How do I add / modify the Alerts that are emailed from the Cisco Web Security Appliance?

Available Languages

Updated:July 17, 2014
Document ID:117991

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Question

How do I add / modify the Alerts that are emailed from the Cisco Web Security Appliance?

Environment

Cisco Web Security Appliance (WSA), all versions of AsyncOS.

The Cisco Web Security Appliance (WSA) has many different email alerts that are sent out. You can modify which alerts are sent out as well as to which email addresses. This can be done via the CLI or the GUI. Please see the instructions below:

GUI


Go to 'System Administration' tab -> 'Alerts':

  • To modify the alerts on an already configured email address, please click the email address you wish to modify.
  • To add a new email address to receive the alerts, please click the 'Add Recipient...' button.

CLI


WSA_CLI> alertconfig

Sending alerts to:

admin@domain.com
Class: All - Severities: All

Initial number of seconds to wait before sending a duplicate alert: 300
Maximum number of seconds to wait before sending a duplicate alert: 3600

Alerts will be sent using the system-default From Address.

......

Choose the operation you want to perform:
- NEW - Add a new email address to send alerts.
- EDIT - Modify alert subscription for an email address.
- DELETE - Remove an email address.
- CLEAR - Remove all email addresses (disable alerts).
- SETUP - Configure alert settings.
- FROM - Configure the From Address of alert emails.
[]> new


Please enter a new email address to send alerts (Ex: "administrator@example.com")
[]> email@test.com


Choose the Alert Classes.  Separate multiple choices with commas.
1. All
2. System
3. Hardware
4. Updater
5. Web Proxy
6. DVS and Anti-Malware
7. L4 Traffic Monitor
[1]> 2,4,7


Select a Severity Level.  Separate multiple choices with commas.
1. All
2. Critical
3. Warning
4. Information
[1]> 1


Note:

Multiple Alert Classes and Severity Levels can be chosen by separating the corresponding numbers with a comma.

Example:

In the previous example (2,4,7), the Alerts to be sent are 'System', 'Updater', and 'L4 traffic monitor'.

You may not want all the selected Alert Classes to have the same Severity Level. If this is the case, you will have to choose the 'Edit' option after specifying the Severity Level and specify each Severity Level per Alert Class.

Revision History

Revision Publish Date Comments
1.0
17-Jul-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Josh Wolfer and Siddharth Rajpathak
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products