Chapter 5 Configuring Alerts
Applies to: Forefront Server Security Management Console
Microsoft Forefront Server Security Management Console (FSSMC) provides five different types of alerts to monitor the managed servers in an enterprise. These tools can help administrators track when virus or spam activity exceed certain thresholds and look for statistical anomalies that may indicate a problem.
| Alert | Notifies administrators about… |
|---|---|
Virus Alerts |
Possible virus outbreaks |
Spam Alerts |
Possible spam outbreaks or attacks |
Filter Alerts |
Unusually high or low content filtering activity (based on message counts) |
File Filter Alerts |
Unusually high or low file filtering activity (based on file attachment counts) |
Signature Update Alerts |
Success or failure of scan engine signature file updates |
In this chapter
Configure an Alert
Configure a Signature Update Alert
Configure an Alert
Follow these instructions to configure a virus, spam, filter, or file filter alert. We’ll use the Spam Alert as an example.
To configure an alert
Under Alert Management at screen left, click Alerts.
In the Manage Alerts work pane, select a server or server group for which you would like to configure the alert.
.gif "c8c3c194-34b2-4f94-a6d3-ff6dd9ba3a2d")
Click to select the alert from the four options above the Alert Configurations list. (To configure a Signature Update Alert, see below).
In this example, we’ll choose Spam Alerts.
In the Enable Alerts section of the Configure Alerts work pane, specify the conditions under which Forefront Server Security Management Console will send an alert.
- If you want to be notified if no viruses are detected within a specific period, check Send notification if no detections have been reported… and set the Suspected malfunction time—60 minutes in our example (and the default).
- If you want to be notified when the number of viruses detected surpasses a certain threshold during a specified period:
Check Send notification if the number of detections reported….
Set the number of minutes (Detection Period), the number of detections in that time frame (Detection Level), and the Detection Units (either number or percent).
In the example shown on the next page, you’d trigger an alert if there were more than 30 detected incidents within a 60-minute period. (You could also set it to trigger an alert if the detections exceed a certain percent of the scanned items in the number of minutes you specify.)
.gif "67b8ad1b-e5d9-4ff5-a2fa-b53b36827923")
In the Outbreak Settings section, type the number of minutes that the virus detection rate must remain below alert conditions (as set in Step 4) in order to consider the outbreak over.
This allows Forefront Server Security Management Console to notify the administrator when a virus outbreak has ended.
.gif "2a03185e-9254-4239-a7e8-1996fbf16d6b")
In the E-mail Notification section, type the e-mail address of the person who should receive alerts, and then click Add.
Enter as many addresses as you want, one at a time. Use the Test button to make sure the address is correct.
.gif "46f5be65-b83d-43cc-a9f4-de1e08272af6")
If you want to send SNMP Traps, in the SNMP Notification section type the names of servers that should receive notification, and then click Add to add them to the Recipient Servers list.
Enter as many server names as you want, one at a time. Use the Test button to make sure the address is correct.
.gif "eff2d28f-9834-477b-bd46-e6903981300d")
Click Save to finish.
Configure a Signature Update Alert
This alert is used to inform administrators of the success or failure of a scan engine signature update.
To configure a signature update alert
Under Alert Management at screen left, click Alerts.
In the Manage Alerts work pane, select a server or server group for which you would like to configure the Alert.
.gif "49488394-1295-4547-8465-440712c9a64f")
Click to select Signature Update from the options above the Alert Configurations list.
In the Enable Alerts section of the Configure Signature Update Alerts work pane, check whether Forefront Server Security Management Console should send an alert when a signature update succeeds or fails (or both).
.gif "145c9dff-9c4a-40b4-b79a-d586e360e940")
In the E-mail Notification section, type the e-mail address of the person who should receive alerts, and then click Add.
Enter as many addresses as you want, one at a time. Use the Test button to make sure the address is correct.
.gif "0eef02f7-361e-4649-84f1-8a91b963f84f")
If you want to send SNMP Traps, in the SNMP Notification section type the names of servers that should receive notification, and then click Add to add them to the Recipient Servers list.
Enter as many server names as you want, one at a time. Use the Test button to make sure the address is correct.
.gif "9cf695a2-8cc5-4571-ba8d-9b6d63327a74")
Click Save to finish.