11 Replies Latest reply on Aug 12, 2015 2:28 PM by rharland2012

    Manage Alerts Help

    itforensicsphil

      I was wondering if anyone knows how to configure alerts so that it will only alert for New Mac on a certain device such as a Switch.

        • Re: Manage Alerts Help
          rharland2012

          I would try the following:

           

          Once navigating to Manage Alerts, I would duplicate and edit the 'Alert me when a new MAC address appears on network' alert. I would add a secondary section to alert on node and make sure that secondary section is set to 'And'.

          To cover all of my switches, I would set the node vendor equal to the switch maker and make that the trigger condition for the secondary section.

          I'm not positive this will give you the result you're looking for - I don't run this alert in production today - but it seems somewhat logical. This presumes that the 'vendor' field does not reference the new MAC, but instead the device from which the new MAC was discovered.

           

           

          1 of 1 people found this helpful
          • Re: Manage Alerts Help
            rharland2012

            Well, I got too curious and had to try it!

            Works as advertised for me.

            Good luck!

            PS - you'll have to enable complex conditions on the alert itself (bottom of the first page when editing the alert).

            You don't need any reset actions.

            You'll have to amend the text of the email to your preference.

            Other than that, fun!

            1 of 1 people found this helpful