Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ntsolution
Explorer

Custom Mail alert

Hi, we want to get mail alert : 

HeaderDateHour: 25Sep2019 11:04:47;
ContentVersion: 5;
HighLevelLogKey: 6192227919086323757;
Uuid: {0x5d8b1f9f,0x6,0xd2f190a,0xc0000001};
SequenceNum: 68;
Action: drop;
Origin: fw1;
IfDir: >;
InterfaceName: bond1.600;
Alert: mail;

and etc.

but we have: 

HeaderDateHour: 25Sep2019 11:04:47; ContentVersion: 5; HighLevelLogKey: 6192227919086323757; Uuid: {0x5d8b1f9f,0x6,0xd2f190a,0xc0000001}; SequenceNum: 68; Action: drop; Origin: fw1; IfDir: >; InterfaceName: bond1.600; Alert: mail; OriginSicName: CN=fw1,O=srv-fwmgt-01.kfim.int.qaps4b; OriginSicName: CN=fw1,O=srv-fwmgt-01.kfim.int.qaps4b; HighLevelLogKey: 6192227919086323757; inzone: Internal; outzone: External; service_id: https; src: ******; dst: **********; proto: tcp; xlatesrc: fw-cluster; xlatedst: ; NAT_rulenum: 39; NAT_addtnl_rulenum: 1; UserCheck_incident_uid: A35E45FE-7E0B-1761-BA71-151F0654E3EF; user: Efimov-t (Efimov-t)(+)********** (V.Efimov)(+); src_user_name: Efimov-t (Efimov-t)(+)*******(V.Efimov)(+); src_machine_name: ws091@kfim.int; src_user_dn: CN=Efimov-t,OU=Admins,OU=Special Users,DC=kfim,DC=int(+)CN=V.Efimov,OU=Spb-users,OU=User Departments,DC=kfim,DC=int(+); snid: ; dst_user_name: ; dst_machine_name: ; dst_user_dn: ; UP_match_table: TAB E_START; ROW_START: 0; match_id: 178; layer_uuid: a26ede25-151d-4e2f-a863-ebea21a98bfd; layer_name: Network; rule_uid: 41195f98-14b7-4b3e-b582-726db64e9333; rule_name: Users_HTTP_HTTPS; action: 2; parent_rule: 0; ROW_END: 0; ROW_START: 1; match_id: 16777234; layer_uuid: 91658237-8cf4-45ab-8726-bad986646bb7; layer_name: Application; rule_uid: 894cc470-c30c-4d83-b12b-f66866da1219; rule_name: Teamviewer_Block; action: 0; parent_rule: 0; ROW_END: 1; UP_match_table: TABLE_END; context_num: 1; ProductName: VPN-1 & FireWall-1; svc: https; sport_svc: 30570; xlatedport_svc: ; xlatesport_svc: 37809; ProductFamily: Network;

 

what we should use in Run mail alert script ? thank you

0 Kudos
3 Replies
Danny
Champion Champion
Champion

So you already get a mail alert and you want the formatting to be more readable, right?
0 Kudos
Ntsolution
Explorer

Yea, i want to get more informative mail, for example:
HeaderDateHour: 25Sep2019 11:04:47;
ContentVersion: 5;
HighLevelLogKey: 6192227919086323757;
Uuid: {0x5d8b1f9f,0x6,0xd2f190a,0xc0000001};
SequenceNum: 68;
Action: drop;
Origin: fw1;
IfDir: >;
InterfaceName: bond1.600;
Alert: mail;

I have scripts: internal_sendmail -s 'Alert Checkpoint' -t ,,,,,,,,,,,,, -f ,,,,,,,@tkbip.ru ,,,,,,,,,@tkbip.ru

 

 


Now i geting:
HeaderDateHour: 25Sep2019 11:04:47; ContentVersion: 5; HighLevelLogKey: 6192227919086323757; Uuid: {0x5d8b1f9f,0x6,0xd2f190a,0xc0000001}; SequenceNum: 68; Action: drop; Origin: fw1; IfDir: >; InterfaceName: bond1.600; Alert: mail; OriginSicName: CN=fw1,O=srv-fwmgt-01.kfim.int.qaps4b; OriginSicName: CN=fw1,O=srv-fwmgt-01.kfim.int.qaps4b; HighLevelLogKey: 6192227919086323757; inzone: Internal; outzone: External; service_id: https; src: 10.26.10.8; dst: 17.248.150.112; proto: tcp; xlatesrc: fw-cluster; xlatedst: ; NAT_rulenum: 39; NAT_addtnl_rulenum: 1; UserCheck_incident_uid: A35E45FE-7E0B-1761-BA71-151F0654E3EF; user: Efimov-t (Efimov-t)(+)Валентин Ефимов (V.Efimov)(+); src_user_name: Efimov-t (Efimov-t)(+)Валентин Ефимов (V.Efimov)(+); src_machine_name: ws091@kfim.int; src_user_dn: CN=Efimov-t,OU=Admins,OU=Special Users,DC=kfim,DC=int(+)CN=V.Efimov,OU=Spb-users,OU=User Departments,DC=kfim,DC=int(+); snid: ; dst_user_name: ; dst_machine_name: ; dst_user_dn: ; UP_match_table: TAB E_START; ROW_START: 0; match_id: 178; layer_uuid: a26ede25-151d-4e2f-a863-ebea21a98bfd; layer_name: Network; rule_uid: 41195f98-14b7-4b3e-b582-726db64e9333; rule_name: Users_HTTP_HTTPS; action: 2; parent_rule: 0; ROW_END: 0; ROW_START: 1; match_id: 16777234; layer_uuid: 91658237-8cf4-45ab-8726-bad986646bb7; layer_name: Application; rule_uid: 894cc470-c30c-4d83-b12b-f66866da1219; rule_name: Teamviewer_Block; action: 0; parent_rule: 0; ROW_END: 1; UP_match_table: TABLE_END; context_num: 1; ProductName: VPN-1 & FireWall-1; svc: https; sport_svc: 30570; xlatedport_svc: ; xlatesport_svc: 37809; ProductFamily: Network;

0 Kudos
Timothy_Hall
Champion
Champion

A UserDefined alert executed on the SMS in whatever scripting language your SMS supports should do the trick.  Your custom script can parse and format the original log data the way you want, then invoke sendmail to send the formatted output in an email.  UserDefined alerts are set up in the SmartConsole under Global Properties...Log & Alert...Alerts.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events