Alerter CLI Commands

This section describes the Alerter CLI commands.

The Alerter subsystem transmits messages that are queued by other components, for example, correlation alerts that are queued by the Anomaly Detection subsystem, or run-time alerts that are generated by security policies. You can configure the Alerter subsystem to send messages to both SMTP and SNMP servers. You can also send alerts syslog or custom alerting classes, but no special configuration is required for those two options, beyond starting the Alerter. Alerter commands fall into the following catagories:

  • Alerter Start-up and Polling Commands
  • SMTP Configuration Commands
  • SNMP Configuration Commands
Note: In addition to these Alerter commands, there are configuration Alerter commands. For more information, see Configuration and control CLI commands.

restart alerter

Restarts the Alerter. You can perform the same function using the store alerter state operational command to stop and then start the alerter:

store alerter state operational off

store alerter state operational on

12.0 Syntax
restart alerter
12.1 and later Syntax
restart alerter [--yes]
Where --yes causes the command to run automatically.

stop alerter

Stops the Alerter.

You can perform the same function using the store alerter state operational command:

store alerter state operational off

Syntax
stop alerter

store alerter delay

Sets the number of seconds to delay real-time alerts. The default is 300 (5 minutes), the maximum is 3600. Some real-time alert values, such as Records Affected, require that snif receive and process all response data for the alerting request. This value sets the time that the Alerter waits before processing alerts that rely on this response data.

Restart the Alerter for configuration changes to take effect.

Syntax
store alerter delay <n> 
Show Command
show alerter delay

store alerter email append_name_subject

Appends the appliance name in email subject.

Syntax
store alerter email append_name_subject <on | off>
Show command
show alerter email append_name_subject

store alerter email append_subject_body

Appends the email subject in the beginning of the email body.

Syntax
store alerter email append_subject_body <on | off>
Show command
show alerter email append_subject_body

store alerter poll

Sets the number of seconds, n, that the Alerter waits before checking its outgoing message queue to send SNMP traps or transmit email using SMTP. The default is 30. Restart the Alerter for configuration changes to take effect.

Syntax
store alerter poll <n> 
Show Command
show alerter poll

store alerter smtp authentication password

Sets the alerter SMTP authentication password to the specified value. There is no corresponding show command. Restart the Alerter for configuration changes to take effect.

Syntax
store alerter smtp authentication <value>

store alerter state operational

Starts or stops the Alerter. The default state at installation time is off. You can also use the restart alerter or stop alerter commands to restart or stop the Alerter subsystem.

Syntax
store alerter state operational <on | off> 
Show Command
show alerter state operational

store alerter state startup

Enables or disables the automatic start-up of the Alerter on system start-up. The default state at installation time is off.

Syntax
store alerter state startup <on | off>
Show Command
show alerter state startup

store anomaly-detection poll

Sets the Anomaly Detection polling interval, in minutes (n). This controls the frequency with which Guardium® checks log data for anomalies.

Syntax
store anomaly-detection poll <n>
Show Command
show anomaly-detection poll

store alerter smtp authentication type

Sets the authentication type required by the SMTP server to the one of the following values:

  • none: Send without authentication.
  • auth: Username/password authentication. Set the user account and password using the following commands:
    • store alerter smtp authentication username
    • store alerter smtp authentication password

Restart the Alerter for configuration changes to take effect.

Syntax
store alerter smtp authentication type <none | auth> 
Show Command
show alerter smtp authentication type

store alerter smtp authentication username

Sets the alerter SMTP email authentication username to the specified name.

Syntax
store alerter smtp authentication username <name> 
Show Command
show alerter smtp authentication username

store alerter smtp port

Sets the port number on which the SMTP server listens, to the value specified by n. The default is 25 (the standard SMTP port). Restart the Alerter for configuration changes to take effect.

Syntax
store alerter smtp port <n>
Show Command
show alerter smtp port

store alerter smtp relay

Sets the IP address of the SMTP server to be used by the Guardium appliance. Restart the Alerter for configuration changes to take effect.

Syntax
store alerter smtp relay <ip address> 
Show Command
show alerter smtp relay

store alerter smtp returnaddr

Sets the return email address for email alerts. Any bounced messages or email failures will be returned to this address.

Syntax
store alerter smtp returnaddr <email address> 
Show Command
show alerter smtp returnaddr

store alerter smtp starttls

Sets encryption for the email server.
Note: For SMTP, TLS works over port 587.

Syntax

store alerter smtp starttls < TLS | SSL | none >
  • none: No encryption is required.
  • SSL: Sets TLS data encryption.
  • TLS: Sets TLS data encryption.

Show command

show alerter smtp starttls 

store alerter snmp community

Sets the SNMP trap community used by the Alerter, to the name specified. There is no corresponding show command.

Syntax
store alerter snmp community <name>

store alerter snmp secondary_community

Sets a secondary SNMP trap community used by the Alerter, to the name specified. There is no corresponding show command.

Syntax
store alerter snmp secondary_community <string>
Where string is the text community string.

store alerter smnp traphost

Sets the Alerter SNMP trap server to receive alerts, to the specified IP address or DNS host name.

Syntax
store alerter snmp traphost <snmp host>
Show Command
show alerter snmp traphost

store alerter snmp secondary_traphost

Sets a secondary Alerter SNMP trap server to receive alerts to the specified IP address.

Syntax
store alerter snmp secondary_traphost <arg>

Where <arg> is the IP address of the secondary SNMP server or the word "null" to reset value.

Show Command
show alerter snmp secondary_traphost

store anomaly-detection state

Enables or disables the Anomaly Detection subsystem, which executes all active statistical alerts, checks the logs for anomalies, and queues alerts as necessary for the Alerter subsystem.

Syntax
store anomaly-detection state <on | off> 
Show Command
show anomaly-detection state