Firewall Analyzer - Alarm Profiles - How to
1. How to get real time alert for high priority events?
You can achieve this by Normal Alert.
- Select Normal Alert in Profile Type.
- Select the devices, for which the alarm needs to be triggered.
- Select Severity in filter details and give value based on the below table as required.
Severity
|
Severity Number |
| Emergency |
0 |
| Alert |
1 |
| Critical |
2 |
| Error |
3 |
| Warning |
4 |
| Notification |
5 |
| Information |
6 |
- Enter the threshold criteria for the alarm to be triggered.
- Click Save to save the alarm profile.
2. How to define criteria for Source/Destination IP address for Normal Alert?
You can provide is condition value in 3 ways.
- Single IP Address.
Example: 192.168.140.154
- CIDR values.
Example: 192.168.0.0/16
- IP Range.
Example: 192.168.22.0-192.168.25.255
In addition to above criteria, you can use isn't, Contains, Not Contains, starts with, and ends with based on your requirement.
3. How to get alert for Cisco firewall based on Log ID?
- Select Normal Alert in Profile Type.
- Select the devices, for which the alarm needs to be triggered.
- Select Log ID or Message in filter details.
Example:
Log ID - is - 302016
Message - Contains - 302016
- Enter the threshold criteria for the alarm to be triggered.
- Click Save to save the alarm profile.
