Summary
A "Notification Contact" sends messages to the email address or specified SNMP. All email or SNMP contacts must be added from the Notification Contacts page. If the default email server is not configured on the device, you will be prompted to configure it before adding a contact.
Note: Before creating an Email or notification contact, you must configure Email and SMTP server settings on the IPS device from the Email Server page.
Alert Aggregation and the Aggregation Period - The IPS uses Alert Aggregation to prevent system performance problems resulting from an excessive number of notification requests. Because a single packet can trigger an alert, attacks with large numbers of packets could potentially flood the alert mechanism used to send out notifications. Alert aggregation allows you to receive alert notifications at intervals to prevent this flooding.
For example, if the aggregation interval is 5 minutes, the system sends an alert at the first IPS filter trigger collects subsequent alerts, and sends them out every five minutes. On the IPS, alert aggregation is controlled by the aggregation period that you configure when you create a notification contact. This setting is required for all notification contacts.
CAUTION: Short aggregation periods can significantly affect system performance. The shorter the aggregation period, the higher the system load. In the event of a flood attack, a short aggregation period can lead to system performance problems.
Procedure
- On the LSM menu, click Policy > Notification Contacts.
- Click Add.
- On the Create Contact page, select Email or SNMP.
- Enter the contact name.
- Enter the Aggregation Period. Longer aggregation periods improve system performance.
- If the contact is an email contact, enter the address where notifications will be sent in the To Email Address field. If the contact is an SNMP contact, enter the host IP address and port number.
- Click Create to save the changes.
Note: SNMP notification contacts require SNMPv2 and will not work when SNMPv2 is disabled.
Reference: Local Security Manager User's Guide
