Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Stephan_Lache
Participant

System Alert mails only for severity high/critical

Hello Checkmates,

At the moment I get a ton of alert mails due to a  rad event for a specific domain name.

I have two questions:

1) Does anyone know how to handle the rad error " Failed to decrypt CP site response"

2) Is there a way to only get alert mails for events with severity higher then 3 ( high/critical) ?

 

Gateways are on version R81.10 ( HFA Take 110)

 

Thanks in advance

Stephan

 

 

 

 

 

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

For the first issue, I would contact the TAC: https://help.checkpoint.com.
For the second issue, you'll probably have to write a script to run when "Alerts" occur to send email at the appropriate time.
The script will be sent the log entry as stdin, which you will have to parse.

Stephan_Lache
Participant

Thank you PhoneBoy !

0 Kudos
the_rock
Legend
Legend

I would follow what Phoneboy said for 2nd issue, and for the 1st problem, yes, you should contact TAC, but also, based on some posts I had seen on this, seems to me you may need global exception under threat prevention policy.

Best,

Andy

0 Kudos
Stephan_Lache
Participant

Hi Andy,

thanks for the idea with the exception.

Stephan

0 Kudos
the_rock
Legend
Legend

No worries, let us know if it works.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events