Alerts are enabled for most sensors by default, but messages for the alerts are not sent to a Syslog server unless you configure the target for Syslog messages.
About Syslog Alerting
The alerting feature lets you specify parameters for alerts to be sent to a CEF-compliant Syslog server. Syslog is a standard protocol for handling log messages in a heterogeneous environment. A Syslog server that is running a syslog daemon collects log messages, and sometimes filters and processes the messages. The log messages pass to the Syslog server from devices on the network such as routers and switches.
Each syslog message corresponds to a single alert for an anomaly cluster or for a basic anomaly. An anomaly cluster alert contains details about the basic anomalies in the cluster. The details can give the appearance of multiple entries in the message.
The alert format complies with the Common Event Format (CEF) standard. The message type formats are described in the following topics:
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|