C1. The Description of the Notification System Parameters

The system of alerts for events connected with the anti-virus network components operation, the following types of messages sens are used:

email notifications,

notifications via the Web Console,

notifications via SNMP,

notifications via the Agent protocol,

push notifications,

notifications via the Syslog protocol.

Depending on the notification sens method, the sets of parameters in the key → value format are required. For each method, the following parameters are set:

General parameters

Parameter

Description

Default value

Obligatory

TO

The set of notification receivers separated by the | sign

 

yes

ENABLED

Enable or disable notification send

true or false

yes

_TIME_TO_LIVE

The number of notification resend attempts in case of fail

10 attempts

no

_TRY_PERIOD

Period in seconds between notification resend attempts

5 min., (send not often than ones in 5 min.)

no

The tables with parameter lists for different notification send types are given below.

Email notifications

Parameter

Description

Default value

FROM

Address of the sender email

drwcsd@${host name}

TO

Address of the receiver email

-

HOST

SMTP server address

127.0.0.1

PORT

SMTP server port number

25, if the SSL parameter is no

465, if the SSL parameter is yes

USER

SMTP server user

""

is specified, at least one authorization method must be enabled, otherwise the mail will not be sent.

PASS

password of SMTP server user

""

STARTTLS

Encrypt data transfer. At this, switching to secured connection is performed by using the STARTTLS command. The 25 port is used by default for the connection.

yes

SSL

Encrypt data transfer. At this, a new secured TLS connection is established. The 465 port is used by default for the connection.

no

AUTH-CRAM-MD5

use the CRAM-MD5 authentication

no

AUTH-PLAIN

use the PLAIN authentication

no

AUTH-LOGIN

use the LOGIN authentication

no

AUTH-NTLM

use the NTLM authentication

no

SSL-VERIFYCERT

Validate the server SSL certificate

no

DEBUG

Enable debug mode, e.g., to resolve the problem when authorization failed

-

Notifications via Web console

Parameter

Description

Default value

TO

UUID of administrators, to which this notification will be send

-

SHOW_PERIOD

Time to store the message in seconds starting from the moment of receiving

86400 seconds, i.e. one day.

Notifications via SNMP

Parameter

Description

Default value

TO

SNMP receiving entity, e.g., IP address

-

DOMAIN

Domain

localhost for Windows OS,

""—for Unix-like OS.

COMMUNITY

SNMP community or the context

public

RETRIES

The number of notification resend attempts that the API performed

5 attempts

TIMEOUT

Time in seconds after which the API performs the notification resend attempt

5 seconds

Notifications via the Agent protocol

Parameter

Description

Default value

TO

UUID of receiving stations

-

SHOW_PERIOD

Time to store the message in seconds starting from the moment of receiving

86400 seconds, i.e. one day.

Push notifications

Parameter

Description

Default value

TO

Devices tokens which applications are get after registration on the vendor server, e.g. Apple

-

SERVER_URL

URL relay of the server, used to send notification to the vendor server

-

Notifications via the Syslog protocol

Parameter

Description

Default value

TO

Address of the Syslog notification receiver. The transfer protocol is TCP or UDP.

UDP, port 514

FORMAT

Notification format: RFC 5424 or CEF (Common Event Format).

RFC 5424

TIMEOUT

Period in seconds during which Dr.Web Server attempts to connect to the notification receiver via TCP.

5 sec.

FACILITY

The process which created a message (kernel, mail system, etc.). The value must be between 0 and 23.

14

HOSTNAME

Sender. Dr.Web Server ID (FQDN, host name, IP address).

-