FAQ

Can I customize ProxyAV alert messages?

FAQ ID:    FAQ1831
Version:    1.0
Status:    Published
Published date:    01/17/2012
 

Answer

Yes, you can modify alert messages from the Advanced > Messages tab on teh ProxyAV Management Console.

Each alert message contains information about the event that triggered the message. In the Customize Messages table, you can specify what information is included in each type of alert.

The first three columns-Protocol, Event, and Command Type-define each type of event.
The Alert column defines what information is included in the alert that is logged or sent through e-mail to the administrator.
The Substitute column defines what text is substituted for the original data. For example, for HTTP downloads, the ProxyAV appliance replaces the entire infected file with the substitute text.
Autotext keywords can be used in the Alert and Substitute messages to get contextual information about the event into the messages:

- Click Modify to open the Message screen. The first few fields provide information about the event.
- Under State, the default is to use the default message. Click Custom to alter or annotate the message and character set.
             

                The following keywords may be used:
                %CLIENT: The client IP address.
                %ACTION: The action that was performed (file passed/dropped).
                %URL: The URL from which the file was downloaded.
                %VIRUS: The virus or potentially unwanted software (PUS) name.
                %REASON: Why the event occurred. For example, why was the file scanned?
                %MACHINENAME: The name of the ProxyAV appliance.
                %MACHINEIP: The ProxyAV appliance IP address.
                %HWSERIALNUMBER: The ProxyAV appliance serial number.
                %PROTOCOL: The scanned protocol.
                %APPNAME: The application name (ProxyAV).
                %APPWEB: The application vendor Web address.
                %APPVERSION: The application version.
                %AVVENDOR: The AV vendor.
                %AVENGINEVERS: The AV engine version.
                %AVPATTERNVERS: The AV pattern version.
                %AVPATTERNDATE: The AV pattern date.
                %TIMESTAMP: The time the event occurred.
                %ADMINMAIL: The administrator mail address.
                The % character always precedes the tag name. Capitalization is also important; do not use lowercase variable names.


- Click Save Changes.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question