cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4220
Views
5
Helpful
6
Replies

List of Alerts per category for Ironport?

elias.winburne
Level 1
Level 1

Hello,

Does anyone know of a list of the what the different Alerts are per category that can get emailed to people?

I know how to sign up for System Administration\Alerts and the categories of System, hardward, Updater, VOF, Anti-v, anti-spam and Dir Harvest Attack.

My boss wants to know what alerts can come from each category...

Will the Ironport email an alert if one of my three C appliances stops working? etc.  Is there a chart or table somewhere that defines what alerts get sent and when?

On a side note:

Will the Ironport tell me if a Queue is past a certain threshold?

Thanks!

Elias

1 Accepted Solution

Accepted Solutions

Enrico Werner
Cisco Employee
Cisco Employee

Hi Elias,

you can find a list of alerts in a table in the Cisco IronPort AsyncOS Email Configuration Guide. Easily accessible via the online Help "GUI - Help and Support - Online Help". Search for chapter "Alerts".

The table tables list alerts by classification, including the alert name (internal descriptor used by IronPort), actual text of the alert, description, severity (critical, information, or warning) and the parameters (if any) included in the text of the message.

Coming to your side note:

The alerts will not send out a notifications if the work queue passes a certain value. For this you would need to configure a message filter like this:

wq_notification:
if (workqueue-count == 2000)
{
notify ('youradmin@email.com', 'Workqueue hit 2000');
}
.

Here is a link to our knowledge base where you can find instructions on how to create a message filter:

http://tinyurl.com/mg8kp

Hope that helps!

Enrico


View solution in original post

6 Replies 6

Enrico Werner
Cisco Employee
Cisco Employee

Hi Elias,

you can find a list of alerts in a table in the Cisco IronPort AsyncOS Email Configuration Guide. Easily accessible via the online Help "GUI - Help and Support - Online Help". Search for chapter "Alerts".

The table tables list alerts by classification, including the alert name (internal descriptor used by IronPort), actual text of the alert, description, severity (critical, information, or warning) and the parameters (if any) included in the text of the message.

Coming to your side note:

The alerts will not send out a notifications if the work queue passes a certain value. For this you would need to configure a message filter like this:

wq_notification:
if (workqueue-count == 2000)
{
notify ('youradmin@email.com', 'Workqueue hit 2000');
}
.

Here is a link to our knowledge base where you can find instructions on how to create a message filter:

http://tinyurl.com/mg8kp

Hope that helps!

Enrico


Enrico,

That is exactly the table I was needing.  Thanks!

I will also work with your filter sample.

Appreciate the great info.

Elias

Enrico,

 

This is brilliant and your code works for us like a charm, thank you so much.  Just want to let everyone know that the link you are referencing in your tiny url is no longer working, and could you or someone reading this expand on the code a bit, especially this line:

 

notify ('youradmin@email.com', 'Workqueue hit 2000'); 

 

My messages come in from "IronPort Notification" and we have multiple appliances so I would like for them to come in from "IronPort Appliance 1" or IronPort Appliance 2" 

 

Also can we control what comes in the body, at this juncture it sends the last message that tripped this threshold, and we may not need that.

 

I know I am being just lazy and should look up Python or SMTP header formatting, lol

nothing like reading the manual an answering your own question, lol, but hopefully this helps somebody else out too

 

Notify and Notify-Copy Actions

 

The notify and notify-copy actions send an email summary of the message to the specified email address. The notify-copy action also sends a copy of the original message, similar to the bcc-scan action.

 

The notification summary contains:

 

• The contents of the Envelope Sender and Envelope Recipient ( MAIL FROM and RCPT TO ) directives from the mail transfer protocol conversation for the message.

• The message headers of the message.

• The name of the message filter that matched the message.

 

You can specify the recipient, subject line, from address, and notification template/(actual text you want in the body)

They did.

Monitoring/Delivery Status

There's a button there to retry all.
Or you can click on a destination and click to just send those to tat destination.

ken I think you replied to the wrong thread, but I know what you mean

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: