Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

156

Network OS NETCONF Operations Guide

53-1003231-02

Security monitoring

12

In the <sec-buffer> element, specify the buffer value for in-range behavior.

d. The <alert> node element.

7. Under the <alert> node element, include the <above> and <below> node elements.

8. Under the <above> node, include the <sec-above-highthresh-action> element and specify the

actions to be taken when a the error count rises above the high threshold. Specify “email” to
generate an e-mail message when the high threshold is breached, “raslog” to generate a
RASlog message, “all” to perform both actions, or “none” to do nothing.

9. Under the <below> node, specify the actions to be taken when a the error count drops below

each threshold in the following leaf elements.

a. In the <sec-below-highthresh-action> element, specify “email,” “raslog,” “all,” or “none.”

b. In the <sec-above-lowthresh-action> element, specify “email,” “raslog,” “all,” or “none.”

The following example configures a security policy that generates a RASlog message when a
high threshold value of 10 telnet violations is breached.

<rpc message-id="1117" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<edit-config>

<target>

<running/>

</target>

<config>

<threshold-monitor-hidden

xmlns="urn:brocade.com:mgmt:brocade-threshold-monitor">

<threshold-monitor>

<security>

<policy>

<sec_policy_name>cusotm</sec_policy_name>

<area>

<sec_area_value>telnet-violation</sec_area_value>

<timebase>hour</timebase>

<threshold>

<sec-high-threshold>10</sec-high-threshold>

<sec-buffer>3</sec-buffer>

</threshold>

<alert>

<above>

<sec-above-highthresh-action>raslog

</sec-above-highthresh-action>

</above>

</alert>

</area>

</policy>

</security>

</threshold-monitor>

</threshold-monitor-hidden>

</config>

</edit-config>

</rpc>

<rpc-reply message-id="1117" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<ok/>

</rpc-reply>