Snort Message Forwarding; Event Action Definitions; Creating An Event Action Definition - Brocade Communications Systems StoreFabric SN6500B User Manual

32

Event action definitions

9. Select the product from the Available Products list and click the right arrow button to move it to
10. Click OK.

Snort message forwarding

Snort is a third-party tool that monitors network traffic in real time. When Snort detects dangerous
payloads or other abnormal behavior, it sends an alert to the syslog in real time. You can turn Snort
messages on or off using the Add Syslog Filter dialog box
By default, the Forward Snort© Messages feature is not enabled. You must enable it to have Snort
messages forwarded to the configured syslog destinations.
You can forward Snort messages, by selecting the Forward Snort® Messages check box in the Add
Syslog Filter dialog box (refer to

Event action definitions

To reduce the amount of events being logged in the Management application database, the Event
Actions dialog box allows you to control what events the Management application monitors, on
which products they are to be monitored, how often they are to be monitored, and what to do when
the monitored events are generated. This information can be defined by creating an event action
definition.
For example, you can create an event action definition if you want the Management application to
monitor link up and link down traps only, and only on products that belong to Product Group 1.
Furthermore, you may want these traps to be logged in the Management application database only
if they occur 10 times within a 5-minute interval. You may also want an e-mail message sent to a
network administrator when these traps are generated.
In another case, you may not want to log any occurrence of Topology Change traps from Product
Group 2. You may also want to disable a port on a product if an event that resembles an attack on
the network occurs at a certain frequency.

Creating an event action definition

You can configure event policies for events you want to monitor. Use the Event Actions dialog box,
shown in
1. Select Monitor > Event Processing > Event Actions.
996
the Selected Products list.
Figure 433, to customize the event management policy using triggers and actions.
The Event Actions dialog box, shown in
step 8 in "Adding a syslog filter"
Figure 433, displays.
on page 995).
Brocade Network Advisor SAN User Manual
53-1002696-01