Cisco Cisco Content Security Management Appliance M390 Guida Utente
14-36
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 14 Common Administrative Tasks
Managing Alerts
IPBLOCKD.HOST_ADDED_T
O_WHITELIST
O_WHITELIST
IPBLOCKD.HOST_ADDED_T
O_BLACKLIST
O_BLACKLIST
IPBLOCKD.HOST_REMOVED
_FROM_BLACKLIST
_FROM_BLACKLIST
Alert messages:
•
The host at <IP address> has been added to the
blacklist because of an SSH DOS attack.
blacklist because of an SSH DOS attack.
•
The host at <IP address> has been permanently
added to the ssh whitelist.
added to the ssh whitelist.
•
The host at <IP address> has been removed from the
blacklist
blacklist
IP addresses that try to connect to the appliance over SSH
but do not provide valid credentials are added to the SSH
blacklist if more than 10 failed attempts occur within two
minutes.
but do not provide valid credentials are added to the SSH
blacklist if more than 10 failed attempts occur within two
minutes.
When a user logs in successfully from the same IP
address, that IP address is added to the whitelist.
address, that IP address is added to the whitelist.
Addresses on the whitelist are allowed access even if they
are also on the blacklist.
are also on the blacklist.
Warning
LDAP.GROUP_QUERY_
FAILED_ALERT
FAILED_ALERT
Sent when an LDAP group query fails.
Critical
LDAP.HARD_ERROR
Sent when an LDAP query fails completely (after trying
all servers).
all servers).
Critical
LOG.ERROR.*
Various logging errors.
Critical
MAIL.PERRCPT.LDAP_
GROUP_QUERY_FAILED
GROUP_QUERY_FAILED
Sent when an LDAP group query fails during
per-recipient scanning.
per-recipient scanning.
Critical
MAIL.QUEUE.ERROR.*
Various mail queue hard errors.
Critical
MAIL.RES_CON_START_
ALERT.MEMORY
ALERT.MEMORY
Sent when RAM utilization has exceeded the system
resource conservation threshold.
resource conservation threshold.
Critical
MAIL.RES_CON_START_
ALERT.QUEUE_SLOW
ALERT.QUEUE_SLOW
Sent when the mail queue is overloaded and system
resource conservation is enabled.
resource conservation is enabled.
Critical
MAIL.RES_CON_START_
ALERT.QUEUE
ALERT.QUEUE
Sent when queue utilization has exceeded the system
resource conservation threshold.
resource conservation threshold.
Critical
MAIL.RES_CON_START_
ALERT.WORKQ
ALERT.WORKQ
Sent when listeners are suspended because the work
queue size is too big.
queue size is too big.
Critical
MAIL.RES_CON_START_
ALERT
ALERT
Sent when the appliance enters “resource conservation”
mode.
mode.
Critical
MAIL.RES_CON_STOP_
ALERT
ALERT
Sent when the appliance leaves “resource conservation”
mode.
mode.
Critical
MAIL.WORK_QUEUE_
PAUSED_NATURAL
PAUSED_NATURAL
Sent when the work queue is paused.
Critical
MAIL.WORK_QUEUE_
UNPAUSED_NATURAL
UNPAUSED_NATURAL
Sent when the work queue is resumed.
Critical
NTP.NOT_ROOT
Sent when the appliance is unable to adjust time because
NTP is not running as root.
NTP is not running as root.
Warning
PERIODIC_REPORTS.
DOMAIN_REPORT.
DOMAIN_FILE_ERRORS
DOMAIN_REPORT.
DOMAIN_FILE_ERRORS
Sent when errors are found in the domain specification
file.
file.
Critical
Alert Name
Description
Severity