Mail Notification for Ethernet Filter Log Generation

Summary

When the Ethernet filter outputs a filter log, a mail notification is sent out to the designated mail address to notify the content of the filter.

Notes

Compatible Models & Firmware Revisions

Model Revision
RTX5000 Rev.14.00.15 or later
FWX120 Rev.11.03.16 or later
RTX810 Rev.11.01.15 or later

Details

Mail notification target

In order to use the mail notification for Ethernet filter log generation, you need to configure the router with the "ethernet filter" and "ethernet I/F filter" commands.
When you specify "pass-log" or "reject(reject-log)" in the Ethernet filter function, a filter log is generated.
Mail notification is triggered when the interface and the direction of the filter from which the log is generated match the condition specified by the "mail notify trigger filter ethernet" command.

Interfaces that can be specified using a command

You can only specify the LAN interfaces using the "mail notify trigger filter ethernet" command.
You cannot specify a duplicated interface + direction for a single command.

Trigger detection

The content of filter detected after the first trigger is detected and before the time specified by the "notify-wait-time" option of the "mail template" command is sent out collectively in a single mail.
In addition, if other triggers with the same template ID specified by the "mail notify trigger filter ethernet" command occur before the wait time specified by the "mail template" command ("notify-wait-time" option), all triggers detected during the period are notified in a single mail.

Command

Refer to the Command Reference for "Triggered Mail Notification Function".

Settings Examples

Configure the Ethernet filter using "DHCP Authentication" as a reference.
Here, you configure the mail server, mail template, and triggers.
After the configuration is completed, a mail notification is sent out when a filter log is generated by the Ethernet filter.

ethernet filter 1 pass-nolog 00:a0:de:01:02:03
ethernet filter 100 reject-log *
ethernet lan1 filter in 1 100
mail server name 1 (Server name)
mail server smtp 1 (SMTP server address)
mail template 1 1 From:(Sender's mail address) To:(Destination mail address) Subject:(Mail subject) 
mail notify 1 1 trigger filter ethernet lan1 in


Example)
Model:FWX120
Revision:  Rev.11.03.16
Time:  2016/11/25 13:35:40
Template ID:  1

                         Filter Number   Action   Interface      Packet Type
ID   Time                (Source MAC Address -> Destination MAC Address)
----------------------------------------------------------------------------
0001 2016/11/25 13:34:19 ethernet 100     reject  lan1   in    ARP
                         (00:a0:de:01:23:45 -> 00:a0:de:67:89:01)

Return to Top