Manage Notifications Window

This window lists all the notifications you create, and lets you enable, add, edit, and test specific notification rules. Notifications allow you to create alert actions performed when specific events or triggers take place in NAC Manager. Notification actions include sending an email, creating a syslog entry, sending an SNMP trap, and launching a custom program or script.

To access this window, select the Manage Notifications button Manage Notifications in the NAC Manager toolbar.

NAC Manager comes with four default notifications that you can enable and use as is, or edit if desired. You see the default notifications when you open the Manage Notifications window, as shown below. To enable a default notification, you must perform the following steps:

  1. Select the notification in the table and click the Edit button to open the Edit Notification Action window.
  2. Use the Edit Email Lists button and change the default address to an address specific to your network.

    Default notifications are configured to send an email to this address.
  3. Configure the SMTP E-Mail Server option in the Suite Options (Tools > Options > Suite Options) to identify the SMTP email server used for outgoing messages generated by the Notification feature.
  4. Click on the Enable Notification checkbox and then click OK in the Edit Notification Action window.

    The default notification is now enabled in the Manage Notifications window.

Here are some examples of how notifications can be used to alert you of changes or events in your network:

  • Send an email to the Helpdesk when an end-system changes location, for example if it moves from a wired connection in a building to a wireless connection outside.
  • Send a trap if an end-system fails registration.
  • Send a syslog message if an end-system reports a high risk assessment result.
  • Send an email if an end-system that is reported as a stolen laptop authenticates on the network.
  • Send an email if someone logs into the network after normal work hours.
  • Send an email when an end-system is added or removed from an end-system group, such as the Blacklist end-system group or other defined end-system group.
  • Send an email when a user is added or removed from a user group, such as an Administrator or Help Desk user group.

For more information and examples on creating Notifications, see the Edit Notification Action window Help topic.

Click areas in the window for more information.

Buttons Configuration Menu Button Enabled Name Type Trigger Action Override Content Notes Manage Notifications Window

Buttons
Use these buttons to add, edit, delete, or test a notification.
  • Add New Notification - opens the Edit Notification Action window where you can define a new notification rule.
  • Edit Notification - select a notification in the table and click this button to open the Edit Notification Action window where you can edit the notification rule actions.
  • Delete Selected Notifications - select one or more notifications in the table and click this button to delete the notifications.
  • Test Notification - opens the Edit Test Data window where you can configure the keyword values needed to perform a test of the notification you select in the table. Click the Send Test button to perform the test.
Configuration Menu Button
Use the configuration menu button to:
  • Create Default SIEM Notifications - Creates five default notifications that allow the Extreme Access Control notification feature to integrate with Extreme Networks SIEM (Security Information and Event Manager) by sending syslog messages to your SIEM server. The notifications are based on the following conditions and triggers:
    • Any Registration event
    • Any Health Result
    • End-System events:
      • End-System added
      • End-System moved
      • End-System State changed

    The generated syslog messages include the following information:
    • IP address
    • MAC address
    • Switch IP address
    • Switch port
    • Switch location
    • Hostname
    • Operating system
    • State
    • Extended State
    • Reason
    • Extreme Access Control Engine IP address
  • Change Default SIEM Server - Use this option to change the default SIEM server IP address used when you generate new default SIEM notifications. The specified default SIEM server only applies to newly generated notifications; manually edit previously generated notifications to change the server.
Enabled
Use the checkbox to enable or disable a notification. When a notification is enabled, the defined action takes place when the trigger occurs and the conditions are met.
Name
The name of the notification.
Type
The notification type defines the source of the event triggering the notification: End-System Group, End-System, User Group, Health Result, or Registration.
Trigger
The trigger determines when a notification action occurs, based on filtering for a specific event.
Action
The actions that take place when a notification is triggered.
Override Content
Specifies whether Override Content is enabled or disabled for the notification. If Override Content is enabled, then the notification action defaults defined in the suite-wide Notification Engine options (Tools > Options > Suite Options) are changed for this specific notification.
Notes
A short description of the notification rule. This description is created when a new notification is added.

Related Information

For information on related windows:

Top