07-11-2002 07:20 AM - edited 03-08-2019 11:31 PM
Hi All,
How do I get my IDS 4210 to notify me with the actual alarm as opposed to just notifying me there is a High Alarm.
Thanks,
Rich
07-11-2002 08:47 PM
Not sure what you mean here. If you're using CSPM or HP OpenView, then when an alarm comes in you can see a bunch of information about it, including alarm severity, signature number, source/dest IP address, etc.
Where are you just seeing that there's an alarm present, without actually seeing information about it?
07-12-2002 05:04 AM
CSPM emails me out....In the body of the e-mail it simply says Medium Severity Alarms. I would like it to say, Medium Severity Alarms then tell me what the alarm is for. As opposed to me having to wait till I can access the CSPM server.
Rich
07-12-2002 07:30 AM
I only het "High Severity Alarm" or "Medium Severity alarm" also. I don't receive any information regarding the signature or what triggered the alarm. I have CSPM 2.3.3i and the S26 signatures.
07-12-2002 10:11 AM
You have to configure CSPM to send you any additional information.
Refer to this section of the CSPM user's guide:
http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch09.htm#xtocid99276
NOTE: There are certain items that can not be included. Such as the Signature Name instead of just the Signature ID. It is a by product of how the email notification code was written. The code doesn't internally link Ids to names like the Event Viewer, instead it only knows what the sensor sent it (which is the Signature Id and not the name). Several users have created their own perl script for emailing which does a lookup against the signature file and is able to send the signature name. I just wanted to point that out to you because it is the next thing that users start asking when they learn to add information to the email notifcations.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: