System configuration

 

Replacement messages

 

 

 

 

 

Table 17: Alert email message sections

 

 

 

 

 

 

NIDS event

Used for NIDS event alert email messages

 

 

 

 

 

Section Start

<**NIDS_EVENT**>

 

 

 

 

 

 

Allowed Tags

%%NIDS_EVENT%%

The NIDS attack message.

 

 

 

 

 

Section End

<**/NIDS_EVENT**>

 

 

 

 

 

 

 

 

 

Virus alert

Used for virus alert email messages

 

 

 

 

 

Section Start

<**VIRUS_ALERT**>

 

 

 

 

 

 

Allowed Tags

%%VIRUS%%

The name of the virus.

 

 

 

 

 

 

%%PROTOCOL%%

The service for which the virus was detected.

 

 

 

 

 

 

%%SOURCE_IP%%

The IP address from which the virus was received.

 

 

 

For email this is the IP address of the email server

 

 

 

that sent the email containing the virus. For HTTP

 

 

 

this is the IP address of web page that sent the

 

 

 

virus.

 

 

 

 

 

 

%%DEST_IP%%

The IP address of the computer that would have

 

 

 

received the virus. For POP3 this is the IP address

 

 

 

of the user’s computer that attempted to download

 

 

 

the email containing the virus.

 

 

 

 

 

 

%%EMAIL_FROM%%

The email address of the sender of the message in

 

 

 

which the virus was found.

 

 

 

 

 

 

%%EMAIL_TO%%

The email address of the intended receiver of the

 

 

 

message in which the virus was found.

 

 

 

 

 

Section End

<**/VIRUS_ALERT**>

 

 

 

 

 

 

 

 

Block alert

Used for file block alert email messages

 

 

 

 

 

Section Start

<**BLOCK_ALERT**>

 

 

 

 

 

 

Allowed Tags

%%FILE%%

The name of the file that was blocked.

 

 

 

 

 

 

%%PROTOCOL%%

The service for which the file was blocked.

 

 

 

 

 

 

%%SOURCE_IP%%

The IP address from which the block file was

 

 

 

received. For email this is the IP address of the

 

 

 

email server that sent the email containing the

 

 

 

blocked file. For HTTP this is the IP address of

 

 

 

web page that sent the blocked file.

 

 

 

 

 

 

%%DEST_IP%%

The IP address of the computer that would have

 

 

 

received the blocked file. For email this is the IP

 

 

 

address of the user’s computer that attempted to

 

 

 

download the message from which the file ware

 

 

 

removed.

 

 

 

 

 

 

%%EMAIL_FROM%%

The email address of the sender of the message

 

 

 

from which the file was removed.

 

 

 

 

 

 

%%EMAIL_TO%%

The email address of the intended receiver of the

 

 

 

message from which the file was removed.

 

 

 

 

 

Section End

<**/BLOCK_ALERT**>

 

 

 

 

 

FortiGate-50A Installation and Configuration Guide

135

Page 135
Image 135
Fortinet 50A user manual 135, Nids event