Top
ServerView Resource Orchestrator V3.4.0 Automatic Quarantining Function User's Guide
FUJITSU Software
Chapter 2 Implementing the Automatic Quarantining Function > 2.7 Procedure for Configuring Email Notification to the Administrator
PreviousNext

2.7 Procedure for Configuring Email Notification to the Administrator

This section explains the procedure for configuring email notification to the administrator.

When a malware infection is detected, it is possible to notify the tenant administrator of the relevant machine, after executing a pre-defined action.

In addition, when "none" is set for the action, a link for performing actions will be included in the body of the notification email. By clicking the link it is possible to select actions such as quarantine, reboot, quarantine and reboot. After the action is executed, another email notifying the administrator of the results will be sent.

However, this function is disabled by default. When using this function, enable it using the following procedure.

Procedure

Perform the following procedure on the Resource Orchestrator manager.

  1. Register the connection information for the SMTP server.

    Execute the following command using the Resource Orchestrator manager.

    > mailnotice register -name name -ip ipaddress -from from_address [-port port]
  2. Enable the email notification function.

    Execute the following command.

    > mailnotice enable
  3. Set the email address of the tenant administrator.
    For a new tenant
    [Virtual Edition]
    1. Create an XML definition file containing the information of the email address of the administrator.
    2. Execute the following command, and create the tenant. 
      > rcxadm tenant create -file file.xml [-nowait]
    [Cloud Edition]

    Refer to "11.3 Creating a Tenant" in the "User's Guide for Infrastructure Administrators".

    For an existing tenant
    [Virtual Edition]

    Execute the following command, and add the email address of the administrator to the tenant information.

    > rcxadm tenant modify -name name -mail mail_address
    [Cloud Edition]

    Refer to "11.4 Modifying a Tenant" in the "User's Guide for Infrastructure Administrators".

  4. Check that the email notification function has been enabled. Check that "Notice: enable" is contained in the output results for the command. 
    > mailnotice info

    Output Example

    > Notice: enable 
> Name: smtpsv 
> IP address: 192.168.100.21 
> Port: 25 
> From address: alert@ror.com

See

For details on the commands, refer to "4.10 mailnotice" and "4.4 rcxadm tenant".

The number of times email notification is sent when each action is selected is as shown below.

Actions Number of Times Notification is Sent Before the Action Number of Times Notification is Sent After the Action Total
quarantine No notification 1 time 1 time
reboot No notification 1 time 1 time
quarantine_reboot (*1) No notification 2 times 2 times
none (*2) quarantine 1 time 1 time 2 times
reboot 1 time 1 time 2 times
quarantine_reboot (*1) 1 time 2 times 3 times
none 1 time No notification 1 time

*1: When the action is "quarantine_reboot", email notification will be given two times, "quarantine_reboot (quarantine)" and "quarantine_reboot (reboot)".

*2: When the action is "none", the administrator will select the response pattern.

Note

The Email Notification function cannot be used for virtual PCs that do not belong to tenants.

If "none" is specified for the action to execute when a malware infection is detected, as email notification will not be sent, it will be necessary to perform corrective action manually.

Use this function after assigning the virtual PCs for which "none" will be set as the action to a tenant.

PreviousNext
Copyright 2017-2020 FUJITSU LIMITED