Cisco Cisco Firepower Management Center 4000
15-5
FireSIGHT System User Guide
Chapter 15 Configuring External Alerting
Working with Alert Responses
Step 10
In the
Privacy Password
field, type the privacy password required by the SNMP server.
Step 11
In the
Engine ID
field, type an identifier for the SNMP engine, in hexadecimal notation, using an even
number of digits.
When you use SNMPv3, the system uses an Engine ID value to encode the message. Your SNMP server
requires this value to decode the message.
requires this value to decode the message.
Cisco recommends that you use the hexadecimal version of the Defense Center’s IP address. For
example, if the Defense Center has an IP address of
example, if the Defense Center has an IP address of
10.1.1.77
, use
0a01014D0
.
Step 12
Click
Save
.
The alert response is saved and is automatically enabled.
Creating a Syslog Alert Response
License:
Any
When configuring a syslog alert response, you can specify the severity and facility associated with the
syslog messages to ensure that they are processed properly by the syslog server. The facility indicates
the subsystem that creates the message and the severity defines the severity of the message. Facilities
and severities are not displayed in the actual message that appears in the syslog, but are instead used to
tell the system that receives the syslog message how to categorize it.
syslog messages to ensure that they are processed properly by the syslog server. The facility indicates
the subsystem that creates the message and the severity defines the severity of the message. Facilities
and severities are not displayed in the actual message that appears in the syslog, but are instead used to
tell the system that receives the syslog message how to categorize it.
Tip
For more detailed information about how syslog works and how to configure it, refer to the
documentation for your system. On UNIX systems, the
documentation for your system. On UNIX systems, the
man
pages for
syslog
and
syslog.conf
provide
conceptual information and configuration instructions.
Although you can select any type of facility when creating a syslog alert response, you should select one
that makes sense based on your syslog server; not all syslog servers support all facilities. For UNIX
syslog servers, the
that makes sense based on your syslog server; not all syslog servers support all facilities. For UNIX
syslog servers, the
syslog.conf
file should indicate which facilities are saved to which log files on the
server.
The following table lists the syslog facilities you can select.
Table 15-2
Available Syslog Facilities
Facility
Description
ALERT
An alert message.
AUDIT
A message generated by the audit subsystem.
AUTH
A message associated with security and authorization.
AUTHPRIV
A restricted access message associated with security and authorization. On
many systems, these messages are forwarded to a secure file.
many systems, these messages are forwarded to a secure file.
CLOCK
A message generated by the clock daemon.
Note that syslog servers running a Windows operating system will use the
CLOCK
facility.
CRON
A message generated by the clock daemon.
Note that syslog servers running a Linux operating system will use the
CRON
facility.