When in doubt, change the name of the sender in the notifications library so that instead of "Whatsup@<domain name here>" you input "Live_WUG_Alert@<domain name here>" or something as meaningful and periodically change it to see if it's the mail system re-sending the same alert or something else outside the WUG system. The only drawback will be if the mail system requires the user name to be a known e-mail name in it's dB before sending it out (prevents mail spoofing). If the alert name changes in the e-mail alerts, it's most likely your WUG configuration that's sending the alerts and not a replay attack taking place.
------------------------------------------------------------ Bryan Harrell, SPII Network Transport & Administration - Tallahassee Fla. Dept of Revenue (850)-921-0700 S/C 291-0700 ------------------------------------------------------------ >>> [EMAIL PROTECTED] 06/16/2004 6:15:40 PM >>> There are a few things you can check here: 1) Double check that the device is not duplicated somewhere, perhaps on another map. Duplication would be a way of monitoring something even after you think you've turned off monitoring. 2) Alerts get queued. An alert thats already in the queue will still get delivered even after removing the condition that generated it. Check Monitor -> Alerts. Is the option "Clear on all maps" greyed out? If it's NOT then there are queued alerts. Try clearing them. Have your debug log open as you do this and you'll see how many were cleared. 3) If you clear the queue and still get alerts then that takes you back to 1) above.. needing to find out from which device the alerts are being generated. Look at your activity log. When the alert is fired you will see a line that looks like this: 20040311 145627 Alert successful process N:Workstationx F:768 A:SMTPMail/Default ..where "Workstationx" is the Displayname of the device that generated the alert. Now go the the Notifications view for your map. Sort by "Device" (which is Displayname) and you will find the device that generated the alert. If there's nothing that corresponds then the alert did not come from this map.. rinse and repeat on your other maps until you find the culprit(s). Mark Symons Ipswitch,Inc Augusta GA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ryan Rodden Sent: Wednesday, June 16, 2004 10:57 To: whatsup forum Subject: [WhatsUp Forum] [whatsup forum] false alerts Hi I am using version 7.04 and it is really performing poorly. I was monitoring a few services on a device, with alerts set to notify. The notifications became too frequent, so I turned them off for the services only, leaving them running for only icmp. Even after removing all alerts for services, this stupid thing keeps sending me notifications, day after day, and no matter what I reconfigure, they are still being sent. I even changed the address they are sent from and they are still coming. The problem is that I do not have (myself) control of my mail server, and I do not know if it is whatsup sending these bogus alerts, or my mail server (or operator) doing replay attacks. A side from sniffing every packet coming out of my whatsup server, how can I debug this? Has anyone else ever experienced this? Spanks a lot! Ryan Rodden Packetworks Inc www.packetworks.net [EMAIL PROTECTED] (519) 579-4507 main office M-F 8-5 Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
