Cisco Cisco Email Security Appliance C160 Mode D'Emploi
33-34
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 33 System Administration
Alerts
•
The RFC 2822 Header From: when sending alerts (enter an address or use the default
“alert@<hostname>”). You can also set this via the CLI, using the
“alert@<hostname>”). You can also set this via the CLI, using the
alertconfig -> from
command.
•
The initial number of seconds to wait before sending a duplicate alert.
•
The maximum number of seconds to wait before sending a duplicate alert.
•
The status of AutoSupport (enabled or disabled).
•
The sending of AutoSupport’s weekly status reports to alert recipients set to receive System alerts
at the Information level.
at the Information level.
Sending Duplicate Alerts
You can specify the initial number of seconds to wait before AsyncOS will send a duplicate alert. If you
set this value to 0, duplicate alert summaries are not sent and instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5 second wait would have alerts sent
at 5 seconds, 15, seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, etc.
set this value to 0, duplicate alert summaries are not sent and instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5 second wait would have alerts sent
at 5 seconds, 15, seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, etc.
Eventually, the interval could become quite large. You can set a cap on the number of seconds to wait
between intervals via the maximum number of seconds to wait before sending a duplicate alert field. For
example, if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be
sent at 5 seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, etc.
between intervals via the maximum number of seconds to wait before sending a duplicate alert field. For
example, if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be
sent at 5 seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, etc.
Viewing Recent Alerts
The Email Security appliances saves the latest alerts so you can view them in both the GUI and the CLI
in case you lose or delete the alert messages. These alerts cannot be downloaded from the appliance.
in case you lose or delete the alert messages. These alerts cannot be downloaded from the appliance.
To view a list of the latest alerts, click the View Top Alerts button on the Alerts page or use the
displayalerts
command in the CLI. You can arrange the alerts in the GUI by date, level, class, text,
and recipient.
By default, the appliance saves a maximum of 50 alerts to displays in the Top Alerts window. Use the
alertconfig -> setup
command in the CLI to edit the number of alerts that the appliance saves. If you
want to disable this feature, change the number of alerts to 0.
Alert Descriptions
The following tables list alerts by classification, including the alert name (internal descriptor used by
Cisco), actual text of the alert, description, severity (critical, information, or warning) and the parameters
(if any) included in the text of the message. The value of the parameter is replaced in the actual text of
the alert. For example, an alert message below may mention “$ip” in the message text. “$ip” is replaced
by the actual IP address when the alert is generated.
Cisco), actual text of the alert, description, severity (critical, information, or warning) and the parameters
(if any) included in the text of the message. The value of the parameter is replaced in the actual text of
the alert. For example, an alert message below may mention “$ip” in the message text. “$ip” is replaced
by the actual IP address when the alert is generated.