Support Center > Search Results > SecureKnowledge Details
Configuring 'Mail Alerts' using 'internal_sendmail' command Technical Level
Solution

Introduction

The internal_sendmail is an internal Check Point command (built-in into FWD daemon) that directs the Check Point Alerts Daemon on the Security Management Server / Domain Management Server to send an e-mail, using the specified arguments. It does not require a mail server or mail client to be installed on the Security Management Server / Multi-Domain Security Management Server.

Notes:

  • The FWD daemon on the Security Management Server / Domain Management Server will send an e-mail to the defined SMTP Server.
  • Mail Alerts may not work even after configuring as per this sk. To receive mail alert you need to have an SMTP server configured with "Mail Relay" and "No Authentication". 
  • When choosing logging actions in rules, or other Security Gateway logging properties, set the action to correspond to the alert you defined in the 'Global Properties' > 'Log and Alert' > 'Alerts' screen.

 

Procedure

    1. Go to Alerts settings in Global Properties:

        • In SmartDashboard R7X, go to Policy menu - click on Global Properties - expand Log and Alert - click on Alerts.
        • In SmartConsole R8X, go to Application menu - click on Global Properties - expand Log and Alert - click on Alerts.


       

    1. (Optional) Select the checkbox "Send mail alert to SmartView Monitor"(when a mail alert is issued, it is also sent to SmartView Monitor). 

    1. Select the checkbox "Run mail alert script" and use the following syntax:

      internal_sendmail -s "SUBJECT" -t IP_ADDRESS_of_SMTP_SERVER -f SENDER_E-MAIL@DOMAIN RECIPIENT1_E-MAIL@DOMAIN RECIPIENT2_E-MAIL@DOMAIN ...

      Note: The e-mail subject must always be enclosed within quotation marks. Multiple recipients must be separated by a space character.

      Example with sender mail:
      internal_sendmail -s "MySubject" -t 192.168.20.30 -f sender@example.com recepient1@example.com recepient2@example.com

      Example without sender mail:
      internal_sendmail -s "MySubject" -t 192.168.20.30 recepient1@example.com recepient2@example.com

    1. In the Rule Base, define a rule that will generate an alert - in the "Track" column, select Mail.
    2. Install the Security Policy.

 

 

 

 

Sample log entry that you will find in the body of the e-mail message:

 

27Jul2011 12:37:06 drop Labfw02 >eth2 useralert rule: 5; rule_uid: {D80B94DC-N325-4866-B67E-99NAZ5F41160}; SmartDefense profile: No Protection; ICMP: Echo Request; src: NS_192.168.30.44; dst: NS_LabSRVa; proto: icmp; ICMP Type: 8; ICMP Code: 0; product: VPN-1 & FireWall-1;

 

Related Solutions:

 

Applies To:
  • This solution replaces sk17394
  • sk114836 has been merged into sk25941

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment