Use this Knowledge Script to monitor the following security violations:
Barrier code violations
Calls that generated authorization code violations
Calls that generated station security code violations
NOTE:If you bypass SNMP to discover a call manager, this script is not available.
Barrier codes and authorization codes provide a level of security for remote call access to such telephony components as PBXs, switch features, and trunks. Station security codes enable the Personal Station Access feature and the Extended User Administration of Redirected Calls feature.
This script raises an event if a threshold is exceeded. In addition, this script generates data streams for monitored violations.
AvayaCM Active SPE object
By default, this script runs every 5 minutes.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
General Settings |
|
|
Job Failure Notification |
|
|
Event severity when job fails |
Set the event severity level, from 1 to 40, to indicate the importance of the failure of the SecurityViolations job. The default is 5. |
|
Select port type to monitor |
Select the type of login port you want to monitor for security violations. Choose from the following:
|
|
Enable use of SNMP GETBulk operations? |
By default, this parameter is enabled, allowing the SecurityViolations Knowledge Script job to use GETNext and GETBulk SNMP requests to access Communication Manager MIBs. Disable this parameter to allow the script to use only GETNext requests. Not all MIB tables are extensive enough to need a GETBulk request. A GETBulk request is faster, but more CPU-intensive than GETNext. |
|
Number of rows to request for each GETBulk operation |
Specify the number of rows from the MIB table to return in a GETBulk request. The default is 10 rows. The number of rows determines how quickly MIB data is returned. If CPU usage is too high, you can reduce the number of rows per GETBulk or disable the Enable use of SNMP GETBulk requests? parameter. |
|
Interval to pause between GETBulk operations |
Specify the number of milliseconds to wait between GETBulk requests. The default is 100 milliseconds. The length of delay can help with managing CPU usage and speed of SNMP requests. For example, a one-row GETBulk with a 100-millisecond delay between requests executes more slowly and uses less CPU than a GETNext request. |
|
Monitor Violations for Barrier Codes |
|
|
Event Notification |
|
|
Raise event if number of violations for barrier codes exceeds threshold? |
Select Yes to raise an event if the number of security violations for barrier codes exceeds the threshold you set. The default is Yes. |
|
Threshold - Maximum violations for barrier codes |
Specify the highest number of security violations for barrier codes that can occur before an event is raised. The default is 0 violations. |
|
Event severity when number of violations for barrier codes exceeds threshold |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which the number of security violations for barrier codes exceeds the threshold. The default is 15. |
|
Data Collection |
|
|
Collect data for number of violations for barrier codes? |
Select Yes to collect data for charts and reports. If enabled, data collection returns the number of security violations for barrier codes that occurred during the monitoring period. The default is unselected. |
|
Monitor Violations for Authorization Codes |
|
|
Event Notification |
|
|
Raise event if number of calls that generated authorization code violations exceeds threshold? |
Select Yes to raise an event if the number of calls that generated authorization code violations exceeds the threshold you set. The default is Yes. |
|
Threshold - Maximum number of calls that generated authorization code violations |
Specify the highest number of calls that can generate authorization code violations before an event is raised. The default is 0 calls. |
|
Event severity when the number of calls that generated authorization code violations exceeds threshold |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which the number of calls that generated authorization code violations exceeds the threshold. The default is 15. |
|
Data Collection |
|
|
Collect data for the number of calls that generated authorization code violations? |
Select Yes to collect data for charts and reports. If enabled, data collection returns the number of that generated authorization code violations during the monitoring period. The default is unselected. |
|
Monitor Station Violations |
|
|
Event Notification |
|
|
Raise event if the number of calls that generated station violations exceeds threshold? |
Select Yes to raise an event if the number of calls that generated station violations exceeds the threshold you set. The default is Yes. |
|
Threshold - Maximum number of calls that generated station violations |
Specify the highest number of calls that can generate station violations before an event is raised. The default is 0 calls. |
|
Event severity when the number of calls that generated station violations exceeds threshold |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which the number of calls that generated station violations exceeds the threshold. The default is 15. |
|
Data Collection |
|
|
Collect data for the number of calls that generated station violations? |
Select Yes to collect data for charts and reports. If enabled, data collection returns the number of calls that generated station violations during the monitoring period. The default is unselected. |