07-13-2011 10:42 AM
Hello,
Does anyone know of a list of the what the different Alerts are per category that can get emailed to people?
I know how to sign up for System Administration\Alerts and the categories of System, hardward, Updater, VOF, Anti-v, anti-spam and Dir Harvest Attack.
My boss wants to know what alerts can come from each category...
Will the Ironport email an alert if one of my three C appliances stops working? etc. Is there a chart or table somewhere that defines what alerts get sent and when?
On a side note:
Will the Ironport tell me if a Queue is past a certain threshold?
Thanks!
Elias
Solved! Go to Solution.
07-14-2011 04:09 AM
Hi Elias,
you can find a list of alerts in a table in the Cisco IronPort AsyncOS Email Configuration Guide. Easily accessible via the online Help "GUI - Help and Support - Online Help". Search for chapter "Alerts".
The table tables list alerts by classification, including the alert name (internal descriptor used by IronPort), actual text of the alert, description, severity (critical, information, or warning) and the parameters (if any) included in the text of the message.
Coming to your side note:
The alerts will not send out a notifications if the work queue passes a certain value. For this you would need to configure a message filter like this:
wq_notification:
if (workqueue-count == 2000)
{
notify ('youradmin@email.com', 'Workqueue hit 2000');
}
.
Here is a link to our knowledge base where you can find instructions on how to create a message filter:
Hope that helps!
Enrico
07-14-2011 04:09 AM
Hi Elias,
you can find a list of alerts in a table in the Cisco IronPort AsyncOS Email Configuration Guide. Easily accessible via the online Help "GUI - Help and Support - Online Help". Search for chapter "Alerts".
The table tables list alerts by classification, including the alert name (internal descriptor used by IronPort), actual text of the alert, description, severity (critical, information, or warning) and the parameters (if any) included in the text of the message.
Coming to your side note:
The alerts will not send out a notifications if the work queue passes a certain value. For this you would need to configure a message filter like this:
wq_notification:
if (workqueue-count == 2000)
{
notify ('youradmin@email.com', 'Workqueue hit 2000');
}
.
Here is a link to our knowledge base where you can find instructions on how to create a message filter:
Hope that helps!
Enrico
07-14-2011 06:18 AM
Enrico,
That is exactly the table I was needing. Thanks!
I will also work with your filter sample.
Appreciate the great info.
Elias
09-08-2018 10:45 AM
Enrico,
This is brilliant and your code works for us like a charm, thank you so much. Just want to let everyone know that the link you are referencing in your tiny url is no longer working, and could you or someone reading this expand on the code a bit, especially this line:
notify ('youradmin@email.com', 'Workqueue hit 2000');
My messages come in from "IronPort Notification" and we have multiple appliances so I would like for them to come in from "IronPort Appliance 1" or IronPort Appliance 2"
Also can we control what comes in the body, at this juncture it sends the last message that tripped this threshold, and we may not need that.
I know I am being just lazy and should look up Python or SMTP header formatting, lol
09-08-2018 11:06 AM
nothing like reading the manual an answering your own question, lol, but hopefully this helps somebody else out too
Notify and Notify-Copy Actions
The notify and notify-copy actions send an email summary of the message to the specified email address. The notify-copy action also sends a copy of the original message, similar to the bcc-scan action.
The notification summary contains:
• The contents of the Envelope Sender and Envelope Recipient ( MAIL FROM and RCPT TO ) directives from the mail transfer protocol conversation for the message.
• The message headers of the message.
• The name of the message filter that matched the message.
You can specify the recipient, subject line, from address, and notification template/(actual text you want in the body)
09-08-2018 12:04 PM
09-08-2018 01:35 PM
ken I think you replied to the wrong thread, but I know what you mean
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide