09-16-2010 10:58 PM
Hi Friends,
I want to construct a rule in CSMARS, which will send a mail to me, once it recieves CPU Utilization greater than 30% for any configured device.
I have vreated one rule for event CPU Utilization Abnormally high. Is there any way to tune an event definition so that it trigger the event for CPU going high to a randomly choosen number, say 10%, 30% etc?
Also when i recieve a mail from CSMARS for "Rule Name: System Rule: Resource Issue: Network Device" (another configured rule), the mail contain the incident information. Is there any way to put some more details like reporting device etc on mail content? The mail comes with following contents,
The following incident occurred:
Start time: Fri Sep 17 10:40:06 2010
End time: Fri Sep 17 11:00:54 2010
Fired Rule Id: 624124
Fired Rule: System Rule: Resource Issue: Network Device
Incident Id: 12817005849
For more details about this incident, please go to:
https://CSMARS/Incidents/IncidentDetails.jsp?Incident_Id=12817005849
https://10.216.16.106/Incidents/IncidentDetails.jsp?Incident_Id=12817005849
https://1.1.1.1/Incidents/IncidentDetails.jsp?Incident_Id=12817005849
For all incidents occurred recently, please go to:
https://10.216.16.106/Incidents/
I want to include some more details as in the MARS documentation. Please help in getting the steps to do so.
09-18-2010 07:06 AM
The CS-MARS resource-based rules are not configurable or exposed for creating custom rules. You would be better served by a true network management/monitoring tool; CS-MARS is designed as a security incident correlation and reporting tool.
In regard to including more incident details in the email received, this is not currently customizable. The email action provides the details you have noted. You may want to look into using the XML notification which does include substantially more detail of the firing incident. This output is discussed in the user guide at the following link:
Scott
09-23-2010 09:55 PM
Thanks Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide