Alerter Configuration

No e-mail messages, SNMP traps, or alert related Syslog messages will be sent until the Alerter is configured and activated.

Other components create and queue messages for the Alerter. The Alerter checks for and sends messages based on the polling interval that has been configured for it.

To configure, enable or disable individual correlation alerts, see Correlation Alerts. For correlation alerts and appliance alerts to be produced, Anomaly Detection must also be started. For real-time alerts to be produced, a security policy must be installed.

Mail/SNMP/SYSLOG messages are sent out according to their priority.

Automatically activate the Alerter on startup

  1. Click Setup > Tools and Views > Alerter to open the Alerter or click Protect > Database Intrusion Detection > Alerter to open the Alerter.
  2. Mark the Active on Startup checkbox. Each time the appliance restarts, the Alerter will be activated automatically.
  3. Click Apply.
  4. If the Alerter is not running, and you want to start it, click Restart.

Set the frequency that the Alerter checks for and sends messages

  1. Click Setup > Tools and Views > Alerter to open the Alerter or click Protect > Database Intrusion Detection > Alerter to open the Alerter.
  2. Enter the Polling Interval, in seconds.
  3. Click Apply.

Configure the Alerter to send SMTP (email) messages

  1. Click Setup > Tools and Views > Alerter to open the Alerter or click Protect > Database Intrusion Detection > Alerter to open the Alerter.
    Note: All remaining items in this topic are in the SMTP section of the Alerter panel.
  2. Enter the IP address for the SMTP gateway, in the IP Address box.
  3. Enter the SMTP port number (it is almost always 25) in the Port box.
  4. Optional: Click the Test Connection hypertext link to verify the SMTP address and port. This only tests that there is access to specified host and port. It does not verify that this is a working SMTP server. A dialog box is displayed, informing you of the success or failure of the operation.
    Note: If this SMTP server uses authentication, you must supply a valid User Name and Password for that mail server in the following two fields. Otherwise, those fields can be blank.
  5. Enter a valid user name for your mail server in the User Name box if your SMTP server uses authentication.
  6. Enter the password for the user in the Password box if your SMTP server uses authentication. Re-enter it in the Re-enter Password box.
  7. In the Return E-mail Address box, enter the return address for e-mail sent by the system. This address is usually an administrative account that is checked often.
  8. Select Auth in the Authentication Method if your SMTP server uses authentication. Otherwise, select None. When Auth is selected, you must specify the user name and password to be used for authentication.
  9. Click Apply to save the configuration.
    Note: The Alerter will not begin using a new configuration until it is restarted.
  10. Click Restart to restart the Alerter with the new configuration.

Configure the Alerter to send SNMP traps

  1. Click Setup > Tools and Views > Alerter to open the Alerter or click Protect > Database Intrusion Detection > Alerter to open the Alerter.
    Note: All remaining items in this topic are in the SMTP section of the Alerter panel.
  2. In the IP Address box, enter the IP address to which the SNMP trap will be sent.
  3. Optional: Click the Test Connection hypertext link to verify the SNMP address and port (162). This only tests that there is access to specified host and port. It does not verify that this is a working SNMP server. A dialog box is displayed, informing you of the success or failure of the operation.
  4. In the ”Trap” Community box, enter the community name for the trap. Retype the community in the Retype Community box.
  5. Click Apply to save the configuration.
    Note: The Alerter will not begin using a new configuration until it is restarted.
  6. Click Restart to restart the Alerter with the new configuration.