Notificationapp - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Appendix A System Architecture
There are five types of events:
•
•
•
•
•
You can view the status and error messages using the CLI, IDM, and ASDM.
SensorApp and Network Access Controller log response actions (TCP resets, IP logging start and stop,
blocking start and stop, trigger packet) as status messages.

NotificationApp

NotificationApp allows the sensor to send alerts and system error messages as SNMP traps. It subscribes
to events in the Event Store and translates them into SNMP MIBs and sends them to destinations through
a public-domain SNMP agent. NotificationApp supports sending sets and gets. The SNMP GETs provide
information about basic sensor health.
NotificationApp sends the following information from the <evAlert> event in sparse mode:
•
•
•
•
•
•
•
•
•
NotificationApp sends the following information from the <evAlert> event in detail mode:
•
•
•
•
•
•
•
•
•
•
78-16527-01
<evAlert>—Alert event messages that report when a signature is triggered by network activity.
<evStatus>—Status event messages that report the status and actions of the IPS applications.
<evError>— Error event messages that report errors that occurred while attempting response
actions.
<evLogTransaction>—Log transaction messages that report the control transactions processed by
each sensor application.
<evShunRqst>—Block request messages that report when Network Access Controller issues a block
request.
Originator information
Event ID
Event severity
Time (UTC and local time)
Signature name
Signature ID
Subsignature ID
Participant information
Alarm traits
Originator information
Event ID
Event severity
Time (UTC and local time)
Signature name
Signature ID
Subsignature ID
Version
Summary
Interface group
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
MainApp
A-9