Snort message forwarding, Event action definitions, Creating an event action definition – Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 1332: Creating an, Event action definition, Event action definitions 0
1280
Brocade Network Advisor SAN User Manual
53-1003154-01
Event action definitions
32
10. Select the product from the Available Products list and click the right arrow button to move it to
the Selected Products list.
11. Click OK.
Snort message forwarding
Snort is a third-party tool that monitors network traffic in real time. When Snort detects dangerous
payloads or other abnormal behavior, it sends an alert to the syslog in real time. You can turn Snort
messages on or off using the Add Syslog Filter dialog box
By default, the Forward Snort© Messages feature is not enabled. You must enable it to have Snort
messages forwarded to the configured syslog destinations.
You can forward Snort messages, by selecting the Forward Snort® Messages check box in the
Add Syslog Filter dialog box (refer to
Event action definitions
To reduce the amount of events being logged in the Management application database, the
Event Actions dialog box allows you to control what events the Management application monitors,
on which products they are to be monitored, how often they are to be monitored, and what to do
when the monitored events are generated. This information can be defined by creating an event
action definition.
For example, you can create an event action definition if you want the Management application to
monitor link up and link down traps only, and only on products that belong to Product Group 1.
Furthermore, you may want these traps to be logged in the Management application database only
if they occur 10 times within a 5-minute interval. You may also want an e-mail message sent to a
network administrator when these traps are generated.
In another case, you may not want to log any occurrence of Topology Change traps from Product
Group 2. You may also want to disable a port on a product if an event that resembles an attack on
the network occurs at a certain frequency.
Creating an event action definition
You can configure event policies for events you want to monitor. Use the Event Actions dialog box,
shown in
, to customize the event management policy using triggers and actions.
To customize the event management policy, complete the following steps.
1. Select Monitor > Event Processing > Event Actions.
The Event Actions dialog box, shown in
, displays.