Configuring general alert options

Web protection software can notify administrators of various kinds of system events, as well as Internet usage or suspicious activity that exceeds defined thresholds

Use the Settings > Alerts > Enable Alerts page to specify flood control settings, and to enable and configure one or more alerting notification methods. After enabling alerting on this page, use the other pages in the Settings > Alerts section to specify which alerts you want to receive.

Steps

  1. Under Alert Limits per 24 Hours, enter a number to specify the Maximum daily alerts per type to be generated for each category usage, protocol usage, and suspicious activity alert.

    For example, you might configure a category usage alert to be sent every 5 times (threshold) someone requests a site in the Sports category. Depending on the number of users and their Internet use patterns, that could generate hundreds of alerts each day.

    If the maximum daily alerts per type is 10, administrators would receive alerts about the first 50 requests for Sports sites on a specific day (5 requests per alert multiplied by 10 alerts), but no alerts for subsequent requests for the category on the same day.

  2. Mark Enable email alerts to deliver alerts and notifications by email. Then, configure these email settings.
    SMTP server IPv4 address or name IPv4 address or hostname for the SMTP server through which email alerts should be routed.
    From email address Email address to use as the sender for email alerts.
    Administrator email address (To) Email address of the primary recipient of email alerts.
    Recipient email addresses (Cc) Email address for up to 50 additional recipients. Each address must be on a separate line.
  3. Mark Enable SNMP alerts to deliver alert messages through an SNMP Trap system installed in your network. Then, provide information about your SNMP Trap system.
    Community name Name of the trap community on your SNMP Trap server.
    IPv4 address or hostname The IPv4 address or hostname of the SNMP Trap server.
    Port Port number SNMP messages use. The default is 162.

    When your software sends an SNMP alert, the following fields may be populated in the SNMP trap:

    • Filtering Service (IP address)
    • Policy Server (IP address)
    • Time (year, month, and day)
    • Subscription key
    • User name
    • User IP address
    • Threshold (usage alerts)
    • Category
    • Protocol
    • Action (e.g., Blocked, Permitted) URL (hat triggered the alert)
    • IP address (of the URL that triggered the alert)
    • Port (protocol port)
  4. When you are finished, click OK to cache your changes. Changes are not implemented until you click Save and Deploy.