Overview
Kerio Control can send alerts to predefined email addresses when a condition you have defined matches the text in a particular log; this is helpful when you want to monitor specific behaviors on your system (see the image below), e.g., high severity IPS events, VPN client connected, login guessing attempt, etc.
This article provides the steps required to configure logging message alerts in Kerio Control.
Process
- In Kerio Control's administration interface, navigate to Accounting and Monitoring > Alert Settings.
- Click on Add.
- In the Add Alert window, select Log message and click OK. The Log Message Alert window appears.
- In the Log Message Alert window, type a name for the alert. The name appears in the subject line of the email message the alert sends.
- From the Log drop-down, select the log type as you see fit. In this example, Security was used.
- In the Condition field, type the text string you want Kerio Control to search for. Kerio Control compares the string to the text in the log, and when a match is found, it sends the alert to the designated email address.
- Check the Use regular expression box if the string in the Condition field is a regular expression. Kerio Control uses Perl's regular expression syntax. For the complete specification, refer to Perl Regular Expression Syntax.
- Set a time interval for the alert.
Note: Some events in Kerio Control happen very often. Limit the interval to once per hour or per day to avoid getting too many messages in your mailbox.
- Click OK.
Confirmation
Kerio Control now sends the alert whenever the condition matches the text string you defined in the Log Message Alert.
Examples of Log Alerts
'VPN client connected' using regular expressions.
Login guessing attempt