Applies to Product: | USM Appliance™ | LevelBlue OSSIM® |
LevelBlue USM Appliance uses the Message Center to centralize all in-system errors, warnings, and messages. They also include external messages sent by LevelBlue about product releases and feed updates. You can only access the Message Center through the web UI. All messages are displayed in the timezone configured for the user, but there are stored in the database as UTC (Universal Time Coordinated). You may see both displayed in some messages, as shown in the image below.
To view messages in the Message Center
-
Click the message icon () in the header menu.
The envelope icon shows the number of unread messages. If the number exceeds 99 messages, the icon displays 99+.
If a new message arrives while you are on the Message Center page, USM Appliance displays an alert.
These are the types of messages you might see in the Message Center.
Message Type | Description | Examples |
---|---|---|
LevelBlue | Messages from LevelBlue. | Plugins Feed Update - 2015-11-24 |
Deployment | System-generated messages regarding your USM Appliance instance. | Configured DNS is external (172.16.100.1) |
Information | Miscellaneous messages regarding your USM Appliance instance. | Become an LevelBlue Certified Security Engineer |
Update | System-generated messages regarding updates. | New Update: LevelBlue 5.2 has been released |
All messages are sorted by priority in the system.
Message Priority | Description | Examples |
---|---|---|
Info |
These messages provide useful information to the user. |
|
Warning |
These messages specify that something in the environment has changed, and that USM Appliance is no longer functioning as it was configured. Warnings are also generated as precursors to Errors when USM Appliance detects a situation that could potentially disrupt normal operation if allowed to continue. |
|
Error |
These messages concern something in USM Appliance that is no longer working or will stop working in a short period of time. These issues should be resolved as soon as possible to prevent service disruption. |
|
Search and Filter Messages
A search box in the upper left-hand corner of the Message Center lets you search all message content.
The message filters that appear beneath the search box allow you to focus on a subset of messages. See table below for description on what each filter means.
Filters |
Description |
---|---|
Unread (n) All Messages (n) |
Use this filter to show messages that have not been read or all messages. The table of messages displays the unread messages in bold until the user clicks on them. The number between parentheses indicates the number of messages for each option. |
Message Type |
Use this filter to choose which message type to display. See Message Types for more information. The number next to each filter indicates the number of messages for each type. These numbers correspond to the first filter option that you choose. For example, if Unread is selected, and you choose Deployment under Message Type, the number in parentheses shows unread messages for Deployment. |
Priority |
Use this filter to choose which message priority to display. See Message Priorities for more information. The number next to each filter indicates the number of messages for each priority. These numbers correspond to the first filter option that you choose. For example, if All Messages is selected, and you choose Warning under Priority, the number in parentheses shows all warning messages. |
Note: You can select several filters at the same time by clicking the checkbox next to each filter. The table of messages displays the messages that match the checkbox(es) selected.
View a Message
Messages are displayed in a table format. By default, this table is sorted by date, from the newest to the oldest. All columns, except for the Actions column, can be sorted in ascending () or descending () order by clicking the () icon. The triangle icon indicates which column is being sorted currently.
Each line in this table corresponds to a message.
Messages can come from the following sources
- External server — These messages are sent from LevelBlue. Every hour the system checks if there are new messages. The server hosting the message is messages.alienvault.com, which uses port 443. The external server signs all messages and USM Appliance checks the signature to verify the authenticity.
-
System status — These messages correspond to the operation of USM Appliance in real time. For this reason, they update frequently.
They consist of the following status types:
- Backup task in progress.
- One or more plugin configuration files have been deleted.
- Unable to analyze all network traffic.
-
User Activity — These messages correspond to user activities within USM Appliance. For example, when a user executes a backup on Configuration > Administration > Backups, and the backup ends with an error, this will generate a message.
To view the entire message
-
Click the message line in the table.
The message details appear below the table, as shown in the previous illustration.
Delete a Message
In version 5.2 and earlier, only USM Appliance admin users can delete messages in Message Center. Starting from version 5.3, a normal user can delete a message after the admin user has granted him the Message Center - > Delete Messages permission in a template. For instructions on how to use a template, see Control User Authorization with Templates.
To delete a message
-
Select one or more messages and click Actions > Delete.
A confirmation message displays, asking you to confirm.
Important: Deleting a message deletes it from the system. There is no way to recover the message.