RSA Admin

How to get email alerts with actual logs using envision

Discussion created by RSA Admin Employee on Oct 24, 2014
Latest reply on Oct 28, 2014 by DelfinAbzueta

Hi All ,

 

We have deployed some of our network devices to send syslogs and device related traps to RSA envision . We have also setup envision to send email alert to admins when a threshold is crossed for a specific log . The problem is that the email we receive doesnot have any information on what this log is all about .

 

For ex. : If there is a configuration change , the Network device generates a log " config change happend at xx.xx.xx by such and such using this ip address " , this log is received by envision and can be viewed too , but when we receive the email alert it doesn't have any information on why this email alert was received .It only contains the below fields , It doesn't have any information on what triggered the event .

 

View Name Device name

Date/Time Oct xx xx:xx:xx

Site Sitename

Event Category System.Normal Conditions.Services

Current Severity Low (1/5)

Peak Severity Severe (5/5)

Peak Time Oct xx xx:xx:xx

Trend Up (0.00%)

Count 80

Device Name x.x.x.x

Device IP deviceIP x.x.x.x

Device Class device class

Device Type device type

Source IP 

Source Port 

Destination IP

 

It seems like the admin have to login everytime on envision and look for the timestamp to find what happend which is kind of defeat the purpose of such an email alert . What use is an email alert if it doesnt tell about the alert .

 

I am new to this platform & dont know if I am setting email alert on envision wrong and would really appreciate if someone can point me to the right direction of how to setup email alert to send alert with actual logs .

Outcomes