SA Cfg: Define Notification Server Dialogs

Document created by RSA Information Design and Development on Jul 22, 2016Last modified by RSA Information Design and Development on Dec 2, 2016
Version 4Show Document
  • View in full screen mode
  

This topic describes the Define Notification Server dialogs used to configure the settings of the various types of notification servers. You configure notification servers in the Administration > System > Notifications > Servers tab.

Notifications are used by a variety of components in Security Analytics, such as Event Stream Analysis (ESA), Incident Management, and Global Audit Logging. Notification settings are called Notification Servers. In the Servers tab of the Administration System view Notifications panel, you can create multiple Notification Server configurations.   

You can configure the following types of notification server settings in Security Analytics:

  • Email
  • SNMP
  • Syslog
  • Script

For Global Audit Logging, you can only use Syslog Notification Servers.

Procedures related to notification servers are described in Configure Notification Servers.

To access the Define Notification Server dialogs:

  1. In the Security Analytics menu, select Administration > System.
  2. In the left navigation panel, select Notifications.
  3. In the Notifications Servers panel, click  and then select a type of notification server (Email, SNMP, Syslog, or Script)
    The Define Notification Server dialog is displayed for your selection.

There are four notification server dialogs, which allow you to configure notification servers.

Email

Email notification servers enable you to configure email server settings to send alert notifications. 

The following figure shows the Define Email Notification Server dialog.
01. Define_Email_Notification.png

The following table lists the various parameters that you need to define for the email notification servers.

                                                     
ParametersDescription
EnableSelect to enable the notification server.
NameA name to identify or label the notification server.
Description A brief description about the notification server.
Server IP Or HostnameHostname of the email server. For ESM/SMS and ESA notifications, you must specify only the hostname/FQDN.
Server PortThe server port.
SSLSelect the option if you want the communication to happen through SSL.
From EMail AddressEmail account from which you want to send email notifications.
UsernameUsername for logging into the email account if the SMTP server requires user authentication to relay emails successfully.
PasswordUser password for logging into the email account if the SMTP server requires user authentication to relay emails successfully.
Max Alerts Per MinuteDescribes the maximum number of alerts per minute.
Max Alert Wait Queue SizeDescribes the maximum number of alerts to be queued before they are dropped.

SNMP

SNMP notification servers enable you to configure SNMP trap host settings as a notification server to send alert notifications.

The following figure shows the Define SNMP Notification Server dialog.

DefSNMPNotSrv.png

The following table lists the various parameters that you need to define for the SNMP notification servers.

                                                 
ParametersDescription
EnableSelect to enable the notification server.
NameA name to identify or label the notification server.
Description A brief description about the notification server.
Server IP Or HostnameSNMP trap host IP address or hostname.
Server PortListening port number on the SNMP trap host.
SNMP Version

SNMP version.
If you select SNMP Version 3 (v3), the following parameters are displayed:

Security Nameis the SNMP v3 security name

Security Level defines the security level. The following are the options:

  • Unauthenticated and Unencrypted
  • Authenticated and Unencrypted
  • Authenticated and Encrypted
  • The passwords have to go with the selected security level.
CommunityCommunity string used to authenticate on the SNMP trap host. The default value is public.
Number of RetriesNumber of retries for the trap.
Max Alerts Per MinuteMaximum number of alerts per minute.
Max Alert Wait Queue SizeMaximum number of alerts to be queued before they are dropped.

Syslog

Syslog notification servers allow you to configure Syslog settings as a notification server to send notifications. When enabled, Syslog provides auditing through the use of the RFC 5424 Syslog protocol. Syslog has proven to be an effective format to consolidate logs, as there are many open source and proprietary tools for reporting and analysis.

You cannot disable notification servers associated with global audit logging configurations. 

The following figure shows the Define Syslog Notification Server dialog.

03. Define_Syslog_Notification.png

The following table lists the various parameters that you need to define for the Syslog notification servers.

                                             
ParametersDescription
EnableSelect to enable the notification server.
NameA name to identify or label the notification server.
Description A brief description about the notification server.
Server IP Or HostnameThe hostname of the host where the target Syslog process is running.
Server PortThe port number where the target Syslog process is listening.
ProtocolThe protocol to be used to transfer the Syslog files.
FacilityThe designated Syslog facility to use for all outgoing messages.

It is used to specify what type of program is logging the message. Some possible values are KERN, USER, MAIL, and DAEMON. This lets the configuration file specify that messages from different facilities will be handled differently.
Max Alerts Per MinuteMaximum number of alerts per minute.
This field is not used for Global Audit Logging.
Max Alert Wait Queue SizeMaximum number of alerts to be queued before they are dropped.
This field is not used for Global Audit Logging.

Script

Script notification servers enable you to configure Script as a Notification Server.

The following figure shows the Define Script Notification Server dialog.

04. Define_Script_Notification.png

The following table lists the various parameters that you need to define for the Script notification servers.

                             
ParametersDescription
EnableSelect to enable the notification server.
NameA name to identify or label the notification server.
Description A brief description about the notification server.
Run As UserName of the user identity under which the script is executed. The default user identity is notification
For ESA, you cannot set this to anything else unless you have created the account on the ESA host.
Max Runtime (Sec)The maximum time (in seconds) the script is allowed to run.
You are here
Table of Contents > References > Global Notifications Panel > Define Notification Server Dialogs

Attachments

    Outcomes