How to configure Security Analytics to email notification when Capture started/stopped on an interface.

book

Article ID: 168717

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

In v7.1.x, we have removed some of that functionality in the UI, and replaced it with "dslc" from the CLI except for the System Events as shown below.

User-added image

Resolution

To enable email notifications for the network capture event enter the following command at the terminal prompt:

dslc enable category capture email
 

Sample output:
[[email protected] ~]# dslc enable category capture email
Enable method: email for category capture
Stopping syslog-ng:                                        [  OK  ]
Starting syslog-ng:                                        [  OK  ]
Stopping snmpd:                                            [  OK  ]
Changes successfully submitted.


[[email protected] ~]# dslc show all
 
---------------------------
MISC                LOCAL 
SYSTEM              LOCAL EMAIL 
USER                LOCAL 
PLAYBACK            LOCAL 
CAPTURE             LOCAL EMAIL 
DEEPSEE             LOCAL 
HARDWARE            LOCAL 
RULES               
ALERTS              LOCAL 


Reference: https://bto.bluecoat.com/webguides/security_analytics/7.1/platform_webguide/desktop/_Reference/ds_cli/dslc.htm
 

Attachments