How to configure Security Analytics to email notification when Capture started/stopped on an interface.

search cancel

How to configure Security Analytics to email notification when Capture started/stopped on an interface.

book

Article ID: 168717

calendar_today

Updated On:

Products

Security Analytics Security Analytics - VA

Issue/Introduction

In v7.1.x, we have removed some of that functionality in the UI, and replaced it with "dslc" from the CLI except for the System Events as shown below.

User-added image

Resolution

To enable email notifications for the network capture event enter the following command at the terminal prompt:

dslc enable category capture email

Sample output:

[root@SA ~]# dslc enable category capture email
Enable method: email for category capture
Stopping syslog-ng:                               [  OK  ]
Starting syslog-ng:                               [  OK  ]
Stopping snmpd:                                   [  OK  ]
Changes successfully submitted.

[root@SA ~]# dslc show all
 
---------------------------
MISC                LOCAL 
SYSTEM              LOCAL EMAIL 
USER                LOCAL 
PLAYBACK            LOCAL 
CAPTURE             LOCAL EMAIL 
DEEPSEE             LOCAL 
HARDWARE            LOCAL 
RULES               
ALERTS              LOCAL

Feedback

thumb_up Yes

thumb_down No