Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
4
Replies

Email Notification Messages Not Providing Details

csimpson
Level 1
Level 1

‎08-31-2001 08:17 AM - edited ‎03-08-2019 08:40 PM

I am having some pretty serious problems with my email notifications (I look forward to the day with anticipation and excitement when CSPM can generate SNMP traps!). When I generate the notifications, I select the check box to include event description, but it still only generates messages saying

"Subject: Cisco Notification"

"Message: High Severity Alarms"

This information doesn't tell me anything. How can I truly get it to include the event description?

Labels:
0 Helpful
4 Replies 4

marcabal
Cisco Employee
Cisco Employee

‎08-31-2001 09:26 AM

The checkbox doesn't put the description in the email, but instead it allows you to designate what the description in the email should be.

Click on the message button under the description checkbox.

The Message Window popsup so you can type in the window what you want to be in the message.

In the case of IDS alarms there are variables that you can include in the message to show certain information about the alarm.

Refer to that last section "Guidelines for Passing IDS Alarm Data to Notification Events" of the "Configuring Script and E-Mail Notifications for IDS Events" chapter of the CSPM configuration guide.

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch09.htm

In it you will find all of the variables that can be included in the message window to have the email contain that information about the alarm.

For example adding the exact string below to the message window will have all of the emails contain the signature id, source address, and destination address of the alarm:

"${SigId} ${SrcIpAddr} ${DstIpAddr}"

0 Helpful

rossr
Level 1
Level 1
In response to marcabal

‎09-07-2001 07:02 AM

Putting in a signature name in addition to ID would be helpful also. "ID 2100" means absolutely nothing to me but "ICMP Network Sweep" does. Packet dump detail (like in 2.3i) is a great feature. This way you can determine what triggered the Alarm. Not quite sure why it was taken out in 2.3.1i Is that still the case with the latest update?

0 Helpful

teperjesi
Level 1
Level 1
In response to rossr

‎10-05-2001 05:26 AM

Hi!

Hostnames (nslookup) in the messages would be great also!

0 Helpful

dmorone
Level 1
Level 1
In response to rossr

‎11-08-2001 11:42 AM

I agree. I think the feature IS in Unix Dir 2.3.3 - it comes with a script 'eventd' which included an 'EventMessage' field. Why not CSPM?

from http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids7/unix_cfg/advanced.htm#xtocid2528014

If the protocol type in $ProtocolType is TCP/IP, the following variables are populated:

• $SrcIpAddr—The IP address of the attacking host.

• $DstIpAddr—The IP address of the attacked host.

• $SrcIpPort—The IP Port of the attacking host (for example, “21” for FTP).

• $DstIpPort—The IP Port of the attacked host.

• $SourceAddr—The IP address of the router.

• $EventMessage—The generated alarm details, if any.

0 Helpful
Customers Also Viewed These Support Documents