Virus email alerts generated by PM rather than client

Hi,
Is there a way to force the clients to notify Policy Manager that a virus has been detected which in turn emails a recipient rather than it taking place on a client? At the moment the clients notify a recipient which isn't great so am looking for solutions to this issue.
I thought that this was in the pipeline but haven't seen any documentation on this.
FPMC -version 12
Workstations - version 11.50-60
Any feedback would be great.
Thanks,
Al
Comments
-
Hello,
There are two ways to avoid sending email alerts from client:
1) Configure report scheduling in Policy Manager Web Reporting.
2) Configure forwarding alerts to syslog (PMC > Tools > Server configuration > Syslog) and then set up email notification for chosen syslog events.
2 -
Hi Marina,
Thanks for your reply. I think the second option is best for us and am testing now.
The problem is that I can't generate any logs on the syslog server. I have tried the following
- Referenced the syslog server by name and IP (PMC > Tools > Server configuration > Syslog)
-Changed the potocol type (PMC > Tools > Server configuration > Syslog)
- Disabled firewalls
- Used multiple alerts to determine if alerting is working at all (Policy Domain > Settings > Alert Forwarding)
- Have tested on two syslog servers and can't generate any logging for FPMC.
Is there anything else I could try?
Regards,
Al
0 -
There should be an easier way to just send alerts from PM by email! I thought I had set it up by configuring the mail server settings in server configuration.0
-
First, only new alerts are forwarded to syslog, so please ensure that alerts were received by PM from client after you configured forwarding to syslog.
Second, could you please ensure that other apps are able to send alerts to syslog from the same machine to exclude connectivity issues?
0 -
Hello David,
In server configuration you can only configure server alerts sending, not the client ones.
0 -
But isnt the point of having a server so that you can have things centralized? So having clients individually sending alerts doesnt make sense.0
-
Using email as a delivery channel is not provident when we are speaking about thousands of alerts potentially arriving to PMS. That is why syslog or SIEM integration is preferred option as you can use them not only for accumulating but also creating business rules for notifying administrator in emergent situations.
0 -
Hi Marina,
I'm testing the process by using the F-secure EICAR_Test_File script so can make changes and then test.
I'm still not having any luck with the syslog and have tested another application to generated the logs which worked. To confirm, the syslog is generated by the FPMC server and not the client. Is it worth installing the syslog server directly on the FPMC server? Is this supported by F-Secure?
Regards,
Al
0 -
It would be fine for some of us, especially if there were filters. Give us the option.0
-
Hi Marina,
I sorted this out in the end and was down to some firewall rules that were set up.
Thanks for your help with this.
Regards,
Al5
Categories
- All Categories
- 4.7K WithSecure Community
- 3.6K Products
- 2 Get Support