Some alerts have just a single condition, like services stopping or starting, before an alert is triggered. Others, allow you to set threshold values for when alerts are triggered. You can determine the alerts sent to what groups of users and in what format. Switch on System Alerts.
Alerts are generated when certain trigger conditions are met.
- Trigger conditions can be individual events, for example, an administrator sign-in failure, or a series of events occurring over a certain time period, for example, a sustained high level of traffic over a five-minute period.
- Some alerts allow their trigger conditions to be edited to customize the alert sensitivity.
- Some situations are constantly monitored, such as those relating to critical failures, for example, UPS and power supply alerts.
- You can specify two-trigger conditions for some alerts – the first acts as a warning alert, and, in more critical circumstances, the second identifies the occurrence of an incident.
Here are the different alerts you can configure on the Reports > Alerts > Alerts page.
Alert | Description |
Administration Login Failures | Monitors both the Secure Shell (SSH) and Web Interface services for failed logon attempts. Monitored constantly. |
Bandwidth Monitor | Monitors your bandwidth usage and alerts you when the traffic flow for the external interface or bridge exceeds a specific threshold. Each alert that you configure can only monitor traffic in a single direction. However, you can configure multiple Bandwidth Monitor alerts to monitor all traffic. The Bandwidth Monitor alert is not turned on upon installation. Constant monitoring. |
Connection Monitor | This alert is triggered when an interface has failed. An additional alert is sent when an interface becomes available again. Monitored constantly. |
Email Virus Monitor | These alerts are triggered by detection of malware being relayed via SMTP or downloaded via POP3. Monitored constantly. |
Firewall Notifications | Monitors Smoothwall Firewall activity and generates warnings based on suspicious activities to or from certain IP addresses involving certain ports. Monitored constantly. This is predefined upon installation. |
Global Proxy |
Monitors your global proxy's activity and generates warnings about device misconfiguration or potential abuse. Alerts are triggered when device misconfiguration, or potential abuse is detected. Monitored constantly. This is predefined upon installation. Note: To view this alert, you need a Unified Threat Management license. |
Hardware Failover Notification |
Generates messages when a hardware failover occurs, or when failover devices are forced on and offline. Monitored constantly. Note: To view this alert, you need a Unified Threat Management license. |
Hardware failure alerts, hard disk failure | Generates messages when hardware problems are detected. Monitored constantly. |
Health Monitor | Monitors remote services for activity. Health monitor alerts are intended help you to keep an eye on various aspects of your network usually outside of the Smoothwall Filter and Firewall. Monitored constantly. This is not turned on upon installation. |
Intrusion System Monitor |
These alerts are triggered by violations and notices generated by the intrusion system by suspicious network activity. Monitored constantly. Generates alerts for violations and notices generated by both the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). This is predefined upon installation. Note: To view this alert, you need a Unified Threat Management license. |
L2TP VPN Tunnel Status |
L2TP Tunnel status notifications occur when an L2TP (Layer 2 Tunneling Protocol) Tunnel is either connected or disconnected. Monitored once every five minutes. Note: To view this alert, you need a Unified Threat Management license. |
License expiry status warnings | Generates messages when the license is due for renewal or has expired. Monitored once an hour. Monitored once an hour. |
Mail Queue Monitor | Monitors the mail queue for when the number of messages therein exceeds a certain threshold. This is turned off upon installation. It's triggered when the number of messages in the email queue exceeds the specified threshold. |
NTLM Authentication Failures | This alert is generated when a device is unable to provide correct credentials for NTLM authentication. Monitored constantly. This is not turned on upon installation. |
Output System Test Messages | Catches test alerts generated for the purposes of testing the Smoothwall Filter and Firewall Output systems. Monitored constantly. |
Reverse proxy violations |
Monitors reverse proxy activity and generates warnings about connectivity issues. Monitored constantly. Note: To view this alert, you need a Unified Threat Management license. |
System Boot (Restart) Notification | This alert is generated whenever the system is started; that is, is turned on or restarted. Monitored once every five minutes. |
System Resource Monitor | These alerts are triggered whenever the system resources exceed predefined limitations. Monitored once every five minutes. Generates an alert whenever the system resources exceed your predefined limitations. This is predefined upon installation. A system operating at normal performance should record a load average of between 0.0 and 1.0. While higher values aren't uncommon, prolonged periods of high load, for example, averages greater than 3.0 might merit your attention. You can set the disk usage threshold percentage. However, be aware that low amounts of free disk space can adversely affect system performance. The Smoothwall Filter and Firewall uses system memory aggressively to improve system performance, so higher than expected memory usage might not be a concern. However, prolonged periods of high memory usage might indicate that the system could benefit from additional memory. |
System Service Monitoring | This alert is triggered whenever a critical system service changes status, that is, starts or stops. Monitored once every five minutes. Generates an alert whenever a critical system service changes status, for example, starts or stops. This is predefined upon installation. |
Update Monitoring | Monitors the system for new updates once an hour. |
UPS, Power Supply status warnings | Generates messages when server power switches to and from mains supply. Monitored constantly. |
VPN Certificate Monitor |
Validates the VPN certificates and issues warnings about potential problems, or impending expiration dates. Monitored once an hour. This is predefined upon installation. Note: To view this alert, you need a Unified Threat Management license. |
VPN Tunnel Status |
VPN Tunnel status notifications occur when an IPSEC Tunnel is either connected or disconnected. Monitored once every five minutes. Note: To view this alert, you need a Unified Threat Management license. |
Web filter upstream proxy status |
This alert is triggered when connectivity to an upstream proxy fails or returns. Monitored once every five minutes. Note: To view this alert, you need a Smoothwall Filter license for the Guardian module. |
Web filter URL violations |
Monitors URL activity. Monitored once every five minutes. Monitors access to a list of specific URLs. This also has a caution and a warning level that can be set. Note: To view this alert, you need a Smoothwall Filter license for the Guardian module. |
Web filter violations |
Monitors web filter activity and generates warnings about suspicious or blocked web accesses. Monitored constantly. This is predefined, but turned off, upon installation. Note: To view this alert, you need a Smoothwall Filter license for the Guardian module. |