Configuring Servers (SMTP, SIM/SIEM, Syslog)

Overview

For SecureTrack to send email and syslog notifications, you must configure the server information.

The email, Syslog and SNMP settings are used for Policy Change notifications, scheduled reports performance alerts and real-time Organizational Policy Audit messages.

This page is available only to Administrators.

Notifications and Severity

General Syslog Format

Note that the Facility user is always 1. The severity will vary according to the actual notification.

Generic Format

Facility user (1), Severity info (X)

Msg: MMM DD HH:mm:ss <message content>

Example

Facility user (1), Severity info (X)

Msg: May 22 16:23:17 tufinos SecureTrack: Logout was done by admin., Additional Info: timestamp:2024.05.22 16:23:16 IDT

Policy Change Notifications

All of these notifications are severity 5.

New Revision Saved

Also available using SNMP Trap.
Syslog Main Body Format

revision <revisionID> on <DeviceName> by <AdministratorName>

Example

revision 166 on FW1-Northwest by Daniel Zimer

New Revision Installed

Also available using SNMP Trap.
Syslog Main Body Format

revision <revisionID> on <DeviceName> by <AdministratorName>

Example

revision 166 on FW1-Northwest by Daniel Zimer

New Revision Fetched by Automatic Polling

Also available using SNMP Trap.
Syslog Main Body Format

revision <revisionID> on <DeviceName>

Example

revision 8 on Cisco_2801

New Revision Violates Compliance Policy

Syslog Main Body Format

Compliance policy <Compliance policy name> is violated by revision xxx, for policy package yyy, device zzz. Changed by <admin>.

Example

Compliance policy ‘Unauthorized access to internal LAN’ is violated by revision ‘17’, for policy package ‘Standard’, device ‘Check Point perimeter’. Changed by ‘Alex’.

SecureTrack Administrative Alerts

List of alerts sent by the SecureTrack as part of administrative alerts. The severity will vary according to the actual notification.

  • License status

  • Device connectivity

SecureTrack Audit Trail

All of these notifications are severity 6.

A list categories and actions is available in the SecureTrack user interface: Settings > Administrator > Audit trail

Examples:

Failed login: Dec 15 11:04:31 TufinOS.tufin.com SecureTrack: Failed login was done by asdasadsadsdsa., Additional Info: timestamp:2015.12.15 11:02:32 EET

Device was stopped: Dec 15 11:18:31 TufinOS.tufin.com SecureTrack: Stop was done by admin on device test2, Additional Info: timestamp:2015.12.15 11:17:27 EET

What Can I Do Here?

Configure a Mail Server for SecureTrack

  1. Go to Admin > Notifications.

  2. Enter SMTP information for:

    • SMTP Server: SecureTrack can send email notifications and alerts directly (using its SMTP engine), or act as an email client, and send emails to an organizational SMTP server. To send emails to an SMTP server, configure its IP address in this option. The default setting for the SMTP Mail Server is localhost, which sends emails directly.

    • SMTP Port: The port used by your SMTP server.

    • Source Email Address: Email address chosen by SecureTrack in the SMTP email messages sent (for example: [email protected]). This can be used for easy identifications of email messages coming from SecureTrack.

    • SMTP server requires authentication: Select this if your SMTP server requires authentication for sending email, and type the username and password that will be used by SecureTrack to communicate with the SMTP server.

    • Enable SMTP over SSL: Select if your SMTP requires certificate encryption when sending and receiving emails. If you require encryption then select to trust all certificates or list specified certificates.

      The option Trust only the certificate below. For non-TufinOS users, this option requires PHP version 5.6 or above.

  3. Click Save.

Configure a DNS or IP Address

The DNS or IP address is used by SecureTrack in URLs that appear in email notifications and reports.

  1. Go to Admin > Notifications.

  2. In SecureTrack Server Name area, enter the DNS or IP address for the SecureTrack server

  3. Click Save.

Configure SecureTrack to Send Alerts to a Syslog Server

Send Syslog alerts to a syslog server, if enabled under Notifications. Note that these alerts are sent unencrypted.

  1. Go to Admin > Notifications.

  2. In the Syslog Server area, enter the DNS or IP address for the Syslog server

  3. Click Save.

How Do I Get Here?

In SecureTrack, go to: Admin > Notifications