On This Page
Configuring Servers (SMTP, SIM/SIEM, Syslog)
Overview
For SecureTrack to send email and syslog notifications, you must configure the server information.
The email, Syslog and SNMP settings are used for Policy Change notifications, scheduled reports performance alerts and real-time Organizational Policy Audit messages.
This page is available only to Administrators.
Notifications and Severity
General Syslog Format
Note that the Facility user is always 1. The severity will vary according to the actual notification.
Generic Format
Facility user (1), Severity info (X)
Msg: MMM DD HH:mm:ss <message content>
Example
Facility user (1), Severity info (X)
Msg: May 22 16:23:17 tufinos SecureTrack: Logout was done by admin., Additional Info: timestamp:2024.05.22 16:23:16 IDT
Policy Change Notifications
All of these notifications are severity 5.
New Revision Saved
Syslog Main Body Format
revision <revisionID> on <DeviceName> by <AdministratorName>
Example
revision 166 on FW1-Northwest by Daniel Zimer
New Revision Installed
Syslog Main Body Format
revision <revisionID> on <DeviceName> by <AdministratorName>
Example
revision 166 on FW1-Northwest by Daniel Zimer
New Revision Fetched by Automatic Polling
Syslog Main Body Format
revision <revisionID> on <DeviceName>
Example
revision 8 on Cisco_2801
New Revision Violates Compliance Policy
Syslog Main Body Format
Compliance policy <Compliance policy name>
is violated by revision xxx
, for policy package yyy
, device zzz
. Changed by <admin>
.
Example
Compliance policy ‘Unauthorized access to internal LAN’ is violated by revision ‘17’, for policy package ‘Standard’, device ‘Check Point perimeter’. Changed by ‘Alex’.
SecureTrack Administrative Alerts
List of alerts sent by the SecureTrack as part of administrative alerts. The severity will vary according to the actual notification.
-
License status
-
Device connectivity
SecureTrack Audit Trail
All of these notifications are severity 6.
A list categories and actions is available in the SecureTrack user interface: Settings > Administrator > Audit trail
Examples:
Failed login: Dec 15 11:04:31 TufinOS.tufin.com SecureTrack: Failed login was done by asdasadsadsdsa., Additional Info: timestamp:2015.12.15 11:02:32 EET
Device was stopped: Dec 15 11:18:31 TufinOS.tufin.com SecureTrack: Stop was done by admin on device test2, Additional Info: timestamp:2015.12.15 11:17:27 EET
What Can I Do Here?
Configure a Mail Server for SecureTrack
-
Go to Admin > Notifications.
-
Enter SMTP information for:
-
SMTP Server: SecureTrack can send email notifications and alerts directly (using its SMTP engine), or act as an email client, and send emails to an organizational SMTP server. To send emails to an SMTP server, configure its IP address in this option. The default setting for the SMTP Mail Server is localhost, which sends emails directly.
-
SMTP Port: The port used by your SMTP server.
-
Source Email Address: Email address chosen by SecureTrack in the SMTP email messages sent (for example: [email protected]). This can be used for easy identifications of email messages coming from SecureTrack.
-
SMTP server requires authentication: Select this if your SMTP server requires authentication for sending email, and type the username and password that will be used by SecureTrack to communicate with the SMTP server.
-
Enable SMTP over SSL: Select if your SMTP requires certificate encryption when sending and receiving emails. If you require encryption then select to trust all certificates or list specified certificates.
The option Trust only the certificate below. For non-TufinOS users, this option requires PHP version 5.6 or above.
-
-
Click Save.
Configure a DNS or IP Address
The DNS or IP address is used by SecureTrack in URLs that appear in email notifications and reports.
-
Go to Admin > Notifications.
-
In SecureTrack Server Name area, enter the DNS or IP address for the SecureTrack server
-
Click Save.
Configure SecureTrack to Send Alerts to a Syslog Server
Send Syslog alerts to a syslog server, if enabled under Notifications. Note that these alerts are sent unencrypted.
-
Go to Admin > Notifications.
-
In the Syslog Server area, enter the DNS or IP address for the Syslog server
-
Click Save.
How Do I Get Here?
In SecureTrack, go to: Admin > Notifications