Cisco Cisco Firepower Management Center 4000
15-7
FireSIGHT System User Guide
Chapter 15 Configuring External Alerting
Working with Alert Responses
Step 4
In the
Port
field, type the port the server uses for syslog messages.
By default, this value is 514.
Step 5
From the
Facility
list, select a facility.
See the
table for a list of the available facilities.
Step 6
From the
Severity
list, select a severity.
See the
table for a list of the available severities.
Step 7
In the
Tag
field, type the tag name that you want to appear with the syslog message.
Use only alphanumeric characters in tag names. You cannot use spaces or underscores.
As an example, if you wanted all messages sent to the syslog to be preceded with
From
DC
, type
From
DC
in the field.
Step 8
Click
Save
.
The alert response is saved and is automatically enabled.
Modifying an Alert Response
License:
Any
For most types of alerting, if an alert response is enabled and in use, changes to the alert response take
effect immediately. However, for alert responses used in access control rules to log connection events,
changes do not take effect until you reapply the access control policy.
effect immediately. However, for alert responses used in access control rules to log connection events,
changes do not take effect until you reapply the access control policy.
To edit an alert response:
Access:
Admin
Step 1
Select
Policies > Actions > Alerts
.
The Alerts page appears.
Step 2
Next to the alert response you want to edit, click the edit icon (
).
A configuration pop-up window for that alert response appears.
Step 3
Make changes as needed.
Step 4
Click
Save
.
The alert response is saved.
Deleting an Alert Response
License:
Any
You can delete any alert response that is not in use.
To delete an alert response:
Access:
Admin