The Alerter subsystem transmits messages that have been queued by other components - correlation alerts that have been queued by the Anomaly Detection subsystem, or run-time alerts that have been generated by security policies, for example. The Alerter subsystem can be configured to send messages to both SMTP and SNMP servers. Alerts can also be sent to syslog or custom alerting classes, but no special configuration is required for those two options, beyond starting the Alerter. There are four types of Alerter commands. Use the links in the lists below, or browse the commands, which are listed in alphabetical sequence following the lists.
Restarts the Alerter. You can perform the same function using the store alerter state operational command to stop and then start the alerter:
store alerter state operational off
store alerter state operational on
restart alerter
Stops the Alerter. You can perform the same function using the store alerter state operational command:
store alerter state operational off
stop alerter
Sets is the number of seconds, n, that the Alerter waits before checking its outgoing message queue to send SNMP traps or transmit email via SMTP. The default is 30.
store alerter poll <n>
show alerter poll
Starts (on) or stops (off) the Alerter. The default state at installation time is off. You can also use the restart alerter or stop alerter commands to restart or stop the Alerter subsystem.
store alerter state operational <on | off>
show alerter state operational
Enables or disables the automatic start-up of the Alerter on system start-up. The default state at installation time is off.
store alerter state startup <on | off>
show alerter state startup
Sets the alerter SMTP authentication password to the specified value. Note that there is no corresponding show command.
store alerter smtp authentication <value>
Sets the authentication type required by the SMTP server to the one of the following values:
none: Send without authentication.
auth: Username/password authentication. When used, set the user account and password using the following commands:
store alerter smtp authentication username
store alerter smtp authentication type <none | auth>
show alerter smtp authentication type
Sets the alerter SMTP email authentication username to the specified name.
store alerter smtp authentication username <name>
show alerter smtp authentication username
Sets the port number on which the SMTP server listens, to the value specified by n. The default is 25 (the standard SMTP port).
store alerter smtp port <n>
show alerter smtp port
Sets the ip address of the SMTP server to be used by the Guardium appliance.
store alerter smtp relay <ip address>
show alerter smtp relay
Sets the return email address for email alerts. Any bounced messages or email failures will be returned to this address.
store alerter smtp returnaddr <email address>
show alerter smtp returnaddr
Sets the SNMP trap community used by the Alerter, to the name specified. There is no corresponding show command.
store alerter snmp community <name>
Sets the Alerter SNMP trap server to receive alerts, to the specified IP address or DNS host name.
store alerter snmp traphost <snmp host>
show alerter snmp traphost
Sets the Anomaly Detection polling interval, in minutes (n). This controls the frequency with which Guardium checks log data for anomalies.
store anomaly-detection poll <n>
show anomaly-detection poll
Enables or disables the Anomaly Detection subsystem, which executes all active statistical alerts, checks the logs for anomalies, and queues alerts as necessary for the Alerter subsystem.
store anomaly-detection state <on | off>
show anomaly-detection state