Legacy Notifications Configuration Panel

The Legacy Notifications Configuration panel provides the ability to configure syslog and SNMP notification settings. These configurations are used for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

Procedures related to these settings are described in Configure Syslog and SNMP Settings.

Workflow

netwitness_legacywkflw.png

What do you want to do?

Role I want to ... Show me how
Administrator Configure Syslog Settings Configure Syslog and SNMP Settings
Administrator Configure SNMP Settings Configure Syslog and SNMP Settings

Related Topics

Quick Look


122_LegNot116_1122.PNG

1 Displays the Legacy Notification Configuration Panel.
2 Allows the user to configure syslog notifications for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.
3 Allows the user to configure SNMP notifications for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

 

The Legacy Notifications Configuration Panel consists of two sections: Syslog Settings and SNMP Settings.

Syslog Settings

The following table describes the available options for configuring syslog notifications for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

Feature Description
Enable Enables the syslog settings configured here.
Server Name Specifies the host where the target syslog process is running.
Server port Specifies the port where the target syslog process is listening.
Facility Specifies the designated syslog facility to use for all outgoing messages. Possible values are KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, CRON, AUTHPRIV, FTP, LOCAL1 through LOCAL7.
Encoding Specifies the encoding to use for text in syslog messages, for example, UTF-8.
Format Specifies the message format. Possible values are: Default, PCI DSS, or SEC.
Protocol Specifies the communications protocol used when sending syslogs: UDP or TCP. By default, the UDP protocol is selected.
Max length Specifies the maximum length in bytes of any syslog message. The default value is 2048. Messages that exceed the maximum length are truncated when the Truncate overly large syslog messages checkbox is selected.
Truncate overly large syslog messages When checked, any messages exceeding the maximum length are truncated.
Include the local timestamp in syslog messages When checked, NetWitness includes the local timestamp in messages.
Include the local hostname in syslog messages When checked, NetWitness includes the local hostname in syslog messages.
Optionally use IDENT protocol When checked, NetWitness prepends the identity string to outgoing syslog alerts.
Identity string This is an identity string to be prepended to each syslog alert. If the string is blank, no identity string is prepended to the outgoing syslog alerts. You can use this to identify the source of the alert. Users conventionally set it to the name of the program that sends the syslog message.
Apply Applies the syslog configuration settings.

SNMP Settings

The following table describes the available options for configuring SNMP notifications for Entitlement, legacy Event Source Management (ESM), Warehouse Connector monitoring, and Archiver monitoring.

Feature Description
Enable Enables the SNMP settings configured here.
Server Name Specifies the SNMP trap host.
Server port Specifies the listening port on the SNMP trap host
SNMP version Specifies the SNMP version, v1 or v2c.
Trap OID Specifies the object ID for the SNMP trap on the trap host that receives the audit event. The default value is 0.0.0.0.0.1.
Community Specifies the community string used to authenticate on the SNMP trap host, the default value is public.
Enable Enables SNMP notifications as configured here.
Apply Applies the SNMP configuration settings.