Policy Change, Administrative, Heartbeat, Audit Trail

Try the new way of adding alerts with TOS Monitoring.

The notifications you can configure include the following:

  • Policy Change Notifications provide real-time information on changes to monitored firewall policies, similar to the information provided in the New Revision report.

    Policy Change Notifications

    Policy Change Notifications can be sent in the following ways:

    • Send by SNMP Traps: SNMP Notifications are sent to the SNMP Server configured here:
      • SNMP Server: Configure the IP address of the SNMP server which SecureTrack should send Policy Change SNMP Traps to.
      • SNMP Community: Choose the SNMP Community string, which will be used in the Policy Change SNMP traps. The community string is often used as a method of easy identification and classification of different SNMP traps.
    • Send by syslog: Policy Change Notifications are sent to the server configured under Configuring Servers.
  • SecureTrack Administrative Alerts notify administrators of the following types of problems with the SecureTrack server or appliance:
    • License status
    • Device connectivity

    Administrative Alerts can be sent the following ways:

    • Send by syslog: Alerts are sent to the syslog server configured under Configuring Servers.
    • Send by email: Alerts are sent to the Recipients configured here (SecureTrack Administrators only), using the SMTP server configured under Configuring Servers.
  • SecureTrack Heartbeat: Periodically sent SNMP Notifications indicating the monitoring statuses of monitoring processes, for Check Point management servers only. To enable the SecureTrack Heartbeat, select Send periodic SNMP traps, and configure the following:

    • SNMP Server: The IP address of the SNMP server to which SecureTrack should send Hearbeat SNMP Traps.
    • SNMP Community: The SNMP Community string, which will be used in the Heartbeat SNMP traps. The community string is often used as a method of easy identification and classification of different SNMP traps.
    • Frequency: The Heartbeat SNMP trap frequency (in seconds).
  • SecureTrack Audit Trail: When you select Send by syslog, SecureTrack sends syslog messages to the configured syslog server with the username and time for the events listed in the audit trail.

The areas of SecureTrack that are audited are:

System Configuration

Device Monitoring, Analysis and Reporting
  • User authentication
  • Device management
  • License management
  • Plugin and domain management
  • System configuration
  • User management
  • Policy comparison
  • Revision and rules metadata
  • Topology management
  • Zone management
  • Automatic policy generator jobs
  • Report configuration and generation
  • Repository

Each action is listed with:

  • Date and time of the action
  • Username of the user that did the action
  • IP address of the host from which the action was done (automatic actions, such as scheduled reports, are listed without a user IP address)
  • Category or feature area that the action belongs to
  • Type of action, such as add, remove, modify, or generate report
  • Type of object and object name to which the action was done
  • Description of the action

How Do I Get Here?

Admin > Configuration > Notifications