Setting Triggers For Ids Events; Setting Triggers For Amp Health; Delivering Triggered Alerts - Dell PowerConnect W-Airwave User Manual

Setting Triggers for IDS Events

Perform the following steps to configure Intrusion Detection System (IDS)-related triggers.
a. Choose the Device IDS Events trigger type from the drop-down Type menu. See
describes condition settings for this trigger
Table 111 Device IDS Events Authentication Trigger Types and Condition Settings
IDS Trigger
Options
Device IDS
Events
Rogue Device
Classified
b. Repeat this procedure for as many triggers and conditions as desired. Refer to the start of
Triggers" on page 183

Setting Triggers for AMP Health

After completing steps 1-3 in
IDS-related triggers.
a. Choose the Disk Usage trigger type from the drop-down Type menu. See
Table 112
Table 112 Disk Usage Trigger and Condition Settings
AMP Health
Trigger
Disk Usage
b. Repeat this procedure for as many triggers and conditions as desired. Refer to the start of
Triggers" on page 183

Delivering Triggered Alerts

AMP uses Postfix to deliver alerts and reports via email because it provides a high level of security and queues
email locally until delivery. If AMP is located behind a firewall, preventing it from sending email directly to a
specified recipient, use the following procedures to forward email to a smarthost.
1. Add the following line to /etc/postfix/main.cf:
relayhost = [mail.example.com]
where mail.example.com is the IP address or hostname of your smarthost.
2. Run
Dell PowerConnect W-AirWave | User Guide
Description
This trigger type is based on the number of IDS events has exceeded the threshold specified as Count in
the Condition within the period of time specified in seconds in Duration. Alerts can also be generated for
traps based on name, category or severity. Select Add New Trigger Condition to specify the count
characteristics that trigger an IDS alert.
This trigger type indicates that a device has been discovered with the specified Rogue Score. Ad-hoc
devices can be excluded automatically from this trigger by selecting Yes. See
Classification" on page 163
Once you choose this trigger type, select Add New Trigger Condition to create one or more conditions. A
condition for this trigger enables you to specify the nature of the rogue device in multiple ways.
to create a new trigger.
"Creating New Triggers" on
describes the condition settings for this trigger
Description
This trigger type is based on the disk usage of AMP. This type of trigger indicates that disk usage for the
AMP server has met or surpassed a defined threshold. Select Add New Trigger Condition to specify the disk
usage characteristics that trigger an alert.
Setting one of these triggers at 90% is recommended, so you receive a warning before AMP suffers
performance degradation due to lack of disk space.
to create a new trigger.
service postfix restart
type.
for more information on score definitions and discovery methods.
page 183, perform the following steps to configure
.
Figure
"Using RAPIDS and Rogue
Figure 131
type.
Performing Daily Administration in AirWave | 189
131. Table 111
"Creating New
for trigger types.
"Creating New