Use this page to configure additional alerts or change the default settings of predefined alerts: Reports > Alerts > Alert settings.
There are multiple alerts that give you the ability to adjust the threshold for sending out alerts. For those to be useful, the values often have to be adjusted from the defaults.
Default settings
Alert | Description | Default Settings |
---|---|---|
Bandwidth Monitor |
This alert type will send out alerts when download usage exceeds certain thresholds over time. Set an alert for 85% of the total download amount possible on the internet connection over 10 minutes and if this triggers often, a bandwidth limiter may be useful.
The Smoothwall Filter and Firewall calculates the bandwidth used to two decimal places. |
|
Firewall Notifications |
Similar to the web filter violations alerts, we also have one for the firewall. Again we have two thresholds available, this time called warning and incident. These alerts trigger on both blocked and logged traffic so make sure traffic auditing is not enabled or threshold values are adjusted appropriately, in the "Network - Settings - Advanced" menu, as the alert might otherwise trigger too often. Again a useful alert if you suspect a system is spamming access requests to a blocked or unavailable destination.
|
|
Health Monitor |
This is meant for monitoring external services, not the Smoothwall Filter and Firewall itself. You can add a website address (you can omit http:// when entering the URL) and the monitoring system accesses the URL, checks for the presence of particular keywords and if those are not found or access fails outright, it generates an alert. The Other services is used to check access to SSH or RDP servers, for example. If connection fails, it generates an alert. You can do a DNS resolution test for a specific address, which triggers an alert if the resolution fails or is different from the expected result. Select "Other" for the Protocol to see if there's any response to connections on the associated port. |
|
Intrusion System Monitor |
|
|
NTLM Authentication Failures |
|
|
System Resource Monitor |
The system resource monitor will trigger when load average, memory or disk usage climbs above a certain threshold in a 5 minute period. The load average value has to be adjusted for the appliance and workload in use - in general for the load average value, set this to the number of CPUs in the system or 10, whatever is the lowest. A system operating at normal performance should record a load average of between 0.0 and 1.0. While higher values are not uncommon, prolonged periods of high load (for example, averages greater than 3.0) might merit attention. Memory and disk should be set about the 90% mark. If the load average alert triggers often, it may be time to look at some of the services and adjust the workload that the Smoothwall Filter and Firewall is asked to manage. |
|
System Service Monitoring | This alert will trigger whenever a selected service stops, starts or restarts. The two items "Web proxy" and "Web filter" are not enabled by default. This is the Smoothwall Filter and the proxy engine it relies on, so always a good idea to enable those. If any service is experiencing an outage, enabling the alert for the service here will allow you to keep closer track on service status changes. This should give you an overview of when the issues appear and hopefully then a clue as to why the service is having issues. |
|
VPN Certificate Monitor |
|
|
VPN Tunnel Status |
|
|
Web filter upstream proxy status |
|
|
Web filter URL violations |
This alert is a bit more specific in that you have to configure target URL and domains. If a user or IP address tries to access any of those, an alert gets generated. In this alert we also have two thresholds that can be used. The URL, or part of a URL, to monitor and you must enter these on separate lines. For example, these: http://www.example.com would match: http://www.example.com/we%20are%20not%20real |
|
Web filter violations |
This alerts triggers if a single user is blocked according to the amounts in the settings over a 15 minute period. There are two thresholds that can be used - one sends out an alert worded as a Caution, the other as a Warning. This only affects the wording in the alert message. This alert can be useful in order to find systems and devices that are being blocked when sending out automatic requests, like software updates or others, that cause a lot of blocking to be registered for the IP or user. |
|
Global Proxy |
|
|