Author Topic: how to configure - alerts based on windows changes/switches/routers  (Read 5485 times)

Capt_Winters

  • Sr. Member
  • ****
  • Posts: 320
  • Karma: +0/-0
    • View Profile
hi,
  just wondering if this can be done on STRM..2010...

   All administrative changes being done on my windows machine, switches, routers will be monitored and administrators are notified by sms or email...for instance;

    User <<blahblahblah> changed an ip address on one of the interface of the switch (switch name)......


  somethin like that..

  possible?

  need your help

winters

mkuljukk

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
hi,
  just wondering if this can be done on STRM..2010...

   All administrative changes being done on my windows machine, switches, routers will be monitored and administrators are notified by sms or email...for instance;

    User <<blahblahblah> changed an ip address on one of the interface of the switch (switch name)......


  somethin like that..

  possible?

  need your help

winters

This  is possible is the log source logs configuration changes. For example SRX firewalls send UI_CFG_AUDIT_SET -event everytime someone changes the configuration.
You can then create a event rule that sends you email if such an event is recorded byt STRM. You might probably want to have more filters to restrict spam, but in general this would be one way to achieve the result. The email includes the log entry so you can see what has changed (at least in SRX case)

So the point is just to find out what kind of events you get from different log sources when configuration changes and build a event rule that catches them.