The Alerts page lists recent rule-based security alerts in chronological order (with newest events at the top of the list).
Topics:
- What are the different columns in the table?
- What do the different status colors mean?
- How can I control which events are shown?
- How can I get more detail on a specific event?
- How can I get events set to me?
What are the different columns in the table?
Each alert has the following attributes:
- Status, the status box indicates the severity of the alert.
- Time, the time when the alert occurred.
- Address, the address of the host that triggered the alert.
- SID, the rule number associated with the alert.
- Class Type, the threat type associated with the rule.
- Message, a description of the threat identified by the rule.
What do the different status colors mean?
The following colors are used in the Status column:
- Inform An event provided for informational purposes, no action required.
- Warn An event reporting a problem that may require further investigation.
- Severe An event requiring immediate attention.
How can I control which events are shown?
The Filter options at the top of the screen control the Interval, Class Type, SID of alerts displayed. The Truncate option controls the number of events displayed.
How can I get more detail on a specific event?
Click on any alert to see additional information, including links to other applications that will help identify the cause of the alert.
How can I get events set to me?
Click on the button to access the filtered event list as an RSS feed.
You can also forward events as SNMP traps, syslog events or email (see File>Configure).