Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
14-31
AsyncOS 8.1 for Cisco Content Security Management User Guide
Chapter 14 Common Administrative Tasks
Sending Duplicate Alerts
You can specify the initial number of seconds to wait before AsyncOS will send a duplicate alert. If you
set this value to 0, duplicate alert summaries are not sent; instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5-second wait would have alerts sent
at 5 seconds, 15 seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, and so on.
set this value to 0, duplicate alert summaries are not sent; instead, all duplicate alerts are sent without
any delay (this can lead to a large amount of email over a short amount of time). The number of seconds
to wait between sending duplicate alerts (alert interval) is increased after each alert is sent. The increase
is the number of seconds to wait plus twice the last interval. So a 5-second wait would have alerts sent
at 5 seconds, 15 seconds, 35 seconds, 75 seconds, 155 seconds, 315 seconds, and so on.
Eventually, the interval could become large. You can set a cap on the number of seconds to wait between
intervals via the maximum number of seconds to wait before sending a duplicate alert field. For example,
if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be sent at 5
seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, and so on.
intervals via the maximum number of seconds to wait before sending a duplicate alert field. For example,
if you set the initial value to 5 seconds, and the maximum value to 60 seconds, alerts would be sent at 5
seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, and so on.
Alert Delivery
Because alert messages can be used to inform you of problems within your Cisco Content Security
appliance, they are not sent using AsyncOS’s normal mail delivery system. Instead, alert messages pass
through a separate and parallel email system designed to operate even in the face of significant system
failure in AsyncOS.
appliance, they are not sent using AsyncOS’s normal mail delivery system. Instead, alert messages pass
through a separate and parallel email system designed to operate even in the face of significant system
failure in AsyncOS.
The alert mail system does not share the same configuration as AsyncOS, which means that alert
messages may behave slightly differently from other mail delivery:
messages may behave slightly differently from other mail delivery:
•
Alert messages are delivered using standard DNS MX and A record lookups.
–
They do not use SMTP routes in AsyncOS versions older then 5.X.
–
They do cache the DNS entries for 30 minutes and the cache is refreshed every 30 minutes, so
in case of DNS failure the alerts still go out.
in case of DNS failure the alerts still go out.
•
Alert messages do not pass through the work queue, so they are not scanned for viruses or spam.
They are also not subjected to message filters or content filters.
They are also not subjected to message filters or content filters.
•
Alert messages do not pass through the delivery queue, so they will not be affected by bounce
profiles or destination control limits.
profiles or destination control limits.
Viewing Recent Alerts
To
Do This
View a list of recent alerts
Users with administrator and operator access can choose
Management Appliance > System Administration > Alerts
Management Appliance > System Administration > Alerts
and click the View Top Alerts button.
Alerts appear even if there was a problem emailing them.
Sort the list
Click a column heading.
Specify the maximum number of alerts
to save in this list
to save in this list
Use the
alertconfig
command in the command-line
interface
Disable this feature
Use the
alertconfig
command in the command-line
interface to set the maximum number of alerts to zero (0).