Symantec 11281411 Administration Guide - Page 62
How Alert Management System works
UPC - 037648327237
View all Symantec 11281411 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 62 highlights
62 Setting up the Alert Management System How Alert Management System works ■ Send an SNMP trap ■ Load an NLM Note: Alerts generated through SNMP traps can be sent to any third-party SNMP management console. To receive SNMP traps from Symantec AntiVirus, you must have the Symantec System Center and AMS2 installed. (Only a primary server will run AMS2. You must use the Symantec System Center to designate the primary server.) See "Configuring the Send SNMP Trap alert action" on page 74. How Alert Management System works AMS2 alerts are transferred from Symantec AntiVirus into AMS2 through the Symantec AntiVirus service. On a computer running the Symantec AntiVirus client, the Symantec AntiVirus service waits for an event thread that requires an alert. These threads can be generated by the following events: ■ Configuration change ■ Default Alert ■ Symantec AntiVirus startup/shutdown ■ Scan Start/Stop ■ Virus Definitions File Update ■ Threat Found If you have configured an alert for any of these events, when the event occurs it will generate a thread. The thread prompts the Symantec AntiVirus service to create a threat information block, which it forwards to the client's parent server. When the parent server receives the threat information block, it enters it into its AMS2 log. The threat information is then forwarded to the primary server, which makes a call to AMS2. AMS2 enters the information into the AMS2 database and acts on it. The action taken depends upon how you have the alert configured. Communication in AMS2 is carried out through CBA, which is part of the Intel Communication Method.