Alerts

Generally, Alerts exists to warn of system status anomalies like computers going offline or Rules being out of date, although there are some Alerts for the detection of fingerprinting scans and other security-related events. (For notifications of individual Intrusion Prevention and Firewall Events, consider setting up a Syslog server.)

The complete list of Alerts can be viewed by going to the Alerts page and clicking Configure Alerts... at the top-right of the page, or going to Administration > System Settings > Alerts and clicking View Alert Configuration....

The actions precipitated by each Alert can be configured by opening the Properties window for the Alert. Alerts can be turned on or off and their severity can be switched between Warning and Critical.

Alerts cannot be configured differently for individual Policies or computers. All configuration changes to an Alert's properties are global.

You may also want to configure which Users receive email Alerts. Go to Administration > Users, double-click an individual User, click the Contact Information tab, and select or de-select the Receive Email Alerts option.

There is also an option to specify a default email address to which all Alerts notifications will be sent in addition to the Users configured to receive them. This option is found on the Administration > System Settings > Alerts tab.

Make sure you have configured the SMTP settings on the Administration > System Settings > SMTP tab.

In cases where an Alert condition occurs multiple times on the same computer, the Alert will show the timestamp of the first occurrence of the condition. If the Alert is dismissed and the condition reoccurs, the timestamp of the first reoccurrence will be displayed.