Notification contacts | Trend Micro Service Central

Configure notification contacts to send messages to a recipient (either human or machine) in response to a traffic-related event that occurs on the device. The traffic-related event can be the result of triggering a filter configured with an action set that specifies a notification contact. A notification contact can be any of the following:

Remote System Log — Sends messages to a syslog server on your network. The syslog server uses the numbers you specify for the Alert Facility and the Block Facility to identify the message source.

After you configure this contact, verify that your device can reach the remote system log server on your network. If the remote system log server is on a different subnet than the management port, you might need to configure the routing. This is a default contact available in all action sets.

Note

To maintain backwards compatibility with the capabilities of existing remote syslog servers, the remote syslog sends clear text log messages using the UDP protocol with no additional security protections. Use remote syslog only on a secure, trusted network to prevent syslog messages from being intercepted, altered, or spoofed by a third party.

Management Console — Sends messages to the SMS. This default contact is available in all action sets. If you select this contact, messages are sent to the Alert or IPS Block Log, depending on whether a permit or block action has executed. This notification contact does not require any configuration, although you can change the default name and aggregation period.

Email or SNMP — Sends messages to the email address or specified SNMP. All email or SNMP contacts must be added from the Notification Contacts page.

To use email contacts, you must complete the Mail Server panel of the Configuration window for each device. If the default email server is not configured on the device, you are prompted to configure it before adding a contact. After you configure this option, verify that the email server is reachable from the device, that mail relaying is enabled, and that you use an acceptable account/domain.

Note

SNMP notification contacts require SNMPv2, and do not work when SNMPv2 is disabled. Before creating an Email or notification contact, you must configure Email and SMTP server settings on the device from the System → Email page.

The SMS limits the number of email alerts sent in a minute. By default, the SMS sends 10 email alerts per minute. On the first email alert, a one minute timer starts, counting the number of email alerts to send according to the configured limit. Email alerts beyond the limit in a minute are blocked. After one minute, the system resumes sending email alerts. If any email alerts were blocked during that minute, the system logs a message to the system log.

After configuring notification contacts, you can select them for events when you create or edit the action set assigned to the filter. You cannot delete the default Remote System Log and Management Console contacts. You cannot delete a Notification Contact if it is currently configured in another action set.