Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS Notification

Hi All,

How do I get my IDS 4210 to notify me with the actual alarm as opposed to just notifying me there is a High Alarm.

Thanks,

Rich

4 REPLIES
Cisco Employee

Re: IDS Notification

Not sure what you mean here. If you're using CSPM or HP OpenView, then when an alarm comes in you can see a bunch of information about it, including alarm severity, signature number, source/dest IP address, etc.

Where are you just seeing that there's an alarm present, without actually seeing information about it?

New Member

Re: IDS Notification

CSPM emails me out....In the body of the e-mail it simply says Medium Severity Alarms. I would like it to say, Medium Severity Alarms then tell me what the alarm is for. As opposed to me having to wait till I can access the CSPM server.

Rich

New Member

Re: IDS Notification

I only het "High Severity Alarm" or "Medium Severity alarm" also. I don't receive any information regarding the signature or what triggered the alarm. I have CSPM 2.3.3i and the S26 signatures.

Cisco Employee

Re: IDS Notification

You have to configure CSPM to send you any additional information.

Refer to this section of the CSPM user's guide:

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch09.htm#xtocid99276

NOTE: There are certain items that can not be included. Such as the Signature Name instead of just the Signature ID. It is a by product of how the email notification code was written. The code doesn't internally link Ids to names like the Event Viewer, instead it only knows what the sensor sent it (which is the Signature Id and not the name). Several users have created their own perl script for emailing which does a lookup against the signature file and is able to send the signature name. I just wanted to point that out to you because it is the next thing that users start asking when they learn to add information to the email notifcations.

96
Views
0
Helpful
4
Replies
CreatePlease to create content