Alerter Configuration

Alerter Overview

No e-mail messages, SNMP traps, or alert related Syslog messages will be sent until the Alerter is configured and activated. Other components create and queue messages for the Alerter. The Alerter checks for and sends messages based on the polling interval that has been configured for it.

To configure, enable or disable individual correlation alerts, see the Correlation Alerts topic.

Note that for correlation alerts and appliance alerts to be produced, Anomaly Detection must also be started. For real-time alerts to be produced, a security policy must be installed.

Automatically activate the Alerter on startup

  1. Select Administration Console > Alerter to open the Alerter Configuration panel.

  2. Mark the Active on Startup checkbox. Each time the appliance restarts, the Alerter will be activated automatically.

  3. Click Apply.

  4. If the Alerter is not running, and you want to start it, click Restart.

  5.  Back to top

Set the frequency that the Alerter checks for and sends messages

  1. Select Administration Console > Alerter to open the Alerter Configuration panel.

  2. Enter the Polling Interval, in minutes.

  3. Click Apply.

  4.  Back to top

Configure the Alerter to send SMTP (email) messages

  1. Select Administration Console > Alerter to open the Alerter Configuration panel.

    Note
    : All remaining items in this topic are in the SMTP section of the Alerter panel.

  2. Enter the IP address for the SMTP gateway, in the IP Address box.

  3. Enter the SMTP port number (it is almost always 25) in the Port box.

  4. Optional: Click the Test Connection hypertext link to verify the SMTP address and port. This only tests that there is access to specified host and port. It does not verify that this is a working SMTP server. A dialog box is displayed, informing you of the success or failure of the operation.

    Note
    : If this SMTP server uses authentication, you must supply a valid User Name and Password for that mail server in the following two fields. Otherwise, those fields can be left blank.

  5. Enter a valid user name for your mail server in the User Name box if your SMTP server uses authentication.

  6. Enter the password for the above user in the Password box if your SMTP server uses authentication. Re-enter it in the Re-enter Password box.

  7. In the Return E-mail Address box, enter the return address for e-mail sent by the system. This address is usually an administrative account that is checked often.

  8. Select Auth in the Authentication Method if your SMTP server uses authentication. Otherwise, select None. When Auth is selected, you must specify the user name and password to be used for authentication.

  9. Click the Apply button to save the configuration.

    Note
    : The Alerter will not begin using a new configuration until it is restarted.

  10. Click Restart to restart the Alerter with the new configuration.

  11.  Back to top

Configure the Alerter to send SNMP traps

  1. Select Administration Console > Alerter to open the Alerter Configuration panel.

    Note
    : All remaining items in this topic are in the SNMP section of the Alerter panel.

  2. In the IP Address box, enter the IP address to which the SNMP trap will be sent.

  3. Optional: Click the Test Connection hypertext link to verify the SNMP address and port (22). This only tests that there is access to specified host and port. It does not verify that this is a working SNMP server. A dialog box is displayed, informing you of the success or failure of the operation.

  4. In the ”Trap” Community box, enter the community name for the trap. Retype the community in the Retype Community box.

  5. Click the Apply button to save the configuration.

    Note
    : The Alerter will not begin using a new configuration until it is restarted.

  6. Click Restart to restart the Alerter with the new configuration.

  7.  Back to top