05-23-2002 12:59 AM - edited 03-08-2019 10:44 PM
I need an idiots guide (for want of a better word) on how to write custom scripts for the IDS alerting from the Unix director. Currently the notification script is taken from the eventd directory. The format of the default mails is poor and it would be difficult for anyone outside of our department to be able to decipher them.
Can any of you point me in the right direction? Thanks
05-23-2002 05:15 AM
The following link will be helpful for you in writing custom scripts.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids5/csidscog/advanced.htm#10542
Elango
05-23-2002 01:55 PM
Are you using the Event Processing -> Applications tab or the Event Processing -> E-mail?
If you write a custom script for the Applications setup, then the positional parameters are the fields of the director log files as described in the Netranger User's Guide. You can do whatever you want at this point, including DNS lookups, cross-referencing of the signature numbers with a locally written file of caveats and notes, etc.
Could you describe better what you want to do?
05-28-2002 05:00 AM
I have got the script defined in the event processing -> applications tab, but I have the alarm events defined in the e-mail tab for each of the severities of alarms. When any of our sensors recieves and alarm it's sent to the director and the director mails the details of the alarm. I want the content of that mail to be a lot more descriptive so anyone can understand what the mail is about. I would like it to say in plain english what IDS sensor the alarm is from, what the alarm is, the source and destination address and some instructions for the recipient of the alarm to tell them how to react to the alert e.g call this number......!
Doesn't sound like it should be much of a change, but I have tried to edit the event script (after first creating a copy!!) and it just stopped alerting so I must have done something wrong.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide