You are here: Product Documentation > Unified Threat Management > About the Reports Menu > Smoothwall: Alerts

About Alerts

Note: This topic applies to the Hearst Release.

Your Smoothwall contains a comprehensive set of incident alerting controls.

Alerts are generated when certain trigger conditions are met. Trigger conditions can be individual events, for example, an administrator login failure, or a series of events occurring over a particular time period, for example, a sustained high level of traffic over a five minute period. Some alerts allow their trigger conditions to be edited to customize the alert sensitivity.

Some situations are constantly monitored, particularly those relating to critical failures, for example, UPS and power supply alerts.

It is possible to specify two-trigger conditions for some alerts – the first acts as a warning alert, and, in more critical circumstances, the second denotes the occurrence of an incident.

You access the alerts and their settings on the Reports > Alerts > Alerts page.

The following alerts are available to you:

Alert

Description

Default Settings

VPN Tunnel Status

VPN Tunnel status notifications occur when an IPSEC Tunnel is either connected, or disconnected.

Monitored once every five minutes.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

 

Web filter violations

Monitors web filter activity and generates warnings about suspicious or blocked web accesses.

Monitored constantly.

Note that a Guardian license is required to view this alert. For more information, see About Guardian.

Forbidden user accesses:

Exclude adverts
Warning threshold: 20
Caution threshold: 100

Forbidden IP address accesses:

Exclude adverts
Warning threshold: 20
Caution threshold: 100

Hardware failure alerts, harddisk failure

Generates messages when hardware problems are detected.

Monitored constantly.

 

License expiry status warnings

Generates messages when the license is due for renewal or has expired. Monitored once an hour.

Monitored once an hour.

 

Hardware Failover Notification

Generates messages when a hardware failover occurs, or when failover machines are forced on and offline.

Monitored constantly.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

 

VPN Certificate Monitor

Validates the Smoothwall VPN certificates and issues warnings about potential problems, or impending expiration dates.

Monitored once an hour.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

Notification of expired certificates:

Number of days left (warning): 7
Number of days left (critical): 1

UPS, Power Supply status warnings

Generates messages when server power switches to and from mains supply.

Monitored constantly.

 

Outgoing Traffic Violations

Monitors outbound access activity and generates warnings about suspicious behavior.

Monitored constantly.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

Forbidden services:

Monitor ports for accesses
Warning threshold: 5
Destination Port list: 25, 4662, 4661, 6881, 6882, 6699

Forbidden accesses:

Monitor destination IP addresses
Warding threshold: 100
Incident threshold: 300
Monitor destination ports
Warding threshold: 100
Incident threshold: 300

System Resource Monitor

These alerts are triggered whenever the system resources exceed predefined limitations.

Monitored once every five minutes.

System load average warning level: 3.0
System memory warning level: 80%
Disk usage warning level: 80%

Firewall Notifications

Monitors firewall activity and generates warnings based on suspicious activities to or from certain IP addresses involving particular ports.

Monitored constantly.

Monitor source IP addresses:

Warning threshold: 50
Incident threshold: 200

Monitor destination IP addresses:

Warning threshold: 100
Incident threshold: 200

Monitor destination ports:

Warning threshold: 50
Incident threshold: 150
Ignored ports: 135, 136, 137, 138, 139, 445, 80

L2TP VPN Tunnel Status

L2TP Tunnel status notifications occur when an L2TP (Layer 2 Tunnelling Protocol) Tunnel is either connected, or disconnected.

Monitored once every five minutes.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

 

System Service Monitoring

This alert is triggered whenever a critical system service changes statues, that is, starts or stops.

Monitored once every five minutes.

Web server
Cron server
Monitor alerts
SystemD

Connection Monitor

This alert is triggered when an interface has failed. An additional alert will be sent when an interface becomes available again.

Monitored constantly.

 

Reverse proxy violations

Monitors reverse proxy activity and generates warnings about connectivity issues.

Monitored constantly.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

 

Health Monitor

Checks on remote services for activity.

Health monitor alerts are intended to enable you to keep an eye on various aspects of your network which are usually outside of the remit of the Smoothwall.

Monitored constantly.

 

Web filter upstream proxy status

This alert is triggered when connectivity to an upstream proxy fails or returns.

Monitored once every five minutes.

Note that a Guardian license is required to view this alert.For more information, see About Guardian.

 

Email Virus Monitor

These alerts are triggered by detection of malware being relayed via SMTP or downloaded via POP3. Note that you may not see this option if Anti-Spam is not installed. For more information, see About Anti-Spam .

Monitored constantly.

 

Web filter URL violations

Monitors URL activity.

Monitored once every five minutes.

Note that a Guardian license is required to view this alert. For more information, contact your Smoothwall representative.

 

IM proxy monitored word alert

Monitors instant messaging chats activity and generates warnings based on excessive use of inappropriate language.

Monitored constantly.

 

Output System Test Messages

Catches test alerts generated for the purposes of testing the Smoothwall Output systems.

Monitored constantly.

 

Inappropriate word in IM Monitor

Generates an alert whenever a user uses an inappropriate word or phrase in IM chat conversation.

Monitored constantly.

Enabled on received text
Enabled on sent text

Generate alert for each message which exceeds the Message Censor severity threshold:

Threshold: 0

Generate alert when users exceed the rate of inappropriate messages:

Threshold: 0
Number of inappropriate messages in 15mins: 5

Administration Login Failures

Monitors both the Secure Shell (SSH) and Web Interface services for failed login attempts.

Monitored constantly.

 

Bandwidth Monitor

These alerts are triggered whenever the traffic flow for an external interface or bridge exceeds certain thresholds.

Monitored constantly.

 

NTLM Authentication Failures

This alert is generated when a client is unable to provide correct credentials for NTLM authentication.

Monitored constantly.

 

Update Monitoring

Monitors the system for new updates once an hour.

 

Intrusion System Monitor

These alerts are triggered by violations and notices generated by the intrusion system by suspicious network activity.

Monitored constantly.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

Priority: High

Mail Queue Monitor

Watches the email queue and informs if the number of messages therein exceeds a certain threshold. For more information, see About Anti-Spam .

Monitored once an hour.

 

Global Proxy

This alert monitors for Global Proxy activity. Alerts are triggered when client misconfiguration, or potential abuse is detected.

Monitored constantly.

Note that a Unified Threat Management serial is required to view this alert. For more information, contact your Smoothwall representative.

 

System Boot (Restart) Notification

This alert is generated whenever the system is booted; that is, is turned on or restarted.

Monitored once every five minutes.