|
The system of alerts for events connected with the anti-virus network components operation, the following types of messages sens are used:
•email notifications,
•notifications via the Web Console,
•notifications via SNMP,
•notifications via the Agent protocol,
•push notifications,
•notifications via the Syslog protocol.
Depending on the notification sens method, the sets of parameters in the key → value format are required. For each method, the following parameters are set:
General parameters
Parameter
|
Description
|
Default value
|
Obligatory
|
TO
|
The set of notification receivers separated by the | sign
|
|
yes
|
ENABLED
|
Enable or disable notification send
|
true or false
|
yes
|
_TIME_TO_LIVE
|
The number of notification resend attempts in case of fail
|
10 attempts
|
no
|
_TRY_PERIOD
|
Period in seconds between notification resend attempts
|
5 min., (send not often than ones in 5 min.)
|
no
|
The tables with parameter lists for different notification send types are given below.
Email notifications
Parameter
|
Description
|
Default value
|
FROM
|
Address of the sender email
|
drwcsd@${host name}
|
TO
|
Address of the receiver email
|
-
|
HOST
|
SMTP server address
|
127.0.0.1
|
PORT
|
SMTP server port number
|
•25, if the SSL parameter is no
•465, if the SSL parameter is yes |
USER
|
SMTP server user
|
""
is specified, at least one authorization method must be enabled, otherwise the mail will not be sent.
|
PASS
|
password of SMTP server user
|
""
|
STARTTLS
|
Encrypt data transfer. At this, switching to secured connection is performed by using the STARTTLS command. The 25 port is used by default for the connection.
|
yes
|
SSL
|
Encrypt data transfer. At this, a new secured TLS connection is established. The 465 port is used by default for the connection.
|
no
|
AUTH-CRAM-MD5
|
use the CRAM-MD5 authentication
|
no
|
AUTH-PLAIN
|
use the PLAIN authentication
|
no
|
AUTH-LOGIN
|
use the LOGIN authentication
|
no
|
AUTH-NTLM
|
use the NTLM authentication
|
no
|
SSL-VERIFYCERT
|
Validate the server SSL certificate
|
no
|
DEBUG
|
Enable debug mode, e.g., to resolve the problem when authorization failed
|
-
|
Notifications via Web console
Parameter
|
Description
|
Default value
|
TO
|
UUID of administrators, to which this notification will be send
|
-
|
SHOW_PERIOD
|
Time to store the message in seconds starting from the moment of receiving
|
86400 seconds, i.e. one day.
|
Notifications via SNMP
Parameter
|
Description
|
Default value
|
TO
|
SNMP receiving entity, e.g., IP address
|
-
|
DOMAIN
|
Domain
|
•localhost for Windows OS,
•""—for Unix-like OS. |
COMMUNITY
|
SNMP community or the context
|
public
|
RETRIES
|
The number of notification resend attempts that the API performed
|
5 attempts
|
TIMEOUT
|
Time in seconds after which the API performs the notification resend attempt
|
5 seconds
|
Notifications via the Agent protocol
Parameter
|
Description
|
Default value
|
TO
|
UUID of receiving stations
|
-
|
SHOW_PERIOD
|
Time to store the message in seconds starting from the moment of receiving
|
86400 seconds, i.e. one day.
|
Push notifications
Parameter
|
Description
|
Default value
|
TO
|
Devices tokens which applications are get after registration on the vendor server, e.g. Apple
|
-
|
SERVER_URL
|
URL relay of the server, used to send notification to the vendor server
|
-
|
Notifications via the Syslog protocol
Parameter
|
Description
|
Default value
|
TO
|
Address of the Syslog notification receiver. The transfer protocol is TCP or UDP.
|
UDP, port 514
|
FORMAT
|
Notification format: RFC 5424 or CEF (Common Event Format).
|
RFC 5424
|
TIMEOUT
|
Period in seconds during which Dr.Web Server attempts to connect to the notification receiver via TCP.
|
5 sec.
|
FACILITY
|
The process which created a message (kernel, mail system, etc.). The value must be between 0 and 23.
|
14
|
HOSTNAME
|
Sender. Dr.Web Server ID (FQDN, host name, IP address).
|
-
|
|