Notification Manager

The ability to notify system and network administrators about important events is an essential aspect of network security and integrity. An early warning about an error or malicious code can prevent the enormous loss of time and money often needed to eliminate such problems later on. The next three sections outline the notification options offered by ERA.

To open the Notification Manager main window, click Tools > Notification Manager.

35

The main window is divided in two sections:

1.The Notification rules section in the top part of the window contains a list of existing (either predefined or user-defined) rules. A rule in this section must be selected to generate notification messages. By default, no notifications are enabled. Therefore, we recommend checking whether your rules are active. The functional buttons under the list of rules include Save (save modifications to a rule), Save as... (save modifications to a rule with a new name), Delete, Test It (clicking this button will immediately trigger the rule and send a notification), New (use this button to create new rules), Refresh and Default Rules (update the list with default rules).

By default, the Notification Manager window contains predefined rules. To activate a rule, select the check box next to the rule. The following notification rules are available. If they are activated and the rule conditions are met, they generate log entries.

More than 10% of primary clients are not connecting – If more than 10 percent of clients have not connected to the server for more than a week; the rule runs ASAP if this is the case.

More than 10% of primary clients with critical protection status – If more than 10 percent of clients generated a Protection status critical warning and have not connected to the server for more than a week the rule runs ASAP if this is the case.

Primary clients with protection status warning – If there is at least one client with a protection status warning that has not connected to the server for at least one week.

Primary clients not connecting – If there is at least one client that has not connected to the server for more than one week.

Primary clients with outdated virus signature database – If there is a client with a virus signature database two or more versions older than the current one and has not been disconnected from the server for more than one week.

Primary clients with critical protection status – If there is a client with a critical protection status warning that has not been disconnected for more than one week.

Primary clients with newer virus signature database than server – If there is a client with a more recent virus signature database than the one on the server and that has not been disconnected for more than one week.

Primary clients waiting for restart – If there is a client waiting for a restart that has not been disconnected for more than one week.

Primary clients with a non-cleaned infiltration in computer scan – If there is a client on which a computer scan could not clean at least one infiltration and that client has not been disconnected for more than one week; the rule runs ASAP if this is the case.

Completed task – If there was a task completed on a client; the rule runs ASAP if this is the case.

New primary clients – If a new client has connected to the server; the rule runs ASAP if this is the case.

New replicated clients – If there is a new replicated client in the list of clients; the rule runs after one hour if this is the case.

Possible virus outbreak – If the frequency of Threat log entries on a client has exceeded 1000 critical warnings in one hour on at least 10% of all clients.

Possible network attack – If the frequency of ESET Personal firewall log entries on a client has exceeded 1000 critical warnings in one hour on at least 10% of all clients.

Server updated – If the server has been updated.

Server not updated – If the server has not been updated for more than five days; the rule runs ASAP if this is the case.

Error in server text log – If the server log contains an error entry.

License expiration – If the current license will expire within 20 days and after expiration, the maximum number of client slots will be lower than the current number of clients; the rule runs ASAP if this is the case.

License limit – If the number of free client slots decreases under 10% of all client slots available.

If not stated otherwise, all rules are run and repeated after 24 hours and are applied to the primary server and primary clients.

2.The Options section in the bottom half of the window provides information about the currently selected rule. All fields and options in this section are described using the sample rule from chapter Rule creation.

In each rule, you can specify the criteria, known as a Trigger, which activates the rule. The following triggers are available:

Client State – Rule will be run if there is a problem on some of the clients.

Server State – Rule will be run if there is a problem on some of the servers.

Finished Task Event – Rule will be run after the specified task is finished.

New Client Event – Rule will run if there is a new client connecting to the server (including replicated clients).

Outbreak Event – Rule will be run if there is an outbreak of incidents on a significant amount of clients.

Received Log Event – Rule will be run in case the administrator wants to be notified about logs in a certain time interval.

Based on the type of trigger other rule options can be activated or deactivated, therefore we recommend to set the trigger type first when creating new rules.

The Priority drop-down menu allows you to select rule priority. P1 is the highest priority, P5 is the lowest priority. Priority does not in any way affect the functionality of rules. To assign priority to notification messages, the %PRIORITY% variable can be used. Under the Priority drop-down menu, there is a Description field. We recommend that each rule is given a meaningful description, such as ”rule that warns on detected infiltrations”.

The notification format can be edited in the Message field in the bottom section of the Notification Manager main window. In the text you can use special variables %VARIABLE_NAME%. To view the list of available variables click Show me options.

Rule_Name

Rule_Description

Priority – Notification rule priority (P1 is the highest priority).

Triggered – Date of the most recent notification sent (repeats excluded).

Triggered_Last – Date of the most recent notification sent (repeats included).

Client_Filter – Client filter parameters.

Client_Filter_Short – Client filter settings (in short form).

Client_List – List of clients.

Parameters – Rule parameters.

Primary_Server_Name

Server_Last_Updated – Last update of the server.

Virus_Signature_DB_Version – Latest virus signature database version.

Pcu_List – Latest list of all PCUs.

Pcu_List_New_Eula –  Latest list of all PCUs with a new EULA.

Last_Log_Date – Date of the last log.

Task_Result_List – List of finished tasks.

Log_Text_Truncated – Log text that activated the notification (truncated).

License_Info_Merged – License information (summary).

License_Info_Full – License information (full).

License_Days_To_Expiry – Days left until license expiration.

License_Expiration_Date – Nearest expiration date.

License_Clients_Left – Free slots in the current license for clients to connect to the server.

Actual_License_Count – Number of clients currently connected to the server.