Alerts

Domain Time II Audit Server can raise various alerts based on information collected during collection runs and from real-time data provided by Server and Client.

Configure Alerts
In order for Audit Server to provide alerts, you need to configure the alert thresholds and the type of alerts desired. Select Audit Server -> Alerts -> Configure from the Manager menu.

A machine’s time is off by or more milliseconds
and A machine’s clock has not been set for or more minutes
are used both to determine the threshold for raising an alert at the time of an audit collection run, and also for issuing Real-Time Alerts (see below).

An audited machine fails to respond for or more audits
is used only for raising an alert during an audit collection run.

Domain Time Server and Client version 5.1 or later can send Real-Time Alert data to Audit Server each time they synchronize their time. This data can be evaluated and used to raise an alert based on the thresholds you specified in the Post-Audit Alerts section above.

Each Server and Client must be configured to send Real-Time Alert Data to the Audit Server before alerts can be generated. This can be done by:

• Configuring the Audit Server Real-Time Alerts section of the Status Reports property page on the Server or Client Control Panel applet.
• Using Active Directory policies
• Selecting machines on the Details Pane of Manager's Real-Time Alerts category and right-clicking to choose Enable Real-Time Alerts from the context menu.

Real-Time Alerts appear in the Real-Time Alerts category of Domain Time Manager. Alerts persist until they are dismissed from Manager (by right-clicking the machine's name in the Real-Time Alerts display and choosing Reset Alert item from the context-menu. Real-Time Alerts will also be sent using email if configured. Machines still in alert status at the time of an audit run will also be summarized in Audit summary emails.

Click the Advanced button to set additional parameters for Real-Time Alerts on the Advanced Real-Time Alert Configuration dialog page:

Coalesce  Raise alert immediately Group alerts and send no more often than once every minutes

These selections allow you to group your alerts together to prevent being overwhelmed by immediate alerts, or to receive them as they occur.

Record Backlog  If Audit Server is busy or the service is stopped, an alert backlog can develop. In general, old real-time alerts aren't real-time any more, so Audit Server will ignore all but the most recent ones. Max backlog: records (range 1-10,000)

The Max backlog: setting controls how many older queued alerts should be displayed when a backlog occurs. You shouldn't have to adjust this value unless your server is extremely busy and real-time alerts are regularly being dropped in normal use. If you set this value too large, you may have stale data appearing when a machine is rebooted.

Alert Sharing  Audit Server can coordinate received alerts with other machines using IPv4 multicast. This allows centralized monitoring of multiple Audit Servers. Disable this option if you are not using centralized monitoring. Alert sharing enabled    Port (default port is 9910)

If this option is enabled, Real-Time Alerts collected and raised by one Audit Server will be reflected on other Audit Servers that are in the same multicast group listening on the selected port (the default is port 9910). This allows you to see all Real-Time Alerts from all Audit Servers using Domain Time Manager. If you are not using multiple Audit Servers, you may disable this option.

Choose your desired alert method in this section. You can also enable/disable these items directly on the Audit Server -> Alerts menu.

The SNMP alerts and Email items require additional configuration.

SNMP Configuration
Enter the SNMP community name and password used by your Network Management System (NMS), as well as its DNS name or IP address. Your community name and password must match the one in use by the receiving system.

Best Practices for SNMP include using a unique community name and hard-to-guess password on production systems. The default community public should only be used for initial testing. Although Domain Time only sends outgoing trap information and is therefore not susceptible to SNMP remote control vulnerabilities, you should still be mindful of SNMP security for the benefit of your other SNMP devices.

The Domain Time MIB File

Domain Time comes with a MIB file that you can use to compile on your SNMP monitoring system so that your traps are interpreted correctly. The MIB text file is generated when you click the button on the Server or Client Control Panel applet so you don't need to worry about locating it in some obscure installation folder or having online access.




Email Configuration
Click the button to configure your Email Settings.

You must configure these email settings before Audit Server can send notification emails.

Email Setup From and Format Selection   [Click for larger size]


Specify the From: email address that will appear on the notification emails. You can also specify the format and MIME part order of the emails:
• Plain Text
• Text part followed by HTML part
• HTML part followed by Text part

  Choose the format that provides the best compatibility with your email system.

 


Email Recipients List   [Click for larger size]


Use the To, CC, and BCC tabs to add the email addresses of your desired recipients.

 


Outgoing SMTP Server Settings   [Click for larger size]


Enter the server address and account login information required for Audit Server to send outgoing mail through your SMTP server.
Once you have entered all of the above information, click the Send Test Email button to generate a test email.

If your test email encounters any errors, you'll receive a pop-up window showing the entire SMTP conversation so you can easily troubleshoot the problem:

Send Test Email, Showing SMTP Error   [Click for larger size]




 


Email Queue Settings and Email Logs   [Click for larger size]


This page contains the settings for the email queue and email logs.
The Queue Folder: specifies the location of the folder where outgoing emails are queued. The email.log trace file is also kept in this folder.

Note: In most cases, you will not need to adjust this location. If you do decide to change the folder location, you must pick a location on a local disk (not a networked share) with sufficient permissions (Change) granted to the Audit Server service account so that it is able to manage the queues.

Use the SMTP Trace:  Disabled Errors Warnings Info Trace Debug drop-down list to select the level of detail you want to keep in the email.log trace file. In general, you should only enable the trace file if you are troubleshooting an email delivery issue. Otherwise, your email.log file may grow to an unmanageable size over time.

Use the Open or Browse buttons to open the queue folder and locate the email.log file, which is a plain text file you can open in any editor, such as Notepad.


IP Restrictions
Click the button to restrict which systems are allowed to contact Audit Server.

IP Restrictions dialog   [Click for larger size]

The IP Restrictions dialog applies to both machines sending Real-Time Alerts and also which machines are available to be Auto-added to the Audit List.

You can both permit and deny access from IP ranges. To restrict a single IP address, enter the same IP address for both the First and Last range items.

 

 Proceed to the Data Collection page
 Back to the Configure Audits page