Re: real-time notification of VMS

fengluo · ‎04-11-2003

we are using VMSMC for our cisco ids, we are in need to have the real-time notification if the sensors are detecting the defined event, email is preferrable. Do anyone know it in VMS?

ravarada · ‎04-14-2003

Hi Philip

Monitoring Center for Security has a functionality of notification for attacks.

Login to VMS and launch Security Monitor from the VPN/Security Mgmt Solutions.

From the Security Monitor go to Admin -> Event Rules. Where you can create your own rule and email notification etc., Follow the on-line help provided there.

Regards

Ramesh V

fengluo · ‎04-16-2003

Ramesh, thanks for your reply.

But I am getting email list this:

Received severity 5 alert at 2003/04/16 15:39:37

Signature ID 4701:0 from *.*.*.* to *.*.*.*

MSSQL Control Overflow

Can it be most specified? And what is the script from action? where are those scripts, and what kind of script it is?

ravarada · ‎04-18-2003

Hi,

The following link may help you.

http://www-tac.cisco.com/~gfullage/SecMonEmail.html

Please let me know if you are not able to go to this link. Also you can use the help pages of Event Rules to know about the scripts.

Regards

Ramesh V

fengluo · ‎04-18-2003

Yes, I cannot open this link. Thanks for your help again.

ravarada · ‎04-20-2003

There is a on-line help available for Event Rules page, this has got information about the scripts that we can execute.

You can write your own script and execute it at the time of event rule is matched.

All the scripts are found under ~/CSCOpx/MDC/etc/ids/scripts

While writing your own scripts please change the file ownership and permission like default files.

Ramesh V

fengluo · ‎04-23-2003

I know vms can send out email notification, can it send a alarm to my cell phone?

By the way, do you have information about okena which cisco brought a while back? is okena the host IDS of vms?