Configure notifications for alerts

Alert Notifications are ways to send notifications to administrators.

By default, alert notifications are only sent to administrators through user notification in the Management Client. You can also send alerts in the following ways:

  • E-Mail — Alert notifications are sent as email using an SMTP server.
  • SMS — Alert notifications are sent as an SMS text message over HTTP, using an SMTP server, or with a script that forwards the message to a third-party tool (for example, gnokii). You can add multiple SMS Channel Types. If the first SMS channel fails, the subsequent SMS channels are used in the order in which they are listed.
  • SNMP — The SNMP Trap Code specified in the custom alert is sent using an SNMP server.
  • Custom Alert Scripts — Alerts are sent for processing to a script you create.

SMS messages sent by script are limited to one line in length. The maximum length of the SMS messages sent by script depends on the third-party tool that is used in sending the messages. The standard character limit for SMS messages is 160 characters. To use a script, install a third-party tool that forwards the SMS messages (for example, gnokii) and the drivers for the tool on the same host. If the tool is not installed on the Management Server host, configure the script for sending the alert notifications to access the tool remotely.

Note: If you have installed a third-party tool, make sure that your Firewall Policy or Layer 2 Firewall Policy allows the traffic from the Management Server to the host.

If you want to send alerts in one or more of these ways, you must integrate external components, such as a GSM modem or an SMTP server. This integration is done in the properties of the Management Server element. In an environment with multiple Management Servers, you must define alert notifications for all Management Servers, even if a Management Server does not currently control any Domains.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Home.
  2. Browse to Others > Management Server.
  3. Right-click the active Management Server, then select Properties.
  4. Click the Notifications tab, then configure one or more notification methods.
  5. Click OK.

Management Server Properties dialog box

Use this dialog box to define Management Server properties.

Option Definition
General tab
Name The name of the element.
IPv4 Address Specifies the IPv4 address of the server. The server can have both an IPv4 and an IPv6 address.
IPv6 Address Specifies the IPv6 address of the server. The server can have both an IPv4 and an IPv6 address.
Resolve Automatically resolves the IP address of the server.
Location Specifies the location for the server if there is a NAT device between the server and other SMC components.
Contact Addresses
  • Default — Specifies the contact address that is used by default whenever a component that belongs to another Location connects to this server.
  • Exceptions — Opens the Exceptions dialog box.
Log Server Specifies the Log Server to which the Management Server sends its logs.
RADIUS Method

(Optional)

Specifies a RADIUS authentication method for authenticating administrators.
  • PAP — Password Authentication Protocol.
  • CHAP — Challenge-Handshake Authentication Protocol.
  • MSCHAP, MSCHAP 2 — Microsoft versions of the CHAP protocol. We recommend using MSCHAP 2 if the server supports it.
  • EAP-MD5 — Extensible Authentication Protocol with an MD5 Hash. This option is selected by default.
TACACS Method

(Optional)

Specifies a TACACS+ authentication method for authenticating administrators.
  • ASCII — American Standard Code for Information Interchange.
    CAUTION:
    This authentication method transmits the user name and password as unencrypted plain text.
  • PAP — Password Authentication Protocol.
  • CHAP — Challenge-Handshake Authentication Protocol.
  • MSCHAP, MSCHAP 2 — Microsoft versions of the CHAP protocol. We recommend using MSCHAP 2 if the server supports it. MSCHAP is selected by default.
TLS Credentials

(Optional)

Specifies the TLS Credentials element that is used for certificate-based authentication of administrators.

TLS Profile

(Optional)

Specifies the TLS Profile element that is used for certificate-based authentication of administrators.

Include in Database Replication

(Multiple Management Servers only)

When selected, the Management Server is included in database replication between Management Servers for high availability.
CAUTION:
Leave this option selected unless you have a specific reason to deselect it. Deselecting this option makes the Management Server's database incompatible with the databases of the other Management Servers.
Audit Storage Full

Specifies the action when the Management Server detects that the audit storage is full.

  • Stop Management Server — The Management Server writes an audit entry indicating that the audit storage is full, stops all processes, then shuts down.
  • Overwrite Oldest — The Management Server overwrites audit entries, starting with the oldest audit entries.
Category

(Optional)

Includes the element in predefined categories. Click Select to select a category.
Tools Profile Adds commands to the element right-click menu.Click Select to select an element.
Comment

(Optional)

A comment for your own reference.
Option Definition
Notifications tab
> E-mail section — Specifies email notification details.
SMTP Server Select the SMTP Server that is used to send the alert notifications as email.
Select Opens the Select Element dialog box.
Sender Name Enter the name to be used in the From field of the email.

If this setting is left blank, the Default Sender Name defined in the SMTP Server Properties is used.

Sender Address Enter the email address to be used in the From field of the email.

If this setting is left blank, the Default Sender Address defined in the SMTP Server Properties is used.

> SMS section
Name Shows the name of the channel.
Channel Type Shows the type of the channel.
  • Script — SMS messages are sent using a custom script.
  • SMTP — SMS messages are sent using an SMTP server.
  • HTTP — SMS messages are sent using HTTP.

You can add multiple SMS Channels Types. If the first SMS Channel fails, the subsequent SMS channels are used in the order in which they are listed. Use the Up and Down buttons to change the order of the channels if necessary.

Host/URL/Script Shows the server, URL, or script used for SMS notification.
Up Moves the channel up the list.
Down Moves the channel down the list.
Add

Selects the Channel Type and opens the Channel Properties dialog box.

Edit Opens the Channel Properties dialog box for the selected entry.
Remove Removes the selected entry.
SNMP section
Gateways Enter the host name or IP address of the SNMP Gateways to which the alert notifications are sent as SNMP traps.

You can specify a list of gateways separated by semicolons.

If your SNMP gateway port is not the default port 162, specify the port number by typing a colon and the port after the host name (for example, snmp-gw:4390).

Custom Alert Scripts section
Root Path Enter the root path on the Management Server where custom alert scripts are executed.

The default location is <installation directory>/data/notification.

Do not define the script name here. Add the script name in the Alert Chain at each place you want to call a particular script. You can use multiple scripts.

Option Definition
Web Start tab
Enable Enables Web Start options.
Host Name

(Optional)

Enter the Host Name that the Web Start service uses.
Port Number

(Optional)

Enter the TCP Port Number that the service listens to.
By default, standard HTTP ports are used. Port 80 is used on Windows. Port 8080 is used on Linux (which does not allow the use of reserved ports for this type of service).
Note: Make sure that the listening port is not in use on the server.
Listen Only on Address

(Optional)

If the Management Server has several addresses and you want to restrict access to one address, specify the IP address to use.
Generate Server Logs

(Optional)

Select if you want to log all file load events for further analysis with external web statistics software.
Option Definition
SMC API tab
Enable Enables SMC API options.
Host Name Enter the name that the SMC API service uses.
Note: API requests are served only if the API request is made to this host name. To allow API requests to any host name, leave this field blank.
Port Number

(Optional)

Enter the TCP Port Number that the SMC API service listens to.

By default, port 8082 is used. In Linux, the value of this parameter must always be higher than 1024.

Listen Only on Address

(Optional)

If the Management Server has several addresses and you want to restrict access to one address, specify the IP address to use.
Server Credentials

(Optional)

The TLS Credentials element that is used in HTTPS connections to the SMC API. Click Select to select an element.
Generate Server Logs

(Optional)

Select if you want to log all file load events for further analysis with external web statistics software.
Use SSL for session ID

(Optional)

Track sessions to the Management Server in your web application. Do not select this option if your network requires you to use cookies or URIs for session tracking.
Option Definition
ECA Evaluation tab
Enable To easily deploy Forcepoint Endpoint Context Agent (ECA) to a limited set of users for evaluation purposes, enable the ECA Evaluation feature. For more information, see Knowledge Base article 16193.
Option Definition
Announcement tab
Display announcement to Web Portal Users Enables you to display announcements to the administrators who log on to the Web Portal.

Enter the announcement in the field. The length is limited to 160 characters. You can add formatting to the announcement with standard HTML tags (which are also included in the character count).

Option Definition
Connection tab
Proxy Settings
Use proxy server for HTTPS connection Select if the connection from the Management Server to the Forcepoint servers requires a proxy server.
Proxy address Defines the address of the HTTP proxy.
Proxy port Defines the port of the HTTP proxy.
Authenticate to the proxy server Select if the proxy server requires user authentication.
Proxy user name Enter the user name for the proxy user.
Proxy user password Enter the password for the proxy user.
Hide When selected, prevents the password from being shown as plain text. Deselect this option to show the password. Selected by default.
Option Definition
Audit Forwarding tab
Target Host The Host element that represents the target host to which the audit data is forwarded.

Double-clicking this cell opens the Select Host dialog box.

Service The network protocol for forwarding the audit data. Click the cell, then select the Service from the drop-down list.
  • TCP
  • UDP
  • TCP with TLS
Note: You might have to define an Access rule that allows traffic to the target host. In this case, make sure that the Service you select is also used as the Service in the Access rule.
Port The Port that is used for audit forwarding. Double-click to edit the cell.
The default port is 2055.
Note: You might have to define an Access rule that allows traffic to the target host. In this case, make sure that the Port you select is also used as the Port in the Access rule.
Format Click the cell, then select the audit data forwarding format from the drop-down list.
  • CSV — Forwards audit data in comma separated value format.
  • XML — Forwards audit data in XML format.
  • CEF — Forwards audit data in common event format.
  • LEEF — Forwards audit data in log extended event format.
  • McAfee ESM — Forwards audit data in a format that is compatible with McAfee ESM.
  • Forcepoint UEBA — This option is not yet supported. For more information about Forcepoint UEBA, see the Forcepoint UEBA documentation at https://⁠support.forcepoint.com/Documentation.
Filter

(Optional)

An optional local filter that defines which audit data is forwarded. The local filter is only applied to the audit data that matches the Audit Forwarding rule. Double-clicking this cell opens the Local Filter Properties dialog box.
TLS Profile Allows you to select a TLS Profile element that contains settings for cryptography, trusted certificate authorities, and the TLS version used in TLS-protected traffic. Double-clicking this cell opens the Select Element dialog box. The TLS Profile is only available if you have selected TCP with TLS as the Service.
TLS Server Identity

(Optional, only if a TLS Profile is selected)

Select the identity of a TLS server to secure the TLS-protected traffic from the Management Server to an external syslog server. Double-clicking this cell opens the TLS Server Identity dialog box.
Add Adds a row to the table.
Remove Removes the selected row.
Management Server TLS Certificate Used for Forwarding Logs Select the certificate for TLS-protected audit data forwarding.
  • Use Internal Certificate — Management Server certificate (signed by the Internal CA) is used for TLS-protected syslog communication.
  • Use Imported Certificate — A certificate signed by an external CA is used. Click Select to select a certificate or to create a TLS Credentials element.
  • No Client Authentication — The Management Server's certificate is not authenticated.
Option Definition
NAT tab
Firewall Shows the selected firewall.
NAT Type Shows the NAT translation type: Static or Dynamic.
Private IP Address Shows the Private IP Address.
Public IP Address Shows the defined Public IP Address.
Port Filter Shows the selected Port Filters.
Comment An optional comment for your own reference.
Add NAT Definition Opens the NAT Definition Properties dialog box.
Edit NAT Definition Opens the NAT Definition Properties dialog box for the selected definition.
Remove NAT Definition Removes the selected NAT definition from the list.

HTTP SMS Channel Properties dialog box

Use this dialog box to define the properties of an HTTP SMS Channel.

Option Definition
Name Specifies the notification channel name.
URL Specifies the HTTP Gateway URL for sending an SMS.
Use Proxy When selected, a proxy is used.
  • Host — Enter the host name to use.
  • Port — Enter the port to use.
Protocol

(Optional)

  • Use HTTP 1.1 — Uses the HTTP 1.1 protocol.
  • Method — Select whether to use GET or POST as the method.
HTTP Field Names
  • Phone Number — Enter the contact phone number.
  • Message — Enter the message to send.
Additional HTTP Fields

(Optional)

Includes additional HTTP fields in the SMS.
  • Name — Name of the field.
  • Value — Enter a value for the field.
Add Adds a row to the table.
Remove Removes the selected row from the table.
Test Tests if the SMS messages send correctly.

Script SMS Channel Properties dialog box

Use this dialog box to use a script to send an SMS.

Option Definition
Name Specifies the script name.
Script Path Specifies the full path to the script that sends the SMS, or the relative path from the execution directory.
Execution Path Specifies the directory in which the script is executed. The execution log is stored in this directory.
Test Tests if the SMS messages are sent correctly.

SMTP SMS Channel Properties dialog box

Use this dialog box to define the properties of an SMTP SMS Channel.

Option Definition
Name Specifies the notification channel name.
SMTP Server Specifies the SMTP Server that is used to send the notifications.
Select Opens the Select Element dialog box.
Account If required by the SMTP server, specifies the user name for connections to the SMTP server.
Password If required by the SMTP server, specifies the password for connecting to the SMTP server.
Hide When deselected, displays the password in plain text.
Local Host Name Specifies the DNS Local Host Name of the server that sends the SMS notification.
  • If you are configuring SMS notification for Alerts, enter the DNS host name of the Management Server.
  • If you do not enter a DNS host name, the Default Host Name defined in the SMTP Server Properties is used.
Sender E-mail Address

(Optional)

Specifies the Sender E-mail Address that is used in the From field of the email.

If this setting is left blank, the Default Sender Address in the SMTP Server Properties is used.

Recipient Specifies the Domain name of the Recipient user or administrator accounts.
Subject Specifies the Subject for the message.
Test Tests if the SMS messages are sent correctly.