Hi All, This is regarding sending email-alert from Server sensor for user-defined events based on syslog messages. In our setup, all Windows boxes are configured with syslog agents and these agents sent syslog messages to the Server Sensor.
Whenever a windows event like Deleting User Account is triggered, the server sensor sends a email alert. The mail message gives the source ip address as 127.0.0.1. We need to refer the syslog to know which windows machine triggered the alert. Currently ISS realsecure does not address this issue. A tcl script is written for sending the Email with proper host information and further this mail can be customized. The script and configuration information can be download from: http://www.paladion.net/atwork/iss_alert_mail.txt thanks & regards --ezhil A. Ezhilarasan CCSA, CISSP Paladion Networks Private Limited S 503, Manipal Center Bangalore, India
A. Ezhilarasan CCSA, CISSP
Security Consultant
Paladion Networks Pvt Ltd
S-503,Manipal Center
47, Dickenson Road, Bangalore - 560 042
Ph :5092108,5588698
Mobile: 98860 29895
Corporate Office:
E-217, Tower3
International Infotech Park
Vashi, Navi Mumbai - 400 703
Ph: 781 2446, 781 2456
Fax: 781 2140
This e-mail message may contain confidential or proprietary information. Do not use it if you are not the original intended recipient. As e-mail may be altered electronically, Paladion Networks cannot guarantee the integrity of this communication. Before opening any attachments please recheck them for viruses and defects."
