Configuring ACS 5.x to send customized Alarms to ACS admin
We can use ACS 5.x for sending alarms, if it meets a certain threshold for certain condition, by default there are 4 alarms:
If we want ACS to notify us via e-mail about few other aspects explained below, that can be done.
Step 1. Access ACS gui --> monitoring and reports --> Alarms --> Thresholds and click on create.
STEP 2. Under General tab you can mention a name that help you relate to the alarm you want to configure and enable the alarm.
STEP 3. Under criteria we need to specify the parameter that ACS is supposed to monitor and send an alert when the threshold is crossed.
The categories available are:
ACS, if configured will monitor the above mentioned categories.
STEP 4. Next steps would be to configure the threshold :
In the above screen shot I have chosen category as “passed authentication”, I can optionally choose between the options mentioned in STEP 3. In the threshold we can mention what is the limit for the passed authentication in the given time frame and for a given ACS instances, if this threshold is crossed, ACS is supposed to generate an alarm and send an e-mail to the administered.
STEP 5. In addition to this ACS provides us the option for defining filters, so that the alarm can be specifically generated for following parameter:
That means ACS will calculate the threshold for those devices, which matches the filter.
STEP 6. Now, under “notifications” section, you can choose the severity for which ACS is supposed to send the alarm.
STEP 7. For the user list ACS will pull up (when we click select), those user e-mail ID’s which have been defined under ACS gui > System Administration > Administrators > Accounts
STEP 8. Click submit
Let’s say if we want ACS to generate alarm if the user fails authentication more than 10 times in past 2 minutes, following will be my threshold configuration.
Additionally, ACS dashboard, will show the “alarm count”, which is supposed to increase when particular request hits the threshold.
Please feel free to comment in case of any query.
User wondering, if she using LDAP for external authentication, can she use the internal identity attribute?
for example : i create an user X , his password type is LDAP, but the identity group is "Group 1" can i define rules Idenitty Group in "Group 1" permit access ? or i need to do group mapping first?
It is possible to define an internal user whose password is taken from an external store. In internal user definition select "Password Type" to be the LDAP database and then define the rest of the user definition, including identity groups, as desired
Went From a all intern WAN to a SD-WAN. before SD-WAN I mapped 16 of my Public IPs to a Local DMZ Subnet off my ASA-5525-X Allowed RDP and piped that VLAN directly to a Virtual Machine in the Remote Office. Remote user was only able to get to the VM ...
Anyone know where I should be looking to address this issue? Thanks for any help possible. An application fault occurred: ('util/Aquarium.py handleDoubleException|459', "<type 'exceptions.Exception'>", '\n\nAn exception has occurred:\n\nT...
Hello. We have a pair of FTD on ASA5525-X running in an Active / Standby pair managed by FMC. What are the step by step sequence (or commands) for shutting down both units as this will be my first time having to go through this process. And I assume once ...
I have noticed majority of a customers endpoints are showing as "misc" in the endpoints pie chart, see below: What defines this "misc" category and where is this definition configured? If I look at these misc devices, for example some canon printers ...
Hello,We have two data centers, Primary site (DC1) and DR site (DC2). In each data center we have one FMC (hardware) and two FTD appliances.I have configured HA between the FMCs (where the primary FMC resides in DC1) and the FTDs at each data center...