A SMTP action forwards event log messages via email. The email actions supports multiple formats, backup SMTP servers, SSL authentication, variables and more.
Sender Name
This value will appear as the sender name of the email (not the email address). This is usually the hostname of the computer. If you plan on replicating a SMTP action to multiple hosts then you can use the $HOSTNAME variable here. To learn more about variables click here.
Sender Email
The email address under which this email will be sent. If you are notifying people other than yourself then you should probably make sure that replies to emails sent from EventSentry arrive somewhere.
Recipients
A comma-separated list of the recipient's email addresses. The total length of all recipients (including the commas) can not exceed 512 characters. If any of the email addresses are rejected by the server then the email will not be sent and an error will be logged to the event log.
You can click the mobile phone icon next to the recipients field if you intend to send a text message to a mobile phone through an email gateway. Most mobile phone providers offer such gateways free of charge to the sender, even though standard text messaging rates usually apply to the recipient. The helper dialog creates the correct email address for you, if your provider is not listed then you will need to contact your provider to obtain the correct email address.
Please feel free to suggest additional mobile phone providers to our support team for inclusion in a future version of EventSentry.
As stated in the dialog, it is highly recommend that you apply threshold to any action that sends messages to a mobile / cell phone where per-message charges might apply. |
Subject
The subject of the email. The variables $LOG and $COUNT are supported. To learn more about variables click here.
Dynamic text in subject
If at least one event of the current email has been spooled by the agent because the SMTP server was temporarily unavailable, then the text [BACKUP] will be automatically added to the subject. If at least one event of the currently email is from an event log rescan (e.g. the event occurred while the agent was not running), then the text [RESCAN] will be automatically added to the subject.
If the action has a collector-side threshold configured and an email is the last email before the threshold is exceeded, then the subject will be modified to start with the text [THRESHOLD REACHED] to indicate that some emails may be suppressed.
(Primary) SMTP Server and Port
The host name or IP address of the SMTP server and the port on which the specified SMTP server listens for incoming requests. The port is set to 25 by default.
(Secondary) SMTP Server and Port
You can specify a secondary SMTP server (including port and authentication information) that will be contacted if the primary SMTP server is unavailable. EventSentry will always connect to the primary SMTP server before it will try the secondary SMTP server.
SMTP Authentication Username / Password
If your SMTP server requires authentication then specify username and password here. You can specify a username and password for both the primary and the secondary server.
Currently the clear text (AUTH LOGIN) and MD5 (CRAM MD-5) authentication protocols are supported.
TLS
Set this option to either TLS or TLS (verify) if the server that you are connecting to supports or requires a TLS connection. Setting this option to TLS (verify) will only connect to remote SMTP servers that have a valid TLS certificate, setting this option to TLS will accept any remote certificate, including self-signed ones.
Style
You can receive emails either as plain text, in HTML format or in miniature size.
Plain Text: Sends emails without any formatting.
HTML Email (Legacy & Modern): HTML emails can be sent in the legacy and the modern format. Legacy format is the original HTML format, the modern HTML format was introduced with version 3.0. When using the HTML (Legacy) option you can also configure the font and size used in the HTML emails, the default is Verdana at 11px.
HTML (Legacy) |
HTML (Modern) |
Emails sent in HTML format also include a plain text for non-html capable email clients.
Display & Delivery Options
It is possible to customize the content and look of email actions, including which event log properties are included in emails sent by EventSentry.
Header / Footer
You can optionally add a header and/or footer to every outgoing email using this notification. This feature is especially useful for service providers who wish to add additional information to emails sent to their customers. Both the header and footer may contain up to 1024 characters, with a maximum of 2048 after variable expansion.
High and Low Importance
Most email clients support importance flags that indicate the importance of an email. This feature is useful to immediately determine if an email sent by EventSentry is important or not.
High Importance: |
Emails will be sent with the high importance flag if at least one event log entry in the email is either an error or an audit failure. |
|
Low Importance: |
Emails will be sent with the low importance flag if an email contains only information or audit success messages. |
Flag Literal
Used in combination with the High and Low Importance flags. When Flag Literal is checked, an email will always be sent with either a high or low importance, regardless of the email content.
Max. number of events per email
By default EventSentry would include as many event records as scanned in an email (an email could contain 5+ event records if those occurred in a short amount of time). This option is particularly useful for cell phones where event records after the first one cannot be read. Set this option to unlimited to restore the default behaviour, otherwise to the maximum number of event records each email should contain.
Dial-Up Connection
You can select an existing RAS (including VPN) connection, and EventSentry will dial this connection prior to sending the email, if the SMTP server could not be contacted. The RAS connection will be hung up after sending the emails if the "Hangup After" option is checked.
You can paste the basic event properties from an email directly into the General Filter dialog to easily create an include/exclude filter based on an email you received.
Simple select the event in the email and copy it to the clipboard. Then, create a filter (or open an existing filter), click on any text field and press CTRL+V. The keyboard combination is necessary, a right-click & paste will not work. Click here for more information. |