Alerts
You can define alerts to automatically notify you of significant incidents, events or problems when they occur. Real-time alerting simplifies event monitoring and log management and helps you response faster and more efficiently to security incidents and policy violations.
DeviceLock supports the following types of alerts:
•Alerts that are generated when a specific user attempts to access a specific device type or a protocol.
•Alerts that are generated when a specific Content-Aware Rule fires.
•Alerts that are generated when a specific firewall rule fires.
•Administrative alerts. Some examples of administrative alerts include “Notify if Service settings are changed”; “Notify if Service settings are corrupted” and many others.
Alerts can be sent to their intended recipients through e-mail or SNMP traps. Also, alerts can be sent to a syslog server.
Before DeviceLock can send alert notifications, you should do the following:
•Decide how to be notified when alert conditions occur: through SNMP traps, e-mail, or syslog.
•To be notified through SNMP traps, configure DeviceLock Service for SNMP support and specify the SNMP server to send traps to (see
Alerts Settings: SNMP).
Note: This manual assumes a basic understanding of the Simple Network Management Protocol (SNMP) and related network management concepts. |
•To be notified through e-mail, configure e-mail notifications by specifying SMTP Server and e‑mail notification settings and defining the e-mail templates (see
Alerts Settings: SMTP).
•To be notified through syslog, configure DeviceLock Service for syslog and specify the syslog server to send alerts to (see
Alerts Settings: Syslog).
Note: This manual assumes a basic understanding of syslog and related message logging concepts. |
•Configure alert delivery failure parameters such as the delivery retry count, delivery retry interval, and the amount of time an undelivered notification is kept in the queue for delivery (see
Alerts Settings: Delivery retry parameters).