Alerter CLI Commands
This section describes the Alerter CLI commands.
The Alerter subsystem transmits messages that are queued by other components, for example, correlation alerts that are queued by the Anomaly Detection subsystem, or run-time alerts that are generated by security policies. You can configure the Alerter subsystem to send messages to both SMTP and SNMP servers. You can also send alerts syslog or custom alerting classes, but no special configuration is required for those two options, beyond starting the Alerter. Alerter commands fall into the following catagories:
- Alerter Start-up and Polling Commands
- SMTP Configuration Commands
- SNMP Configuration Commands
restart alerter
Restarts the Alerter. You can perform the same function using the store alerter state operational command to stop and then start the alerter:
store alerter state operational off
store alerter state operational on
restart alerter
restart alerter [--yes]
Where --yes
causes the command to run automatically.stop alerter
Stops the Alerter.
You can perform the same function using the store alerter state operational command:
store alerter state operational off
stop alerter
store alerter delay
Sets the number of seconds to delay real-time alerts. The default is 300 (5 minutes), the maximum is 3600. Some real-time alert values, such as Records Affected, require that snif receive and process all response data for the alerting request. This value sets the time that the Alerter waits before processing alerts that rely on this response data.
Restart the Alerter for configuration changes to take effect.
store alerter delay <n>
show alerter delay
store alerter email append_name_subject
Appends the appliance name in email subject.
store alerter email append_name_subject <on | off>
show alerter email append_name_subject
store alerter email append_subject_body
Appends the email subject in the beginning of the email body.
store alerter email append_subject_body <on | off>
show alerter email append_subject_body
store alerter poll
Sets the number of seconds, n, that the Alerter waits before checking its outgoing message queue to send SNMP traps or transmit email using SMTP. The default is 30. Restart the Alerter for configuration changes to take effect.
store alerter poll <n>
show alerter poll
store alerter smtp authentication password
Sets the alerter SMTP authentication password to the specified value. There is no corresponding show command. Restart the Alerter for configuration changes to take effect.
store alerter smtp authentication <value>
store alerter state operational
Starts or stops the Alerter. The default state at installation time is off. You can also use the restart alerter or stop alerter commands to restart or stop the Alerter subsystem.
store alerter state operational <on | off>
show alerter state operational
store alerter state startup
Enables or disables the automatic start-up of the Alerter on system start-up. The default state at installation time is off.
store alerter state startup <on | off>
show alerter state startup
store anomaly-detection poll
Sets the Anomaly Detection polling interval, in minutes (n). This controls the frequency with which Guardium® checks log data for anomalies.
store anomaly-detection poll <n>
show anomaly-detection poll
store alerter smtp authentication type
Sets the authentication type required by the SMTP server to the one of the following values:
- none: Send without authentication.
- auth: Username/password authentication. Set the user account and password using the following
commands:
- store alerter smtp authentication username
- store alerter smtp authentication password
Restart the Alerter for configuration changes to take effect.
store alerter smtp authentication type <none | auth>
show alerter smtp authentication type
store alerter smtp authentication username
Sets the alerter SMTP email authentication username to the specified name.
store alerter smtp authentication username <name>
show alerter smtp authentication username
store alerter smtp port
Sets the port number on which the SMTP server listens, to the value specified by n. The default is 25 (the standard SMTP port). Restart the Alerter for configuration changes to take effect.
store alerter smtp port <n>
show alerter smtp port
store alerter smtp relay
Sets the IP address of the SMTP server to be used by the Guardium appliance. Restart the Alerter for configuration changes to take effect.
store alerter smtp relay <ip address>
show alerter smtp relay
store alerter smtp returnaddr
Sets the return email address for email alerts. Any bounced messages or email failures will be returned to this address.
store alerter smtp returnaddr <email address>
show alerter smtp returnaddr
store alerter smtp starttls
Syntax
store alerter smtp starttls < TLS | SSL | none >
- none: No encryption is required.
- SSL: Sets TLS data encryption.
- TLS: Sets TLS data encryption.
Show command
show alerter smtp starttls
store alerter snmp community
Sets the SNMP trap community used by the Alerter, to the name specified. There is no corresponding show command.
store alerter snmp community <name>
store alerter snmp secondary_community
Sets a secondary SNMP trap community used by the Alerter, to the name specified. There is no corresponding show command.
store alerter snmp secondary_community <string>
Where string is
the text community string.store alerter smnp traphost
Sets the Alerter SNMP trap server to receive alerts, to the specified IP address or DNS host name.
store alerter snmp traphost <snmp host>
show alerter snmp traphost
store alerter snmp secondary_traphost
Sets a secondary Alerter SNMP trap server to receive alerts to the specified IP address.
store alerter snmp secondary_traphost <arg>
Where <arg> is the IP address of the secondary SNMP server or the word "null" to reset value.
show alerter snmp secondary_traphost
store anomaly-detection state
Enables or disables the Anomaly Detection subsystem, which executes all active statistical alerts, checks the logs for anomalies, and queues alerts as necessary for the Alerter subsystem.
store anomaly-detection state <on | off>
show anomaly-detection state