This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Is there a way to force the clients to notify Policy Manager that a virus has been detected which in turn emails a recipient rather than it taking place on a client? At the moment the clients notify a recipient which isn't great so am looking for solutions to this issue.
I thought that this was in the pipeline but haven't seen any documentation on this.
FPMC -version 12
Workstations - version 11.50-60
Any feedback would be great.
I sorted this out in the end and was down to some firewall rules that were set up.
Thanks for your help with this.
There are two ways to avoid sending email alerts from client:
1) Configure report scheduling in Policy Manager Web Reporting.
2) Configure forwarding alerts to syslog (PMC > Tools > Server configuration > Syslog) and then set up email notification for chosen syslog events.
Thanks for your reply. I think the second option is best for us and am testing now.
The problem is that I can't generate any logs on the syslog server. I have tried the following
- Referenced the syslog server by name and IP (PMC > Tools > Server configuration > Syslog)
-Changed the potocol type (PMC > Tools > Server configuration > Syslog)
- Disabled firewalls
- Used multiple alerts to determine if alerting is working at all (Policy Domain > Settings > Alert Forwarding)
- Have tested on two syslog servers and can't generate any logging for FPMC.
Is there anything else I could try?
First, only new alerts are forwarded to syslog, so please ensure that alerts were received by PM from client after you configured forwarding to syslog.
Second, could you please ensure that other apps are able to send alerts to syslog from the same machine to exclude connectivity issues?
Using email as a delivery channel is not provident when we are speaking about thousands of alerts potentially arriving to PMS. That is why syslog or SIEM integration is preferred option as you can use them not only for accumulating but also creating business rules for notifying administrator in emergent situations.
I'm testing the process by using the F-secure EICAR_Test_File script so can make changes and then test.
I'm still not having any luck with the syslog and have tested another application to generated the logs which worked. To confirm, the syslog is generated by the FPMC server and not the client. Is it worth installing the syslog server directly on the FPMC server? Is this supported by F-Secure?