Alert Management

  • Article

 

Applies to: Forefront Server Security Management Console

The Forefront Server Security Management Console (FSSMC) can be configured to provide alerts about a variety of events on the managed servers.

Administrators can be notified about:

  • Virus Alerts   Possible virus outbreaks.
  • Spam Alerts   Possible spam outbreaks or attacks.
  • Filter Alerts   Unusually high or low content filtering activity (based on message counts).
  • File Filter Alerts   Unusually high or low file filtering activity (based on file attachment counts).
  • Signature Update Alerts   Success or failure of signature file updates.

Configuring Alerts

All alerts (other than a Signature Update Alert, which is discussed separately), are configured similarly. Note that the Virus Alert report will be used as an example.

To configure an alert

  1. Click Alerts in the Alert Management section of the Navigation Area. The Manage Alerts work pane appears.

  2. Select a server or server group for which you would like to configure the alert.

  3. Click one of the Alert types: Virus Alerts, Spam Alerts, Filter Alerts, or File Filter Alerts. (For information about the Signature Update alert, see Signature Update Alert.) The Update Alerts work pane appears.

  4. Complete the following information:

    Enable Alerts

    Choose the events that will trigger a notification. You can configure the FSSMC to alert you if no viruses are detected during a specified period (a number of minutes), or if the number of viruses detected surpasses a certain threshold during a specified period. This includes a number of minutes, a level of detection, and the unit of detection (either number or percent). Thus, you can trigger an alert if there are more than 100 detected incidents within a 30-minute period or if the detections exceed 40 percent of the scanned items in 10 minutes.

    Outbreak Settings

    This setting is used to notify the administrator when a virus outbreak has ended. Enter the number of minutes during which the virus detection rate must be below the alert threshold (as set in Enable Alerts), after an alert has been triggered, to consider the outbreak over.

    E-mail Notification

    Enter the e-mail addresses of administrators and others who should receive the Virus Alert notifications. Type an address in the E-mail Notification field and click Add to have the address appear in the Destination e-mail addresses section. You may enter multiple addresses, one at a time. After addresses have been added to the Destination e-mail addresses section, each has associated Edit, Delete, and Test buttons. If you modify the address, the Edit button changes to Update. Click Update to save your change. There is no confirmation when you click Delete.

    SNMP Notification

    If you want to send SNMP Traps, enter the names of servers that should receive the notifications. Click Add to have the address added to the Recipient Servers list. You may enter multiple recipients, one at a time. After recipients have been added to the Recipient Servers section, each has associated Edit, Delete, and Test buttons. If you modify the address, the Edit button changes to Update. Click Update to save your change. There is no confirmation when you click Delete.

  5. Click Save to finish.

Signature Update Alert

The Signature Update alert informs administrators about the success or failure of an engine signature update.

To configure the Signature Update alert

  1. Click Alerts in the Alert Management section of the Navigation Area. The Manage Alerts work pane appears.

  2. Select the server or server group for which you would like to configure the alert.

  3. Click the Signature Update Alerts button on the Alerts work pane. The Configure Signature Update Alerts work pane appears.

  4. Complete the following information:

    Enable Alerts

    Indicate whether to send an alert upon the success of a signature update, its failure, or both.

    E-mail Notification

    Enter the e-mail addresses of administrators and others who should receive the Signature Update Alert notifications Type an address in the E-mail Notification field and click Add to have the address appear in the Destination e-mail addresses section. You may enter multiple addresses, one at a time. After addresses have been added to the Destination e-mail addresses section, each has associated Edit, Delete, and Test buttons. If you modify the address, the Edit button changes to Update. Click Update to save your change. There is no confirmation when you click Delete.

    SNMP Notification

    If you want to send SNMP Traps, enter the names of servers that should receive the notifications. Click Add to have the address added to the Recipient Servers list. You may enter multiple recipients, one at a time. After recipients have been added to the Recipient Servers section, each has associated Edit, Delete, and Test buttons. If you modify the address, the Edit button changes to Update. Click Update to save your change. There is no confirmation when you click Delete.

  5. Click Save to finish.