configure CSPM to send you any additional information.

Refer to this section of the CSPM user's guide:

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch09.htm#xtocid99276

NOTE: There are certain items that can not be included. Such as the Signature Name instead of just the Signature ID. It is a by product of how the email notification code was written. The code doesn't internally link Ids to names like the Event Viewer, instead it only knows what the sensor sent it (which is the Signature Id and not the name). Several users have created their own perl script for emailing which does a lookup against the signature file and is able to send the signature name. I just wanted to point that out to you because it is the next thing that users start asking when they learn to add information to the email notifcations.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents