Configure system audit events

Configure where we want ISIM virtual appliance to send notifications about changes to system settings and problems with the virtual appliance.

Available objects include system audit events that are predefined in the virtual appliance and any system audit event objects we created. Important: Predefined system audit event objects cannot be deleted from the virtual appliance because they contain all the events that take place on the virtual appliance eventually. When we create objects such as SNMP, email, or syslog, you can delete these created objects.

1. From the top-level menu of the Appliance Dashboard, click Manage > System Settings > System Audit Events. The System Audit Events page displays the Available Objects pane and the Added Objects pane.

2. In the System Audit Events page, complete one or more of the following tasks.

   • To create a system audit event object, click New.The following system audit event objects are listed:
     • SNMP
     • Email
     • Remote Syslog
     See these related topics to configure one or more of the following system audit event objects.
     • Configure SNMP objects
     • Configure email objects
     • Configure remote syslog objects

   • To receive notifications for problems with the system, select one or more system audit event objects from the Available Objects pane, and add or move them to the Added Objects pane.

   • To edit a system audit event object, complete the following steps:
     1. Select a system audit event object in the Added Objects pane.
     2. Click Edit.
     3. Change the values in these fields according to your requirement.
        • Name

        • Total Event Storage Limit
        • NAP Events Allocation
        • IPS Events Allocation
        • System Events Allocation
        • Comment
     4. Click Save Configuration.
3. Optional: To delete a system audit event object, do these steps.
   1. Select a system audit event object we created.
   2. Click Delete.
   3. Click Yes to confirm.
4. Click Save Configuration.
5. Optional: Click Reset to revert to the last updated changes.

• Configure SNMP objects
  Configure Simple Network Management Protocol (SNMP) objects to enable ISIM virtual appliance to send system audit events to an SNMP manager. The SNMP notifications identify certain values and send them to an SNMP manager.
• Configure email objects
  We can create email objects to send an email notification to specified users or to administrators when specified events occur on your network. We can also select the event parameters to include in the message so that important information about detected events is provided.
• Configure remote syslog objects
  Configure remote syslog objects to enable the system to record system events in a remote log file.

Parent topic: Manage system settings for the virtual appliance