SA Cfg: Legacy Notifications Configuration Panel

Document created by RSA Information Design and Development on Mar 22, 2017Last modified by RSA Information Design and Development on Sep 26, 2017
Version 2Show Document
  • View in full screen mode
  

This topic introduces the Legacy Notifications Configuration panel. The Legacy Notifications Configuration panel provides the ability to configure syslog and SNMP notification settings. These configurations are used for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

Procedures related to these settings are described in Configure Syslog and SNMP Settings.

To access the Legacy Notifications Configuration panel:

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Legacy Notifications.
    SNMPsyslogPnl.png

Features

The Legacy Notifications Configuration Panel consists of two sections: Syslog Settings and SNMP Settings.

Syslog Settings

The following table describes the available options for configuring syslog notifications for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

                                                                   
FeatureDescription
EnableEnables the syslog settings configured here.
Server NameSpecifies the host where the target syslog process is running.
Server portSpecifies the port where the target syslog process is listening.
FacilitySpecifies the designated syslog facility to use for all outgoing messages. Possible values are KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, CRON, AUTHPRIV, FTP, LOCAL1 through LOCAL7.
EncodingSpecifies the encoding to use for text in syslog messages, for example, UTF-8.
FormatSpecifies the message format. Possible values are: Default, PCI DSS, or SEC.
ProtocolSpecifies the communications protocol used when sending syslogs: UDP or TCP. By default, the UDP protocol is selected.
Max lengthSpecifies the maximum length in bytes of any syslog message. The default value is 2048. Messages that exceed the maximum length are truncated when the Truncate overly large syslog messages checkbox is selected.
Truncate overly large syslog messagesWhen checked, any messages exceeding the maximum length are truncated.
Include the local timestamp in syslog messagesWhen checked, Security Analytics includes the local timestamp in messages.
Include the local hostname in syslog messagesWhen checked, Security Analytics includes the local hostname in syslog messages.
Optionally use IDENT protocolWhen checked, Security Analytics prepends the identity string to outgoing syslog alerts.
Identity stringThis is an identity string to be prepended to each syslog alert. If the string is blank, no identity string is prepended to the outgoing syslog alerts. You can use this to identify the source of the alert. Users conventionally set it to the name of the program that sends the syslog message.
ApplyApplies the syslog configuration settings.

SNMP Settings

The following table describes the available options for configuring SNMP notifications for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

                                             
Feature Description
EnableEnables the SNMP settings configured here.
Server NameSpecifies the SNMP trap host.
Server portSpecifies the listening port on the SNMP trap host
SNMP versionSpecifies the SNMP version, v1 or v2c.
Trap OIDSpecifies the object ID for the SNMP trap on the trap host that receives the audit event. The default value is 0.0.0.0.0.1.
CommunitySpecifies the community string used to authenticate on the SNMP trap host, the default value is public.
EnableEnables SNMP notifications as configured here.
ApplyApplies the SNMP configuration settings.
You are here
Table of Contents > References > Legacy Notifications Configuration Panel

Attachments

    Outcomes