Installation manual
65
not clean at least one infiltration and that client has not been disconnected for more than one week; the rule runs ASAP.
Completed task – If there was a task completed on a client; the rule runs ASAP.
New primary clients – If a new client has connected to the server; the rule runs ASAP.
New replicated clients – If there is a new replicated client in the list of clients; the rule runs after one hour.
Possible virus outbreak - If the frequency of Threat log entries on a client has exceeded 1000 critical warnings in one
hour on at least 10% of all clients.
Possible network attack – If the frequency of ESET Personal firewall log entries on a client has exceeded 1000 critical
warnings in one hour on at least 10% of all clients.
Server updated – If the server has been updated
Server not updated – If the server has not been updated for more than five days; the rule runs ASAP.
Error in server text log – If the server log contains an error entry.
License expiration – If the current license will expire within 20 days and after expiration, the maximum number of client
slots will be lower than the current number of clients; the rule runs ASAP.
License limit – If the number of free client slots decreases under 10% of all client slots available.
If not stated otherwise, all rules are run and repeated after 24 hours and are applied to the primary server and primary
clients.
5.4.1.1 Notifications via SNMP Trap
SNMP (Simple Network Management protocol) is a simple and wide spread management protocol suitable for monitoring
and identifying network problems. One of the operations of this protocol is TRAP, which sends specific data. In ERA, we
use TRAP to send notification messages.
In order for the TRAP tool to run effectively, the SNMP protocol must be correctly installed and configured on the same
computer as ERAS (Start > Control Panel > Add or Remove programs > Add/Remove Windows Components). The
SNMP service should be configured as described in this article: http://support.microsoft.com/kb/315154. In ERAS, you
need to activate an SNMP notification rule.
Notifications can be viewed in the SNMP manager, which must be connected to an SNMP server where the configuration
file eset_ras.mib is imported. The file is a standard component of an ERA install, and is usually located in the folder C:
\Program Files\ESET\ESET Remote Administrator\Server\snmp\.
5.4.2 Rule creation
The following steps demonstrate how to create a rule that will send email notification to the administrator if there is
a problem with the Protection Status of any client workstations. The notification will also be saved to a file named log.txt.
1)
Set the Trigger type drop-down menu to Client State.
2)
Leave the options Priority, Activation after: and Repeat after every: at the predefined values. The rule will
automatically be assigned priority 3 and will be activated after 24 hours.
3)
In the Description field, type protection status notification for HQ clients
4)
Click Edit… in the Client filter section and only activate the ERA Groups IN section rule condition. In the lower part of
this window click the link specify and type HQ in the new window. Click Add and then click OK (twice) to confirm. This
designates that the rule is only applied to clients from the HQ group.
5)
Further specify parameters for the rule in Parameters > Edit… Deselect all options except for Protection Status Any
Warnings.
6)
Proceed to the Action section and click the Edit… button. In the Action window, activate Email, specify recipients (
To…) and Subject for the email. Then select the Log to file check box and enter the name and path of the log file to be
created. As an option, you can select the Verbosity of the log file. Click OK to save the action.
7)
Finally, use the Message text area to specify the verbiage that will be sent in the body of the email when the rule is
activated. Example: “The client %CLIENT_LIST% reports protection status problem”.
8)
Click Save as… to name the rule, e.g., ”protection status problems” and select the rule in the list of notification rules.
The finished rule should resemble the Figure below: