Alert settings Page
Use this page to configure additional alerts or change the default settings of predefined alerts.
Navigation: Reports > Alerts > Alert settings.
| Alerts | |
|---|---|
| Enabled | Turns on alerts. |
| Bandwidth Monitor | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Direction | Indicates if the alert is monitoring the bandwidth of Incoming or Outgoing traffic. | ||||||||||
| Traffic For |
What traffic type that you want to monitor bandwidth for:
|
||||||||||
| Time period | The time period to monitor bandwidth for. | ||||||||||
| Exceeding bandwidth |
The bandwidth at which the Smoothwall Filter and Firewall sends an alert.
Note: The Smoothwall Filter and Firewall calculates the bandwidth used to two decimal places. |
||||||||||
| Mark | Indicates that this | ||||||||||
| Remove | Removes the selected alert. | ||||||||||
| Add | Adds your new alert to the table. | ||||||||||
| Email Virus Monitor | |
|---|---|
| Monitor POP3 proxy for viruses | Turns on alerting if malware is detected when loading via POP3. |
| Monitor SMTP relay for viruses | Turns on alerting if malware is detected when relaying via SMTP. |
| Save | Turns on your alerts. |
| Firewall notification | |
|---|---|
| Monitor source (remote) IP addresses | Detects suspicious inbound communication from remote IP addresses. Alerts are generated if a rapid series of inbound requests from the same remote IP address is detected. |
| Monitor source (remote) ports | Detects suspicious inbound communication from remote ports. Alerts are generated if a rapid series of inbound requests from the same remote port is detected. |
| Monitor destination (local) IP addresses | Detects suspicious inbound communication to local IP addresses. Alerts are generated if a rapid series of inbound requests to the same local IP address is detected. |
| Monitor destination (local) ports | Detects suspicious inbound communication to local ports. Alerts are generated if a rapid series of inbound requests to the same local port is detected. |
| Warning threshold | The number of hits from the source IP addresses before the warning alert is triggered. |
| Incident threshold | The number of hits from the source IP addresses before the incident alert is triggered. |
| Ignore | A comma-separated list of source IP addresses that should be ignored for this alert. |
| Save | Saves your changed settings. |
| Global Proxy | |
|---|---|
| Monitor for incorrect certificates | Indicates that Smoothwall alerts you when a device fails to present the correct certificate. This is either due to the device having the wrong certificate, or due to unauthorized access. |
| Monitor for DoS attempts | Turn off alerting when a device, with a valid certificate, repeatedly attempts a connection. Repeated connections from a device are assumed to be a Denial of Service (DoS) attempt. |
| Health Monitor | |
|---|---|
| Web servers (HTTP) | Retrieves the specified webpage and looks for specific keywords. If the keywords are missing, an alert is triggered. |
| URL | The URL of the webpage to monitor. You can omit http:// when entering the URL. |
| Retry | The number of attempts to retrieve the web page. |
| Keywords | The comma-separated list of keywords to search for. |
| Mark | Indicates that the entry is selected. |
| Remove | Removes the selected alert. |
| Add | Adds your new alert. You can see this in the table. |
| Other services | Checks the specified port is open and offering a service. |
| IP | The IP address. |
| Port | The port number. |
| Protocol | The protocol of the service that you want to check for a response. Select "Other" to see if there's any response to connections on the associated port. |
| Retry | The number of times the address is checked and not receive a response before generating an alert. |
| Mark | Indicates that the entry is selected. |
| Remove | Removes the selected alert. |
| Add | Adds your new alert. You can see this in the table. |
| DNS name resolution | Checks that a domain hasn't expired or been taken over. |
| Name | The domain name. |
| Address | The domain address (URL). |
| Mark | Indicates that the entry is selected. |
| Remove | Removes the selected alert. |
| Add | Adds your new alert. You can see this in the table. |
| Intrusion System Monitor | |
|---|---|
| Priority | The appropriate priority level for this alert. |
| Add | Sets up your alert with your selected priority level. |
| Mail Queue Monitor | |
|---|---|
| Threshold number of messages | The number of messages at which the alert is triggered. |
| Save | Sets up your alert with your set threshold. |
| NTLM Authentication Failures | |
|---|---|
| Monitor for failed NTLM Authentication | Turns on the alert that lets you know of NLTM Authentication Failures. |
| Save | Saves your setting. |
| System Resource Monitor | |
|---|---|
| System load average warning level (per CPU core) | The threshold of the average number of processes waiting to use the processors over a five-minute period. A system operating at normal performance should record a load average of between 0.0 and 1.0. While higher values are not uncommon, prolonged periods of high load (for example, averages greater than 3.0) might merit attention. |
| Disk usage (%) warning level | The threshold of the disk space usage percentage threshold before the alert is triggered. Low amounts of free disk space can adversely affect system performance. |
| System memory (%) warning level | The system memory usage percentage threshold before the alert is triggered. The system memory is used aggressively to improve system performance, so higher than expected memory usage might not be a concern. However, prolonged periods of high memory usage might indicate that the system could benefit from additional memory. |
| Save | Saves your setting changes. |
| System Service Monitoring | |
|---|---|
| Admin UI server | The components, modules and services that generate alerts when they start or stop. |
| Block page server | |
| Connect Filter Proxy | |
| DHCP server | |
| DPI engine | |
| FTP proxy | |
| IDex Client Proxy | |
| IPsec VPN server | |
| Intrusion Prevention System | |
| L2TP VPN server | |
| Logging server | |
| Mobile Proxy server | |
| Network Time Service | |
| RADIUS server | |
| Report scheduler | |
| Routing server | |
| SMTP relay | |
| Secure shell server | |
| Traffic statistics logger | |
| VMware guest supporting server | |
| Web proxy | |
| Antimalware engine | |
| Authentication service | |
| Central monitor | |
| DHCP relay | |
| DNS proxy server | |
| Datastore server | |
| Guardian web server | |
| IDex cluster | |
| Intrusion Detection System | |
| Kerberos/NTLM service | |
| LCD section | |
| Message censor | |
| Monitor alerts | |
| POP3 proxy | |
| Redis | |
| Reverse Proxy | |
| SIP proxy | |
| SSL VPN server | |
| SystemD | |
| UPS monitor | |
| Web content filter | |
| Web server | |
| VPN certificate monitor | |
|---|---|
| Notification of expired certificates | Turns off the expired certificate alerts. |
| Number of days left (Warning) | The number of days before the certificate expires that will trigger a warning alert |
| Number of days left (Critical) | The number of days before the certificate expires that will trigger a critical alert. |
| Save | Saves your changed settings. |
| Web filter URL violations | |
|---|---|
| URLs to monitor |
The URL, or part of a URL, to monitor and you must enter these on separate lines. For example, these:
would match: http://www.example.com/we%20are%20not%20real |
| Warning threshold | The number of hits to the URL before the warning alert is triggered. |
| Caution threshold | The number of hits to the URL before the caution alert is triggered. |
| Save | Saves your changed setting. |
| Web filter violations | |
|---|---|
| Monitor for blocked accesses | Turns on the alert for when users access blocked domains. |
| Warning threshold | The number of hits allowed for blocked accesses before the warning alert is triggered. |
| Caution threshold | The number of hits allowed for blocked accesses before the caution alert is triggered. |
| Exclude adverts | Excludes adverts from this alert. |
| Monitor for blocked accesses | Turns on the alert for when IP addresses access blocked domains. |
| Warning threshold | The number of hits allowed for blocked accesses before the warning alert is triggered. |
| Caution threshold | The number of hits allowed for blocked accesses before the caution alerts is triggered. |
| Exclude adverts | Excludes adverts from this alert. |
| Save | Saves your setting changes. |