Cisco Systems CSACS3415K9 Manual De Usuario
12-29
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 12 Managing Alarms
Creating, Editing, and Duplicating Alarm Thresholds
You can specify one or more filters to limit the failed authentications that are considered for threshold
evaluation. Each filter is associated with a particular attribute in the records and only those records that
match the filter condition are counted. If you specify multiple filter values, only the records that match
all the filter conditions are counted.
evaluation. Each filter is associated with a particular attribute in the records and only those records that
match the filter condition are counted. If you specify multiple filter values, only the records that match
all the filter conditions are counted.
Choose this category to define threshold criteria based on an external database that ACS is unable to
connect to. Modify the fields in the Criteria tab as described in
connect to. Modify the fields in the Criteria tab as described in
.
Related Topics
•
•
•
RBACL Drops
When ACS evaluates this threshold, it examines Cisco Security Group Access RBACL drops that
occurred during the specified interval up to the previous 24 hours. The RBACL drop records are grouped
by a particular common attribute, such as NAD, SGT, and so on.
occurred during the specified interval up to the previous 24 hours. The RBACL drop records are grouped
by a particular common attribute, such as NAD, SGT, and so on.
A count of such records within each of those groups is computed. If the count for any group exceeds the
specified threshold, an alarm is triggered. For example, consider the following threshold configuration:
specified threshold, an alarm is triggered. For example, consider the following threshold configuration:
RBACL Drops greater than 10 in the past 4 hours by a SGT.
Table 12-22
External DB Unavailable
Option
Description
External DB Unavailable
percent|count greater than num in the past time Minutes|Hours for a object, where:
•
Percent|Count value can be Percent or Count.
•
num values can be any one of the following:
–
0 to 99 for percent
–
0 to 99999 for count
•
time values can be 1 to 1440 minutes, or 1 to 24 hours.
•
Minutes|Hours value can be Minutes or Hours.
•
object values can be:
–
ACS Instance
–
Identity Store
Filter
ACS Instance
Click Select to choose a valid ACS instance on which to configure your threshold.
Identity Group
Click Select to choose a valid identity group name on which to configure your threshold.
Identity Store
Click Select to choose a valid identity store name on which to configure your threshold.
Access Service
Click Select to choose a valid access service name on which to configure your threshold.
Protocol
Use the drop-down list box to configure the protocol that you want to use for your threshold.
Valid options are:
Valid options are:
•
RADIUS
•
TACACS+