Setting up alert and notification messages

Network administrators as well as users on computers being scanned can be notified about certain events. Two kinds of notification are available:

•Alerts are SNMP traps, syslog messages or email messages that the DeviceLock Discovery Agent generates to help administrators keep track of the scanning process and be notified immediately if certain types of content are discovered.

•Notifications are system messages displayed to the current users on the computers being scanned, in a pop-up window next to the system clock in the taskbar. Notifications appear when the DeviceLock Discovery Agent detects content matches with discovery rules that are in effect.

Note: DeviceLock displays user notifications when scanning with the Discovery Agent only. In the case of agentless scanning, user notifications are not displayed.

In Discovery Server Options, the contents of alert and notification messages can be configured by using the respective options.

1. Double-click the E-Mail Message for Alerts item in the Discovery Server Options node.

Right-click the E-mail Message for Alerts item in the Discovery Server Options node, and select Properties from the shortcut menu.

2. In the E-mail Message for Alerts dialog box, edit the template of the e-mail message, and click OK.

•Message subject - The text used in the Subject line of the e-mail message. The default message subject is “DeviceLock Discovery Alert”.

•Message body - The text used in the body of the e-mail message. DeviceLock can send either the plain text body or an HTML version of the message body. The message body includes a static text and macros. The default static text in the message body is “The following event has occurred”.

You can use the following predefined macros in the Subject line and/or the body of the e-mail message:

•%EVENT_TYPE% - The class of event: either Success if the action was successfully applied to the discovered content, or Failure if the action could not be applied.

•%COMP_NAME% - The name of the computer on which the file was discovered.

•%COMP_FQDN% - The fully-qualified domain name of the computer on which the file was discovered.

•%COMP_IP% - A comma-separated list of all network addresses (IPs) associated with the computer.

•%DATE_TIME% - The date and time that the discovery event occurred. The date and time are displayed based on the client computer’s regional and language settings.

•%NAME% - The name of the file to which the action was applied.

•%REASON% - The cause of the event (the name of the rule that was triggered by the file).

•%SUMMARY_TABLE% - A table detailing and visualizing individual events for consolidated alerts.

These macros are replaced with their actual values at the message generation time.

3. Select the Text or HTML email format by using the Message format option.

4. If needed, restore the default template by clicking Restore Defaults, or load a template from a file by clicking the Load button.

A template can be loaded from a tab-delimited text file containing plain text or HTML.

1. Double-click on the Syslog Message for Alerts item in the Discovery Server Options node.

Right-click the Syslog Message for Alerts item in the Discovery Server Options node, and select Properties from the shortcut menu.

2. In the Syslog Message for Alerts dialog box, edit the template of the message, and click OK.

•Message body - The text used in the body of the message. The message body includes a static text and macros. The default static text in the message body is “The following event has occurred”.

You can use the following predefined macros in the body of the syslog message:

•%EVENT_TYPE% - The class of event: either Success if the action was successfully applied to the discovered content, or Failure if the action could not be applied.

•%COMP_NAME% - The name of the computer on which the file was discovered.

•%COMP_FQDN% - The fully-qualified domain name of the computer on which the file was discovered.

•%COMP_IP% - A comma-separated list of all network addresses (IPs) associated with the computer.

•%DATE_TIME% - The date and time when the discovery event occurred. The date and time are displayed based on the client computer’s regional and language settings.

•%NAME% - The name of the file to which the action was applied.

•%REASON% - The cause of the event (the name of the rule that was triggered by the file).

•%SUMMARY_TABLE% - A table detailing and visualizing individual events for consolidated alerts.

These macros are replaced with their actual values at the message generation time.

3. Select the message severity level using Level drop-down menu.

4. If needed, restore the default template by clicking Restore Defaults, or load a template from a file by clicking the Load button.

A template can be loaded from a tab-delimited text file containing plain text.

1. Double-click the Discovery notification message item in the Discovery Server Options node.

2. In the Discovery notification message dialog box, specify the Caption and Text of the notification message. This message pops up in the system notification area of a computer being scanned, and is visible to all users who are currently logged on to that computer.

Along with static text, you can use the following predefined macros in the text of the notification message:

•%DATA% - The name of the file that triggered the message.

•%ACTION_TAKEN% - The name of the action(s) applied to that file.

Note: Notification messages are not displayed in case of agentless scanning. In case of scanning a terminal server, notification messages are displayed to all users connected to the terminal server.