- Computers & electronics
- Networking
- Netgear
- STM600 - ProSecure Web And Email Threat Management Appliance
- Reference manual
Configuring Logging, Alerts, and Event Notifications. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance
Add to My manuals261 Pages
advertisement
![Configuring Logging, Alerts, and Event Notifications. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance | Manualzz Configuring Logging, Alerts, and Event Notifications. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance | Manualzz](http://s1.manualzz.com/store/data/007103135_1-92829e6779d984aae68708f02ebe0cf3-360x466.png)
6.
Monitoring System Access and
Performance
6
This chapter describes the system monitoring features of the STM. You can be alerted to important events such as attacks and login failures. You can also view the system status and real-time traffic and security information. In addition, the diagnostics utilities are described.
Note:
All email notification functions that are part of the Logs, Reports, and Alerts menus, and some of the functions that are part of the
Diagnostics configuration menu require that you configure the email
Configuring the Email Notification Server
This chapter contains the following sections:
• Configuring Logging, Alerts, and Event Notifications on this page
• Monitoring Real-Time Traffic, Security, Statistics, and Web Usage on page 184
• Viewing System Status on page 192
• Viewing, Scheduling, and Generating Reports on page 200
• Viewing and Managing the Quarantine Files on page 208
• Using Diagnostics Utilities on page 215
Configuring Logging, Alerts, and Event Notifications
You can configure the STM to email logs and alerts to a specified email address. For example, the STM can email security-related events such as malware incidents, infected clients, and failed authentications. By default, the STM logs content filtering events such as attempts to access blocked sites and URLs, unwanted email content, spam attempts, and many other types of events.
For you to receive the logs in an email message, the STM’s notification server needs to be configured and email notification needs to be enabled. If the notification server is not configured or email notification is disabled, you can still query the logs and generate log reports to view on the Web Management Interface or to save in CSV format.
Chapter 6. Monitoring System Access and Performance | 175
ProSecure Web/Email Security Threat Management (STM) Appliance
For more information about logs, see
Configuring the Email Notification Server
If you have used the Setup Wizard, you might have already configured the email notification server; the Email Notification Server screen allows you to modify these settings.
The STM can automatically send information such as notifications and reports to an administrator. You need to configure the necessary information for sending email, such as the administrator’s email address, the email server, user name, and password.
To configure the email notification server:
1.
Select Global Settings > Email Notification Server from the menu. The Email
Notification Server screen displays. (The following figure contains some examples.)
Figure 101.
2.
Complete the fields, select the radio button and check boxes, and make your selections from the drop-down lists as explained in the following table:
Table 50. Email Notification Settings
Setting Description (or Subfield and Description)
Show as Mail Sender A descriptive name of the sender for email identification purposes. For example, enter [email protected].
Send Notifications to The email address to which the notifications should be sent. Typically, this is the email address of a user with administrative privileges.
SMTP server The IP address and port number or Internet name and port number of your ISP’s outgoing email SMTP server. The default port number is 25.
Note:
If you leave this field blank, the STM cannot send email notifications.
176 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 50. Email Notification Settings (Continued)
Setting Description (or Subfield and Description)
Mail Server Requires
Authentication
If the SMTP server requires authentication, select the Mail Server Requires
Authentication check box and enter the following settings:
User Name
Password
The user name for SMTP server authentication.
The password for SMTP server authentication.
3.
Click Apply to save your settings.
Configuring and Activating System, Email, and Syslog Logs
You can configure the STM to log system events such as a change of time by an NTP server, secure login attempts, restarts, and other events. You can also send logs to the administrator or schedule logs to be sent to the administrator or to a syslog server on the network. In addition, the Log Management screen provides the option to selectively clear logs. Because this large screen has three sections, each with its own Apply button, this screen is presented
in this manual in three figures (the following figure,
Emailing Logs
To enable and configure logs to be sent to an email address:
1.
Select Monitoring > Logs from the menu. The Logs submenu tabs display, with the Log
Management screen in view (see the following figure,
2.
Locate the Email Logs to Administrator section on the screen. Select the Enable check box to enable the STM to send logs to an email address.
Chapter 6. Monitoring System Access and Performance | 177
ProSecure Web/Email Security Threat Management (STM) Appliance
Figure 102. Log Management, screen 1 of 3
3.
Complete the fields, select the radio button and check boxes, and make your selections from the drop-down lists as explained in the following table:
Table 51. Email Logs Settings
Setting
Send to
Frequency
Description (or Subfield and Description)
The email address of the recipient of the log file. This is normally a user with administrative privileges. You enter up to three email address, separated by commas.
Click Send Now to immediately send the logs that you first need to have specified (see the information later in this table).
Note:
To limit the size of the email, the STM does not send the actual logs to the specified email address but an email that contains links to the actual logs. These links remain active for a period of 10 days, after which the logs are no longer available.
Select a radio button to specify how often the log file is sent:
• When the space is full. Logs are sent when the storage space that is assigned to the logs is full.
• Daily. Logs are sent daily at the time that you specify from the drop-down lists (hours and minutes).
• Weekly. Logs are sent weekly at the day and time that you specify from the drop-down lists (weekday, hours, and minutes).
178 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 51. Email Logs Settings (Continued)
Setting
Select Logs to
Send
Format
Size
Description (or Subfield and Description)
Select the check boxes to specify which logs are sent via email:
• System logs. The system event logs that include all system errors, informational messages, configuration changes, and system software updates.
• Email traffic logs. All scanned incoming and outgoing email traffic.
• Web traffic logs. All scanned incoming and outgoing Web traffic.
• Malware logs. All intercepted viruses and spyware.
• Spam logs. All intercepted spam, including spam that was detected through the blacklist, real-time blacklist, and distributed spam analysis.
• Email filter logs. All emails that are intercepted because of keyword, file type, file name, password, or size limit violations.
• Content filter logs. All websites, URLs, and FTP sites that are intercepted because of Web category, blacklist, file type, or size limit violations.
• Application logs. All intercepted application access violations.
Select the types of system logs that are sent via email:
• error. All system errors.
• info. All informational messages.
• conf. All configuration changes.
• update. All system software updates.
Select a radio button to specify the format in which the log file is sent:
• Plain text. The log file is sent as a plain text file.
• CSV. The log file is sent as a comma-separated values (CSV) file.
Select the Zip the logs to save space check box to enable the STM to compress the log file.
Select the Split logs size to check box to break up the log file into smaller files, and specify the maximum size of each file in MB. The default setting is 20 MB.
4.
Click Apply to save your settings.
Sending Logs to a Syslog Servers
To enable and configure logs to be sent to a syslog server:
1.
Select Monitoring > Logs from the menu. The Logs submenu tabs display, with the Log
Management screen in view (see
2.
Locate the Send Logs via Syslog section on the screen (see the following figure), and select the Enable check box to enable the STM to send logs to a syslog server.
Chapter 6. Monitoring System Access and Performance | 179
ProSecure Web/Email Security Threat Management (STM) Appliance
Figure 103. Log Management, screen 2 of 3
3.
Complete the fields, select the check boxes, and make your selections from the drop-down lists as explained in the following table:
Table 52. Syslog Settings
Setting Description (or Subfield and Description)
IP Address The IP address of the syslog server.
Port
Logs
The port number that the syslog server uses to receive logs. The default port number is 514.
Select the check boxes to specify which logs are sent to the syslog server:
• System logs. The system event logs that include all system errors, informational messages, configuration changes, and system software updates.
• Email traffic logs. All scanned incoming and outgoing traffic.
• Web traffic logs. All scanned incoming and outgoing traffic.
• Malware logs. All intercepted viruses and spyware.
• Spam logs. All intercepted spam, including spam that was detected through the blacklist, real-time blacklist, and distributed spam analysis.
• Email filter logs. All emails that are intercepted because of keyword, file type, file name, password, or size limit violations.
• Content filter logs. All websites, URLs, and FTP sites that are intercepted because of
Web category, blacklist, file type, or size limit violations.
• Application logs. All intercepted application access violations.
180 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 52. Syslog Settings (Continued)
Setting
Facility
Priority
Description (or Subfield and Description)
The facility indicates from which internal part of the STM the log message originates. For each log that you have selected to be sent to the syslog server (see earlier in this table), select one of the following facilities from the drop-down list:
• auth. Security and authorization log messages.
• authpriv. Security and authorization log messages for sensitive information.
• cron. Clock daemon log messages.
• deamon. Other daemon log messages.
• ftp. FTP log messages.
• kern. Kernel log messages.
• local0 through local7. Locally defined log messages (1 through 7).
• lpr. Line printer subsystem log messages.
• mail. Mail subsystem log messages.
• news. Usenet news subsystem log messages.
• syslog. Log messages that are generated internally by the syslog server (syslogd).
• user. Generic user-level log messages.
• uucp. Unix-Unix copy (UUCP) subsystem log messages.
For each log that you have selected to be sent to the syslog server (see earlier in this table), select one of the following severities from the drop-down list:
• emerg. The STM is unusable.
• alert. An action needs to be taken immediately.
• crit. There are critical conditions.
• err. There are error conditions.
• warning. There are warning conditions.
• notice. There are normal but significant conditions.
• info. Informational messages.
• debug. Debug-level messages.
Note:
All the logs with a severity that is equal to and above the severity that you specify are logged on the specified syslog server. For example, if you select crit as the severity, then the logs with the severities crit, alert, and emerg are logged.
4.
Click Apply to save your settings.
Chapter 6. Monitoring System Access and Performance | 181
ProSecure Web/Email Security Threat Management (STM) Appliance
Clearing Logs
To clear logs:
1.
Select Monitoring > Logs from the menu. The Logs submenu tabs display, with the Log
Management screen in view (see
on page 178). Locate the Clear the
Following Log Information section at the bottom of the screen:
Figure 104. Log Management, screen 3 of 3
2.
Select one ore more check boxes to specify which logs are cleared:
•
System. The system event logs are cleared.
•
Email traffic. The logs with scanned incoming and outgoing email traffic are cleared.
•
Web traffic. The logs with scanned incoming and outgoing Web traffic are cleared.
•
Malware. The logs with intercepted viruses and spyware are cleared.
•
Spam. The logs with intercepted spam are cleared.
•
Email filter. The logs with intercepted emails are cleared.
•
Content filter. The logs with intercepted websites, URLs, and FTP sites are cleared.
•
Application. The logs with intercepted applications are cleared.
3.
Click Clear Log Information.
Configuring Alerts
You can configure the STM to send an email alert when a failure, license expiration, or malware attack or outbreak occurs. Four types of alerts are supported:
•
Update Failure Alert. Sent when an attempt to update any component such as a pattern
file or scan engine firmware fails.
•
License Expiration Alerts. Sent when a license is about to expire and then again when
a license has expired.
•
Malware Alert. Sent when the STM detects malware threats.
•
Malware Outbreak Alert. Sent when the malware outbreak criteria that you have
configured are reached or exceeded. Outbreak criteria are based on the number of malware threats detected within a specified period of time.
182 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
To configure and activate the email alerts:
1.
Select Monitoring > Alerts from the menu. The Alerts screen displays:
Figure 105.
2.
Select the check boxes and complete the fields as explained in the following table:
Table 53. Alerts Settings
Setting
Enable Update
Failure Alerts
Description (or Subfield and Description)
Select this check box to enable update failure alerts.
Enable License
Expiration Alerts
Select this check box to enable update license expiration alerts.
Enable Malware
Alerts
Select this check box to enable malware alerts, and configure the Subject and Message fields.
Subject Enter the subject line for the email alert. The default text is [Malware alert].
Message Enter the content for the email alert. The default text is %VIRUSINFO%, which is the metaword that enables the STM to insert the correct malware threat information.
Note:
In addition to the %VIRUSINFO% metaword, you can insert the following metawords in your customized message:
%TIME%, %PROTOCOL%, %FROM%, %TO%, %SUBJECT%,
%FILENAME%, %ACTION%, %VIRUSNAME%.
Chapter 6. Monitoring System Access and Performance | 183
advertisement
Related manuals
advertisement
Table of contents
- 8 What Is the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600?
- 9 What Can You Do with an STM?
- 9 Key Features and Capabilities
- 10 Stream Scanning for Content Filtering
- 11 Autosensing Ethernet Connections with Auto Uplink
- 11 Easy Installation and Management
- 12 Maintenance and Support
- 12 STM Model Comparison
- 12 Service Registration Card with License Keys
- 13 Package Contents
- 14 Hardware Features
- 14 Front Panel Ports and LEDs
- 20 Rear Panel Features
- 22 Bottom Panel with Product Label
- 23 Choosing a Location for the STM
- 24 Using the Rack-Mounting Kit
- 25 Choosing a Deployment Scenario
- 25 Gateway Deployment
- 26 Server Group
- 27 Segmented LAN Deployment
- 27 Understanding the Steps for Initial Connection
- 28 Qualified Web Browsers
- 28 Logging In to the STM
- 30 Understanding the Web Management Interface Menu Layout
- 32 Using the Setup Wizard to Perform the Initial Configuration
- 33 Setup Wizard Step 1 of 10: Introduction
- 33 Setup Wizard Step 2 of 11: Networking Settings
- 35 Setup Wizard Step 3 of 11: Time Zone
- 37 Setup Wizard Step 4 of 11: Email Security
- 39 Setup Wizard Step 5 of 11: Web Security
- 42 Setup Wizard Step 6 of 11: Email Notification Server Settings
- 43 Setup Wizard Step 7 of 11: Update Settings
- 45 Setup Wizard Step 8 of 11: HTTP Proxy Settings
- 46 Setup Wizard Step 9 of 11: Web Categories
- 48 Setup Wizard Step 10 of 11: Configuration Summary
- 49 Setup Wizard Step 11 of 11: Restarting the System
- 49 Verifying Correct Installation
- 49 Testing Connectivity
- 49 Testing HTTP Scanning
- 50 Registering the STM with NETGEAR
- 51 What to Do Next
- 52 Configuring Network Settings
- 56 Configuring Session Limits and Timeouts
- 57 Configuring the Network Refresh and Permanent MAC Address Bindings
- 59 Managing Permanent MAC Address Bindings
- 60 Configuring the HTTP Proxy Settings
- 61 About Users with Administrative and Guest Privileges
- 62 Changing Administrative Passwords and Timeouts
- 64 Configuring Remote Management Access
- 65 Using an SNMP Manager
- 67 Supported MIB Browsers
- 67 Managing the Configuration File
- 68 Backing Up Settings
- 69 Restoring Settings
- 70 Reverting to Factory Default Settings
- 71 Updating the Software
- 71 Scheduling Updates
- 73 Performing a Manual Update
- 74 Critical Updates That Require a Restart
- 74 Configuring Date and Time Service
- 76 Managing Digital Certificates
- 78 Managing the Certificate for HTTPS Scans
- 79 Managing Trusted Certificates
- 80 Managing Untrusted Certificates
- 81 Managing the Quarantine Settings
- 82 Managing the STM’s Performance
- 84 About Content Filtering and Scans
- 85 Default Email and Web Scan Settings
- 87 Configuring Email Protection
- 87 Customizing Email Protocol Scan Settings
- 88 Customizing Email Anti-Virus Settings
- 94 Email Content Filtering
- 97 Protecting Against Email Spam
- 105 Configuring Web and Services Protection
- 105 Customizing Web Protocol Scan Settings
- 107 Configuring Web Malware Scans
- 109 Configuring Web Content Filtering
- 116 Configuring Web URL Filtering
- 119 HTTPS Scan Settings
- 124 Specifying Trusted Hosts
- 125 Configuring FTP Scans
- 127 Configuring Application Control
- 130 Setting Scanning Exclusions and Web Access Exceptions
- 130 Setting Scanning Exclusions
- 132 Setting Access Exception Rules for Web Access
- 139 Creating Custom Groups for Web Access Exceptions
- 142 Creating Custom Categories for Web Access Exceptions
- 147 About Users, Groups, and Domains
- 148 Configuring Groups
- 149 Creating and Deleting Groups by Name
- 150 Editing Groups by Name
- 151 Creating and Deleting Groups by IP Address and Subnet
- 152 Configuring User Accounts
- 153 Creating and Deleting User Accounts
- 154 Editing User Accounts
- 154 Configuring Authentication
- 155 Understanding the STM’s Authentication Options
- 157 Understanding Active Directories and LDAP Configurations
- 161 Creating and Deleting LDAP and Active Directory Domains
- 164 Editing LDAP and Active Directory Domains
- 164 Understanding the ProSecure DC Agent
- 165 Requirements for the ProSecure DC Agent Software and DC Agent Server
- 165 Downloading ProSecure DC Agent Software, and Creating and Deleting DC Agents
- 167 Creating and Deleting RADIUS Domains
- 169 Editing RADIUS Domains and Configuring VLANs
- 170 Global User Settings
- 172 Viewing and Logging Out Active Users
- 175 Configuring Logging, Alerts, and Event Notifications
- 176 Configuring the Email Notification Server
- 177 Configuring and Activating System, Email, and Syslog Logs
- 182 Configuring Alerts
- 184 Monitoring Real-Time Traffic, Security, Statistics, and Web Usage
- 184 Understanding the Information on the Dashboard Screen
- 190 Monitoring Web Usage
- 192 Viewing System Status
- 194 Querying Logs
- 199 Example: Using Logs to Identify Infected Clients
- 199 Log Management
- 200 Viewing, Scheduling, and Generating Reports
- 200 Report Templates
- 202 Generating Reports for Downloading
- 203 Scheduling Automatic Generation and Emailing of Reports
- 204 Advanced Report Filtering Options
- 208 Viewing and Managing the Quarantine Files
- 215 Using Diagnostics Utilities
- 216 Using the Network Diagnostic Tools
- 217 Using the Realtime Traffic Diagnostics Tool
- 218 Gathering Important Log Information and Generating a Network Statistics Report
- 219 Restarting and Shutting Down the STM
- 222 Basic Functioning
- 222 Power LED Not On
- 222 Test LED or Status LED Never Turns Off
- 223 LAN or WAN Port LEDs Not On
- 223 Troubleshooting the Web Management Interface
- 224 When You Enter a URL or IP Address a Time-Out Error Occurs
- 224 Troubleshooting a TCP/IP Network Using a Ping Utility
- 225 Testing the LAN Path to Your STM
- 225 Testing the Path from Your PC to a Remote Device
- 226 Restoring the Default Configuration and Password
- 227 Problems with Date and Time
- 227 Using Online Support
- 227 Enabling Remote Troubleshooting
- 228 Installing Hot Fixes
- 229 Sending Suspicious Files to NETGEAR for Analysis
- 230 Accessing the Knowledge Base and Documentation