Cisco Cisco Email Security Appliance C160 Mode D'Emploi
32-34
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 32 System Administration
Alerts
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5 second wait would have alerts sent
at 5 seconds, 15, seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, etc.
is the number of seconds to wait plus twice the last interval. So a 5 second wait would have alerts sent
at 5 seconds, 15, seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, etc.
Eventually, the interval could become quite large. You can set a cap on the number of seconds to wait
between intervals via the maximum number of seconds to wait before sending a duplicate alert field. For
example, if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be
sent at 5 seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, etc.
between intervals via the maximum number of seconds to wait before sending a duplicate alert field. For
example, if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be
sent at 5 seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, etc.
Viewing Recent Alerts
The Email Security appliances saves the latest alerts so you can view them in both the GUI and the CLI
in case you lose or delete the alert messages. These alerts cannot be downloaded from the appliance.
in case you lose or delete the alert messages. These alerts cannot be downloaded from the appliance.
To view a list of the latest alerts, click the View Top Alerts button on the Alerts page or use the
displayalerts
command in the CLI. You can arrange the alerts in the GUI by date, level, class, text,
and recipient.
By default, the appliance saves a maximum of 50 alerts to displays in the Top Alerts window. Use the
alertconfig -> setup
command in the CLI to edit the number of alerts that the appliance saves. If you
want to disable this feature, change the number of alerts to 0.
Alert Descriptions
The following tables list alerts by classification, including the alert name (internal descriptor used by
Cisco), actual text of the alert, description, severity (critical, information, or warning) and the parameters
(if any) included in the text of the message. The value of the parameter is replaced in the actual text of
the alert. For example, an alert message below may mention “$ip” in the message text. “$ip” is replaced
by the actual IP address when the alert is generated.
Cisco), actual text of the alert, description, severity (critical, information, or warning) and the parameters
(if any) included in the text of the message. The value of the parameter is replaced in the actual text of
the alert. For example, an alert message below may mention “$ip” in the message text. “$ip” is replaced
by the actual IP address when the alert is generated.
Anti-Spam Alerts
contains a list of the various anti-spam alerts that can be generated by AsyncOS, including a
description of the alert and the alert severity.
Table 32-1
Listing of Possible Anti-Spam Alerts
Alert Name
Message and Description
Parameters
AS.SERVER.ALERT
$engine anti-spam - $message $tb
‘engine’ - The type of
anti-spam engine.
anti-spam engine.
’message’ - The log
message.
message.
’tb’ - Traceback of the event.
Critical. Sent when the anti-spam engine fails.
AS.TOOL.INFO_ALERT
Update - $engine - $message
‘engine’ - The anti-spam
engine name
engine name
’message’ - The message
Information. Sent when there is a problem with the anti-spam
engine.
engine.
AS.TOOL.ALERT
Update - $engine - $message
‘engine’ - The anti-spam
engine name
engine name
’message’ - The message
Critical. Sent when an update is aborted due to a problem with
one of the tools used to manage the anti-spam engine.
one of the tools used to manage the anti-spam engine.