Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 6158 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos RED Box - Modify preferences to reduce excessive email notifications 'site is down' 'site is back up again' etc

Nick Thomson

Hi Sophos Community

 

First time poster so please be nice. We run UTM version 9.406-3. Does anyone know how to adjust the threshold of the Sophos Red 'site is offline' alerts? We have a few sites that run on bumpy 3G connections so they drop offline for less than 30 seconds before coming back up again within the same 60 seconds. This happens multiple times day for multiple sites so we are slammed with email alerts. Ideally I'd like to set a rule that if the RED box is offline for 1 minute then email an alert to us. I found this post,

 

https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/34226/carpet-bombed-with-email-alerts

 

Where someone by the name of Barry suggests to go into the 'limit notifications' section to change this but I cannot find this setting. Any help would be greatly appreciated. An example of the email alert we receive is below if that helps,

****************

RED connection 'reds4 (Remote Site 6)' is down.

--

System Uptime      : 19 days 14 hours 22 minutes

System Load        : 1.63

System Version     : Sophos UTM 9.406-3

****************

 Please refer to the manual for detailed instructions.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Nick,

    Welcome to Sophos Community.

    According to Barry, the limit notification settings can be found in Management> notification> Global.

    Limit notifications: Some security-relevant events such as detected intrusion attempts will create a lot of notifications, which may quickly clog the notification recipients' email inboxes. For this reason, Sophos UTM has sensible default values to limit the number of notifications sent per hour. If you disable this option, every security-relevant event will create a notification, provided the event is configured so as to send a notification on the Management > Notifications > Notifications tab.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin

     

    Thanks for your reply. We already have the limit notification settings turned on, I think that setting comes into effect when you get a massive amount of emails, all at once. What I'm looking for is a setting where we can increase the polling timeout function which sends an email when it reaches it's default missed polls of 3 polls -- that setting I want to increase to say, 30 polls. This will stop us getting multiple emails like shown below. Like I mentioned in my original post, the poll timeouts only last for about 10 polls before the site comes back up, and for it's purpose, this is fine even though it happens multiple times a day. Hope this makes sence

     

     

  • +1 in reply to Nick Thomson

    Nick, I think the only thing you can do is disable the down and up notifications. There's no setting in WebAdmin and there's nothing that I see that can be changed at the command line.  You might want to offer a suggestion or vote for an existing one at http://feature.astaro.com.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    No worries Bob and thanks for coming back to me, I'll suggest this on the link you supplied

Reply Children
No Data
Unfiltered HTML