This topic provides an overview of the various notification servers. You configure notification servers in the Administration System view (Administration > System > Notifications > Servers tab).
Global Notifications are used by a variety of components in Security Analytics, such as Event Stream Analysis (ESA), Incident Management, Health and Wellness, Event Source Management (ESM), and Global Audit Logging. Notification settings are called Notification Servers.
Event Stream Analysis sends notifications to users through email, SNMP, or Syslog about various system events. In ESA, these alert notification settings are called Notification Servers. You can configure multiple notification servers and use them while defining an ESA rule, for example, you can configure multiple mail servers or Syslog servers and use the settings while defining an ESA rule.
You can configure the following notification servers:
Email notification servers enable you to configure email server settings to send alert notifications. SNMP notification servers enable you to configure SNMP trap host settings as a notification server to send alert notifications.
Syslog notification servers enable you to configure Syslog settings as a notification server to send notifications. When enabled, Syslog provides auditing through the use of the RFC 5424 Syslog protocol. Syslog has proven to be an effective format to consolidate logs, as there are many open source and proprietary tools for reporting and analysis. For Global Audit Logging, you can only use Syslog Notification Servers.
Script notification servers enable you to configure Script as a notification server.
For detailed information on the different notification server configurations, including parameters and descriptions, see Define Notification Server Dialogs.