37 Event action definitions

10.Select the product from the Available Products list and click the right arrow button to move it to the Selected Products list.

11.Click OK.

Snort message forwarding

Snort is a third-party tool that monitors network traffic in real time. When Snort detects dangerous payloads or other abnormal behavior, it sends an alert to the syslog in real time. You can turn Snort messages on or off using the Add Syslog Filter dialog box

By default, the Forward Snort© Messages feature is not enabled. You must enable it to have Snort messages forwarded to the configured syslog destinations.

You can forward Snort messages, by selecting the Forward Snort® Messages check box in the Add Syslog Filter dialog box (refer to step 8 in “Adding a syslog filter” on page 1164).

Event action definitions

To reduce the amount of events being logged in the Management application database, the Event Actions dialog box allows you to control what events the Management application monitors, on which products they are to be monitored, how often they are to be monitored, and what to do when the monitored events are generated. This information can be defined by creating an event action definition.

For example, you can create an event action definition if you want the Management application to monitor link up and link down traps only, and only on products that belong to Product Group 1. Furthermore, you may want these traps to be logged in the Management application database only if they occur 10 times within a 5-minute interval. You may also want an e-mail message sent to a network administrator when these traps are generated.

In another case, you may not want to log any occurrence of Topology Change traps from Product Group 2. You may also want to disable a port on a product if an event that resembles an attack on the network occurs at a certain frequency.

Creating an event action definition

You can configure event policies for events you want to monitor. Use the Event Actions dialog box, shown in Figure 482, to customize the event management policy using triggers and actions.

To customize the event management policy, complete the following steps.

1.Select Monitor > Event Processing > Event Actions.

The Event Actions dialog box, shown in Figure 482, displays.

1166

Brocade Network Advisor IP User Manual

 

53-1003056-01

Page 1218
Image 1218
Brocade Communications Systems IP250 user manual Event action definitions, Snort message forwarding