12-29
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter12 Managing Alarms
Creating, Editing, and Duplicating Alarm Thresholds
You can specify one or more filters to limit the failed authentications that are considered for threshold
evaluation. Each filter is associated with a particular attribute in the records and only those records that
match the filter condition are counted. If you specify multiple filter values, only the records that match
all the filter conditions are counted.
Choose this category to define threshold criteria based on an external database that ACS is unable to
connect to. Modify the fields in the Criteria tab as described in Table 12-22.
Related Topics
Creating, Editing, and Duplicating Alarm Thresholds, page 12-11
Configuring General Threshold Information, page12-13
Configuring Threshold Notifications, page 12-32
RBACL Drops
When ACS evaluates this threshold, it examines Cisco Security Group Access RBACL drops that
occurred during the specified interval up to the previous 24 hours. The RBACL drop records are grouped
by a particular common attribute, such as NAD, SGT, and so on.
A count of such records within each of those groups is computed. If the count for any group exceeds the
specified threshold, an alarm is triggered. For example, consider the f ollowing threshold configuration:
RBACL Drops greater than 10 in the past 4 hours by a SGT.
Table12-22 External DB Unavailable
Option Description
External DB Unavailable percent|count greater than num in the past time Minutes|Hours for a object, where:
Percent|Count value can be Percent or Count.
num values can be any one of the following:
0 to 99 for percent
0 to 99999 for count
time values can be 1 to 1440 minutes, or 1 to 24 hours.
Minutes|Hours value can be Minutes or Hours.
object values can be:
ACS Instance
Identity Store
Filter
ACS Instance Click Select to choose a valid ACS instance on which to configure your threshold.
Identity Group Click Select to choose a valid identity group name on which to configure your threshold.
Identity Store Click Select to choose a valid identity store name on which to configure your threshold.
Access Service Click Select to choose a valid access service name on which to configure your threshold.
Protocol Use the drop-down list box to configure the protocol that you want to use for your threshold.
Valid options are:
RADIUS
TACACS+