PM 10.10 and the notifications issue

I've now got a PM 10 up and running. We've got a healthy 50+ amounts of clients set up, some of which are servers. The old system was that the servers would run the FSAV (Linux edition) in the middle of the night and the report would be emailed to the admins. Some admin would then, at some point, look through the logs and check for potential malware detection. In order to cut down on spam, I've made a bunch of changes and made sure admins only get emailed when something's wrong. This saves up a bunch of time from not having to just trudge through seemingly endless amounts of lines of log and OK everything. It also means admins notice error better; not only can we now actually read everything, but we also don't get logblind and just not notice the errors amongst the fluff.

The only service left is FSPMS. I've read some posts on the forums that say the FSPMS doesn't send out notifications anymore, that task has been assigned to the clients. Is this really the case? What's the point of having one centralized server running if it cannot notify me (and my fellow admins) when it notices things aren't as they should be? Since the console doesn't really have a background mode either, I really can't follow the logic here. Am I just meant to have the FSPMC on top all the time?

What's the deal?

Find more posts tagged with

Comments

etomcat

Hello,

As far as I know FSPM never included any mail server functionality. What FSPM can do is create policy, centrally instructing the FSMA module running on each client computer to send notificational / error_message / warning / alerting level e-mails to various predefined addresses, when necessary.

Sincerely: Tamas Feher, Hungary.

etomcat

Hello,

> The old system was that the servers would run the FSAV (Linux edition) in the middle of the night and the report would be emailed to the admins. Some admin would then, at some point, look through the logs and check for potential malware detection.

The probblem with this logic is virus scanners cannot detect malware (infection event) in hindsight, because the first thing malware does after activating is to block security softwares from running or starting...

Because of this, antivirus should be running continously on the protected computer (so called on-access scanning), in order for threats to be stopped before entering the system and activating themselves.

I know many "penguin people" say there are only Windoze malware, so occasional on-demand scan can suffice to spot mislaid infected EXE file on Linux Samba servers. However, that is not true, Unix / Linux / Android / Apple malware exists and the system resources needed for continous on-access scan should not be denied in a typically scottish manner!

Best regards: Tamas Feher, Hungary.