Cisco Cisco Web Security Appliance S170 Guía Del Usuario
26-18
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 26 System Administration
Managing Alerts
Severities
Alerts can be sent for the following severities:
•
Critical: Requires immediate attention.
•
Warning: Problem or error requiring further monitoring and potentially immediate attention.
•
Information: Information generated in the routine functioning of this device.
Alert Settings
Alert settings control the general behavior and configuration of alerts, including:
•
The RFC 2822 Header From: when sending alerts (enter an address or use the default
“alert@<hostname>”). You can also set this via the CLI, using the
“alert@<hostname>”). You can also set this via the CLI, using the
alertconfig > from
command.
•
The initial number of seconds to wait before sending a duplicate alert.
•
The maximum number of seconds to wait before sending a duplicate alert.
•
The status of AutoSupport (enabled or disabled).
•
The sending of AutoSupport’s weekly status reports to alert recipients set to receive System alerts
at the Information level.
at the Information level.
Sending Duplicate Alerts
You can specify the initial number of seconds to wait before AsyncOS will send a duplicate alert. If you
set this value to 0, duplicate alert summaries are not sent and instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5 second wait would have alerts sent
at 5 seconds, 15, seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, etc.
set this value to 0, duplicate alert summaries are not sent and instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5 second wait would have alerts sent
at 5 seconds, 15, seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, etc.
Eventually, the interval could become quite large. You can set a cap on the number of seconds to wait
between intervals via the maximum number of seconds to wait before sending a duplicate alert field. For
example, if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be
sent at 5 seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, etc.
between intervals via the maximum number of seconds to wait before sending a duplicate alert field. For
example, if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be
sent at 5 seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, etc.
Cisco IronPort AutoSupport
To allow Cisco to better support and design future system changes, the appliance can be configured to
send Cisco a copy of all alert messages generated by the system. This feature, called AutoSupport, is a
useful way to allow our team to be proactive in supporting your needs. AutoSupport also sends weekly
reports noting the uptime of the system, the output of the
send Cisco a copy of all alert messages generated by the system. This feature, called AutoSupport, is a
useful way to allow our team to be proactive in supporting your needs. AutoSupport also sends weekly
reports noting the uptime of the system, the output of the
status
command, and the AsyncOS version
used.
Updater
Updater
Web Proxy
Proxy
DVS™ and Anti-Malware
DVS
L4 Traffic Monitor
TrafMon
Table 26-4
Alert Classifications and Components (continued)
Alert Classification
Alert Component