Secure Firewall Management Center Alert Responses
External event notification via SNMP, syslog, or email can help with critical-system monitoring. The Secure Firewall Management Center uses configurable alert responses to interact with external servers. An alert response is a configuration that represents a connection to an email, SNMP, or syslog server. They are called responses because you can use them to send alerts in response to events detected by Secure Firewall. You can configure multiple alert responses to send different types of alerts to different monitoring servers and/or people.
Note | Depending on your device and Secure Firewall version, alert responses may not be the best way to send syslog messages. See About Syslog. |
Note | Alerts that use alert responses are sent by the Secure Firewall Management Center. Intrusion email alerts, which do not use alert responses, are also sent by the Secure Firewall Management Center. By contrast, SNMP and syslog alerts that are based on individual intrusion rules triggering are sent directly by managed devices. |
In most cases, the information in an external alert is the same as the information in any associated event you logged to the database. However, for correlation event alerts where the correlation rule contains a connection tracker, the information you receive is the same as for an alert on a traffic profile change, regardless of the base event type.
You create and manage alert responses on the Alerts page (). New alert responses are automatically enabled. To temporarily stop alert generation, you can disable alert responses rather than deleting them.
Changes to alert responses take effect immediately, except when sending connection logs to an SNMP trap or syslog server.