Cisco Cisco Content Security Management Appliance M160 사용자 가이드
14-34
AsyncOS 9.5.2 for Cisco Content Security Management Appliances User Guide
Chapter 14 Common Administrative Tasks
Managing Alerts
The alert mail system does not share the same configuration as AsyncOS, which means that alert
messages may behave slightly differently from other mail delivery:
messages may behave slightly differently from other mail delivery:
•
Alert messages are delivered using standard DNS MX and A record lookups.
–
They do cache the DNS entries for 30 minutes and the cache is refreshed every 30 minutes, so
in case of DNS failure the alerts still go out.
in case of DNS failure the alerts still go out.
•
If your deployment includes Email Security appliances:
–
Alert messages do not pass through the work queue, so they are not scanned for viruses or spam.
They are also not subjected to message filters or content filters.
They are also not subjected to message filters or content filters.
–
Alert messages do not pass through the delivery queue, so they will not be affected by bounce
profiles or destination control limits.
profiles or destination control limits.
Viewing Recent Alerts
About Duplicate Alerts
You can specify the initial number of seconds to wait before AsyncOS will send a duplicate alert. If you
set this value to 0, duplicate alert summaries are not sent; instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5-second wait would have alerts sent
at 5 seconds, 15 seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, and so on.
set this value to 0, duplicate alert summaries are not sent; instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5-second wait would have alerts sent
at 5 seconds, 15 seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, and so on.
Eventually, the interval could become large. You can set a cap on the number of seconds to wait between
intervals via the maximum number of seconds to wait before sending a duplicate alert field. For example,
if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be sent at 5
seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, and so on.
intervals via the maximum number of seconds to wait before sending a duplicate alert field. For example,
if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be sent at 5
seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, and so on.
To Do
This
View a list of recent alerts
Users with administrator and operator access can choose
Management Appliance > System Administration > Alerts
and click the View Top Alerts button.
Management Appliance > System Administration > Alerts
and click the View Top Alerts button.
Alerts appear even if there was a problem emailing them.
Sort the list
Click a column heading.
Specify the maximum number of alerts
to save in this list
to save in this list
Use the
alertconfig
command in the command-line
interface
Disable this feature
Use the
alertconfig
command in the command-line
interface to set the maximum number of alerts to zero (0).