Configuring the Firewall Violation Outbreak Criteria and Notifications Parent topic

Procedure

  1. Navigate to NotificationsAdministrator NotificationsOutbreak Notifications.
  2. In the Criteria tab:
    1. Go to the Firewall Violations section.
    2. Select Monitor firewall violations on networked computers.
    3. Specify the number of IDS logs, firewall logs, and network virus logs.
    4. Specify the detection period.
    Tip
    Tip
    Trend Micro recommends accepting the default values in this screen.
    OfficeScan sends a notification message when the number of logs is exceeded. For example, if you specify 100 IDS logs, 100 firewall logs, 100 network virus logs, and a time period of 3 hours, OfficeScan sends the notification when the server receives 301 logs within a 3-hour period.
  3. In the Email tab:
    1. Go to the Firewall Violation Outbreaks section.
    2. Select Enable notification via email.
    3. Specify the email recipients.
    4. Accept or modify the default email subject and message. You can use token variables to represent data in the Subject and Message fields.

      Token Variables for Firewall Violation Outbreak Notifications

      Variable
      Description
      %A
      Log type exceeded
      %C
      Number of firewall violation logs
      %T
      Time period when firewall violation logs accumulated
  4. Click Save.