When specifying an SMTP log receiver, the IP address of the receiver must be specified. A domain
name such as dns:smtp.example.com cannot be used.
Example 6.32. Configuring an SMTP Log Receiver
In this example, a existing IDP Rule object called examplerule is configured with an SMTP log
receiver. Once an IDP event occurs, the rule is triggered. At least one new event occurs within the
hold time of 120 seconds, thus reaching the log threshold level (at least 2 events have occurred).
This results in an email being sent containing a summary of the IDP events. Several more IDP
events may occur after this, but to prevent flooding the mail server, NetDefendOS will wait 600
seconds (equivalent to 10 minutes) before sending a new email.
An SMTP server is assumed to have already been configured in the address book with the name
smtp-server.
Command-Line Interface
Add an SMTP log receiver:
gw-world:/> add LogReceiver LogReceiverSMTP smt4IDP
IPAddress=smtp-server
Receiver1=youremail@example.com
Next, change the CLI context to be IDPRule:
gw-world:/> cc IDPRule examplerule
Now, set the property of the first IDPRuleAction:
gw-world:/examplerule> set IDPRuleAction 1 LogEnabled=Yes
Return to the default CLI context:
gw-world:/> cc
Web Interface
Adding an SMTP log receiver:
1. Go to: System > Device > Log and Event Receivers > Add > SMTP Event Receiver
2. Now enter:
• Name: smtp4IDP
• SMTP Server: smtp-server
• Server Port: 25
• Specify alternative email addresses (up to 3)
• Sender: hostmaster
• Subject: Log event from NetDefendOS
• Minimum Repeat Delay: 600
Chapter 6: Security Mechanisms
563
To Next Page
Loading...
