Configuring administrator and user notifications
Event notification settings give you a choice of methods for configuring and composing a message text.
To configure event notification settings:
- In the Application Console tree, open the context menu of the Logs and notifications node and select Properties.
The Logs and notifications settings window opens.
- On the Notifications tab select the notification mode:
- Select the event for which you wish to select a notification method from the Event type list.
- In the Notify administrators or Notify users group settings, select the check box next to the notification methods that you wish to configure.
You can only configure user notifications for the following events: Object detected, Untrusted external device detected and restricted event, and Host listed as untrusted event.
- To add the text of a message:
- Click the Message text button.
- In the window that opens, enter the text to be displayed in the corresponding event message.
You can create the same message for several event types: after selecting a notification method for one event type, use the Ctrl or Shift key to select the other event types for which you want to use the same message, and then click the Message text button.
- To add fields with information about an event, click the Macro button and select the relevant fields from the drop-down list. Fields with event information are described in the table in this section.
- To restore the default event message text, click the By default button.
- To configure administrator notification methods for the selected event, select the Notifications tab, click the Settings button in the Notify administrators section and configure the selected methods in the Advanced settings window. To do this, perform the following actions:
- For email notifications, open the Email tab and specify the email addresses of recipients (delimit addresses with semicolon), name or network address of the SMTP server, and port number in the appropriate fields. If necessary, specify the text that will be displayed in the Subject and From fields. The text in the Subject field can also include variables with information about the event (see table below).
If you want to apply user account authentication when connecting to the SMTP server, select Use SMTP authentication in the Authentication settings group and specify the name and password of the user whose user account will be authenticated.
- For notifications using Windows Messenger Service, create a list of recipient protected devices for notifications on the Windows Messenger Service tab: for each protected device that you wish to add, click the Add button and enter its network name in the input field.
Windows Messenger Service notifications are not used if the protected device is running Microsoft Windows Server 2008 and subsequent versions of Microsoft Windows Server.
- To run an executable file, select the file on the protected device's local drive that will be executed on the protected device when an event occurs or enter its full path on the Executable file tab. Enter the user name and password which will be used to execute the file.
System environment variables can be used when the path to the executable file is specified; user environment variables are not allowed.
If you wish to limit the number of messages of one event type over a period of time, on the Advanced tab, select Do not send the same notification more than and specify the number of times and a time interval.
- For email notifications, open the Email tab and specify the email addresses of recipients (delimit addresses with semicolon), name or network address of the SMTP server, and port number in the appropriate fields. If necessary, specify the text that will be displayed in the Subject and From fields. The text in the Subject field can also include variables with information about the event (see table below).
- Click OK.
The configured notification settings are saved.
Fields with event information
Variable | Description |
|---|---|
%EVENT_TYPE% | Event type. |
%EVENT_TIME% | Event time. |
%EVENT_SEVERITY% | Importance level. |
%OBJECT% | Object name (in Real-Time Server Protection and On-Demand Scan tasks). The Software Modules Update task includes the name of the update and the address of the web page with information on the update. |
%VIRUS_NAME% | The name of the object according to the Virus Encyclopedia classification. This name is included in the full name of the detected object that Kaspersky Security for Windows Server returns on detecting an object. You can view the full name of the detected object in the task log. |
%VIRUS_TYPE% | The type of detected object according to the Kaspersky classification, such as "virus" or "trojan". It is included in the full name of the detected object, which is returned by Kaspersky Security for Windows Server when it finds an object infected or probably infected. You can view the full name of the detected object in the task log. |
%USER_COMPUTER% | In the Real-time File Protection task and RPC Network Storage Protection task, the protected device name for the user who accessed the object on the device. |
%USER_NAME% | In the Real-Time File Protection task and RPC Network Storage Protection task, the name of the user who accessed the object on the device. |
%FROM_COMPUTER% | Name of the protected device where the notification originated. |
%EVENT_REASON% | Reason the event occurred (some events do not have this field). |
%ERROR_CODE% | Error code (only for the "internal task error" event). |
%TASK_NAME% | Task name (only for events related to task performance). |
