To configure notifications on anti-virus network events
1.Select the Administration item in the main menu of the Control Center. In the window that opens, select Notifications configuration in the control menu.
2.Notifications are configured separately for each Control Center administrator. The name of the administrator whose notification settings are displayed is given in the Administrator who receives notifications field. To configure notifications for another administrator, click 
and select the administrator in the window that opens.
3.At initial setup, one default notification block (profile) is added for the main admin administrator. If the administrator notification list is empty, click Add notification in the Notification list section.
4.To enable notification sending, set the toggle button to the left of the notification block header to the corresponding position:
—notifications from this block are sent.
—notifications from this block are not sent.
5.You can create several notification blocks (profiles), for example, for different notification methods. To add one more block, click 
to the right of the notification block settings. A notification block will be added at the bottom of the page. Different notification blocks are configured independently.
6.In the Title field, specify the name of the new notification block. This name is used, for instance, when configuring the Create statistical report task in the Dr.Web Server schedule. To edit the header after the block is created, click the header and enter the new name. If you have more than one notification block, when you click the header text, a drop-down list of headers of the existing notification blocks is shown.
7.To configure notification sending, select a notification method from the Notifications send method drop-down list:
•Dr.Web Agent—send notifications via the Dr.Web Agent protocol.
•Web console—send notifications to the Web console.
•Email—send notifications via email.
•Push-notifications—send push notifications to Dr.Web Mobile Control Center. This option is available in the Notifications send method drop-down list only after Dr.Web Mobile Control Center has been connected to this Dr.Web Server.
•SNMP—send notifications via the SNMP protocol.
•Syslog—send notifications via the Syslog protocol.
Descriptions of settings for each notification type are given further in this section.
8.In the list of notifications, set the flags next to those notifications that will be sent via the notification method of the current notification block.
9.Notifications use texts from predefined notification templates.
|
A description of the predefined notifications and their parameters is given in the Appendices document, in Appendix C2. The Parameters of Notification Templates. |
To change a notification template:
a)Click 
Switch to notification editing mode in the section header.
b)Click the notification you want to edit. The notification template will open.
c)If necessary, edit the notification text. You can use template variables (in braces) in the notification text. To add variables, use the drop-down lists in the upper part of the window. When a message is generated, the system replaces the template variables with text strings as defined by the current configuration. The list of available variables is given in the Appendices document, C2. The Parameters of Notification Templates.
To restore the default template values, click 
Default template.
d)After making all necessary changes, click Exit notification editing mode in the section header.
|
For the SNMP notification method, the notification template texts are set on the receiver's side (management station in RFC 1067 terms) and thus cannot be edited via the Control Center. |
10.For notifications from the Station subsection, you can specify groups of stations on whose events notifications will be sent.
a)Click 
to the left of a notification.
b)Select groups of stations to monitor events and send corresponding notifications about in the Groups of monitored stations tree. To select several groups, use ctrl or shift.
c)After selecting all the groups you want, click Save.
11.Click Save to apply all changes.
Notifications via the Dr.Web Agent protocol
For notifications via the Dr.Web Agent protocol, specify the following parameters:
•In the Resend by Dr.Web Server section, specify the settings for notification resend attempts performed by Dr.Web Server when a message fails to send:
▫Number—number of resend attempts performed by Dr.Web Server when a message fails to send. The default is 10.
▫Time-out—period in seconds after which Dr.Web Server attempts to send the message again. The default is 300 seconds.
•Stations—list of stations and groups of stations to which notifications are sent. To edit the list, click Edit 
, select the stations and station groups you want in the tree, then click Apply.
•Send test message—send a test message using the specified settings of the notification system.
Notifications displayed in the Web console
For notifications displayed in the Web console, specify the following parameters:
•In the Resend by Dr.Web Server section, specify the settings for notification resend attempts performed by Dr.Web Server when a message fails to send:
▫Number—number of resend attempts performed by Dr.Web Server when a message fails to send. The default is 10.
▫Time-out—period in seconds after which Dr.Web Server attempts to send the message again. The default is 300 seconds.
•Notification storing time—time period for storing a notification starting from the moment it is received. The default is 1 day. After the specified period the notification is marked as outdated and deleted according to the Purge outdated messages task in the Dr.Web Server schedule settings.
You can specify an unlimited storage period for notifications of this type in the Web Console Notifications section.
•Send test message—send a test message using the specified settings of the notification system.
For email notifications, specify the following parameters:
•In the Resend by Dr.Web Server section, specify the settings for notification resend attempts performed by Dr.Web Server when a message fails to send:
▫Number—number of resend attempts performed by Dr.Web Server when a message fails to send. The default is 10.
▫Time-out—period in seconds after which Dr.Web Server attempts to send the message again. The default is 300 seconds.
•Recipient email addresses—email addresses of notification recipients, one email address of a recipient per each field. To add one more recipient field, click . To remove the field, click 
.
|
Parameters of email sending are configured in the Administration menu, in the Dr.Web Server Configuration section → Network tab → Email internal tab. |
•Send test message—send a test message using the specified settings of the notification system.
You can also add custom headers in the Headers additional section of the template editor (see 9a above) for each email notification. Such headers may be used, for instance, in setting up email filters. Headers must be formed according to the RFC 822 and RFC 2822 standards and must not coincide with fields defined in the email standards. Particularly, the RFC 822 standard guarantees that its specification does not contain headers that start with X-; thus it is recommended to use the following naming format: Х-<header-name>. For example: X-Template-Language: English.
To add or edit a header of a specific notification
1.Click Switch to notification editing mode in the section header.
2.Select Email from the Notifications send method drop-down list.
3.Click the notification you want to edit. The notification template will open.
4.Enter one or several headers in the X-<name>: <value> format in the Headers filed. You can use the template variables (in braces) provided in the drop-down lists in the upper part of the window in the header values. Headers must be separated by an empty line.
5.Click Save.
6.Click 
to close the template editor.
7.After making all necessary changes, click Exit notification editing mode in the section header.
8.Click Save to apply all changes.
You can also specify common headers for email notifications.
|
Common headers are added to all notifications sent via email. Once you add a common header, it is treated as a regular custom header, thus common headers cannot be mass edited separately from others. To edit or delete common headers, you must follow the general procedure for custom headers and edit each individual notification template. |
To add a common header
1.Click Edit common headers in any email notification block.
2.Enter one or several headers in the X-<name>: <value> format in the Common headers for all templates window that opens. You can use the template variables (in braces) provided in the drop-down lists in the upper part of the window in the header values. Headers must be separated by an empty line.
3.Click Add. If the operation is successful, the text you entered disappears from the text field.
4.Click to close the template editor.
5.Click Save to apply all changes.
Example:
•Notification A has a custom header X-Header-A: A.
•Notification B has a custom header X-Header-B: B.
Once you add a common header X-Header-C: C:
•Notification A will have headers X-Header-A: A, X-Header-C: C.
•Notification B will have headers X-Header-B: B, X-Header-C: C.
To delete header X-Header-C: C from all notification templates, you must edit the templates of notifications A and B separately (see 9a above).
To remove or replace all custom headers of all notifications
1.Click Edit common headers in any email notification block.
2.Enter one or several headers in the X-<name>: <value> format in the Common headers for all templates window that opens. The new headers will replace all previously specified headers for all email notifications. You can use the template variables (in braces) provided in the drop-down lists in the upper part of the window in the header values. Headers must be separated by an empty line.
To remove all previously specified headers, leave the field empty.
3.Click Replace. If the operation is successful, the text you entered disappears from the text field.
4.Click to close the template editor.
5.Click Save to apply all changes.
Example:
•Notification A has headers X-Header-A: A, X-Header-C: C.
•Notification B has headers X-Header-B: B, X-Header-C: C.
If you enter X-Header-D: D in the text field and click Replace:
•Notification A will have the header X-Header-D: D. The old headers will be deleted.
•Notification B will have the header X-Header-D: D. The old headers will be deleted.
If you leave the text field empty and click Replace:
•All notification A headers will be deleted.
•All notification B headers will be deleted.
For push notifications sent to the Mobile Control Center, specify the following parameters:
•In the Resend by Dr.Web Server section, specify the settings for notification resend attempts performed by Dr.Web Server when a message fails to send:
▫Number—number of resend attempts performed by Dr.Web Server when a message fails to send. The default is 10.
▫Time-out—period in seconds after which Dr.Web Server attempts to send the message again. The default is 300 seconds.
•Send test message—send a test message using the specified settings of the notification system.
Notifications via the SNMP protocol
For notifications via the SNMP protocol, specify the following parameters:
•In the Resend by Dr.Web Server section, specify the settings for notification resend attempts performed by Dr.Web Server when a message fails to send:
▫Number—number of resend attempts performed by Dr.Web Server when a message fails to send. The default is 10.
▫Time-out—period in seconds after which Dr.Web Server attempts to send the message again. The default is 300 seconds.
•In the Resend by SNMP subsystem section, pecify the settings for notification resend attempts performed by the SNMP subsystem when a message fails to send:
▫Number—number of resend attempts performed by the SNMP subsystem when a message fails to send. The default is 5.
▫Time-out—period in seconds after which the SNMP subsystem attempts to send the message again. The default is 5 seconds.
•Receiver—entity that receives SNMP requests. IP address or DNS name. You can enter only one receiver per field. To add another receiver field, click . To remove a field, click .
•Sender—entity that sends SNMP requests. IP address or DNS name (recognizable by the DNS server). An empty value is used by default.
•Community—SNMP community or context. The default is public.
•Send test message—send a test message using the specified settings of the notification system.
|
You can use the MIB provided with Dr.Web Server to get descriptions of OIDs during SNMP trap parsing. The DRWEB-ESUITE-NOTIFICATIONS-MIB.txt and DRWEB-MIB.txt files are located in the etc subfolder of the Dr.Web Server installation folder. |
Notifications via the Syslog protocol
For notifications via the Syslog protocol, specify the following parameters:
•In the Resend by Dr.Web Server section, specify the settings for notification resend attempts performed by Dr.Web Server when a message fails to send:
▫Number—number of resend attempts performed by Dr.Web Server when a message fails to send. The default is 10.
▫Time-out—period in seconds after which Dr.Web Server attempts to send the message again. The default is 300 seconds.
•Receiver—address of the Syslog notification receiver. The transfer protocol is TCP or UDP. The default protocol is UDP, port 514.
•Format—notification format: RFC 5424 or CEF (Common Event Format). The default is RFC 5424.
•Receiver connection time-out (sec.)—period in seconds during which Dr.Web Server attempts to connect to the notification receiver via TCP. The default is 5 seconds.
•Facility—represents the process which created a message (kernel, mail system, etc.). The value must be between 0 and 23. The default is 14.
•Sender—Dr.Web Server ID (FQDN, host name, IP address). The default value is empty.
•Send test message—send a test notification based on the specified settings.