Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

CSP Event severity help

Updated: 10 Jun 2010 | 2 comments
zenworksb's picture
zenworksb
Accredited
0 0 Votes
Login to vote

Hello I am in need of some help. I have the info below. I am in need of a explination on where this is setup and where it can be manipulated. We are discovering events and getting much chatter. We changed it to just critical but we want to know what is critical i see the numbers but more specific than that etc. i hope this makes sense coudl really use the help

Rule severity Select the severity number from the following range of rule
severity numbers:
■ Info: Events with a severity of 0-19 contain information about
normal system operation.
■ Notice: Events with a severity of 20-39 contain information
about normal system operation.
■ Warning: Events with a severity of 40-59 indicate unexpected
activity or problems that have already been handled by
Symantec Critical System Protection.
■ Major: Events with a severity of 60-79 imply more impact
than Warning and less impact than Critical.
■ Critical: Events with a severity of 80-99 indicate activity or
problems that might require administrator intervention to
correct

discussion Filed Under:
,

Comments

arikar's picture
29
Nov
2009
0 Votes 0
Login to vote
arikar
Accredited

Hi, These numbers are to be

Hi,
These numbers are to be used when creating a detection policy for example "Windows Template"
You create a new Detection policy, choose the settings that are right for you (file watch, registry watch, etc...), give it a Severity number for example 90, save and apply.
Then you can go and make an SMTP alert with a filter to show you only the Detection alerts with a critical severity, this will trigger an e-mail for that specific event.
Hope this helps.
Regards.

Stuart_Hawkins's picture
09
Dec
2009
0 Votes 0
Login to vote
Stuart_Hawkins
Symantec Employee
Accredited

You mention events creating a

You mention events creating a lot of chatter.  One option you also have is the bulk log utility.  Please see the admin guide for more detail but essentially this allows you to offload the type of events that are being sent to the CSP database and send them to flat files on the CSP managers for archiving instead.  Very useful for data that needs to be recorded but that you do not want taking up space within your database.  

You can also build custom real-time monitors (under the Monitors section) to present you with only the data you want to see.  You can specific any/multiple values for all of the major fields in the CSP database.  For example, show events where OS = Windows 2003 server, severity = critical and type = file change.  More detail is in the Admin Guide.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,054