Alert Types

The alert types are:

Adaptive Baseline Alert

Use the Adaptive Baseline Alert to notify you if message rates fall above or below your average baseline range for the specified day and time of the week.

Cisco PIX/ASA Messages Alert

The Cisco PIX Messages alert allows for triggering on PIX message criticality, code, and message rate. Since this alert is specific to Cisco PIX messages, the alert device selection is limited to Cisco PIX devices.

Message Volume Alert

The Message Volume-Based alert allows alerting when message volume falls below, or is above, preset messages-per-second thresholds. This alert applies to all devices.

Network Policy Alert

The Network Policy Alert allows for auditing firewall policies. The Network Policy Alert Rules should mirror your firewall policy rules. Any firewall messages matching the Deny Policy Action Rules trigger the alert, or outside of the Accept Policy Action Rules, trigger the alert.

Note: Network Policy Alert Rules (Rules Tab) are required for this alert to trigger.

Search Filter Alert

The Pre-Defined Search Filter Alert allows for alert notification when a text search match occurs within the received log message. This alert leverages the Log Appliance search filters for the text search match definitions. To define the text match for the alert, use Search Filters on the navigation tree.

Ratio Based Alert

The Ratio Based Alert triggers when the percentage of a specified message type exceeds or falls below specified percentages.

For example, the Denied/(Accept+Denied) Alert Ratio can be used to trigger an alert when the number of Denied messages exceeds 90% of the Accept and Denied message count.

System Alert

The System Alert allows for notification when system health and status criteria exceed acceptable bounds.

VPN Connection Alert

The VPN Connection Alert triggers when a VPN connection is denied access and/or disconnected. The VPN Connection alert is only applicable to Cisco VPN, Radius, and Nortel Contivity devices.

VPN Message Alert

The VPN Message Alert triggers on combinations of specific VPN message area, severity, and code. This alert is applicable to Cisco VPN devices.

VPN Statistics Alert

The VPN Statistics Alert triggers when recorded statistics on VPN or Radius messages match relative or absolute criteria.

For example, you can configure an alert to trigger when the Number of Bytes Received per day for a specific user exceeds 1Mb per day, which is an absolute value. The alert rule can also be configured as a relative rule, such as “grows by 10%.”