Configuring alert actions
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
For each alert definition, you can specify the actions that should occur when the alert is triggered.
This topic provides instructions on how to view and modify alert actions, and information on configuring actions for the Alert Action Failure alert.
Viewing and configuring alert definition actions
To view and modify alert actions
In the Forefront TMG Management console, in the tree, click the** Monitoring** node.
In the details pane, click the Alerts tab.
On the Tasks pane, click Configure Alert Definitions.
In the Alert Definitions list, select the alert you want to modify, and then click Edit.
On the Actions tab, configure the alert action. You can define alerts to perform one or more of the following actions when triggered:
Send an e-mail message. See Configuring an alert to send an e-mail message.
Run a program. See Configuring an alert to run a program.
Log the event in the Windows event log. By default, this is enabled for all alerts.
Stop or start the Microsoft Firewall service or Scheduled Content Download service.
Configuring an alert to send an e-mail message
You can specify the following settings when configuring an alert to send an e-mail message when the alert is triggered:
To configure an alert to send an e-mail message
On the Actions tab, click Send e-mail.
Type the name of your organization's SMTP server. Note the following:
If you specify an SMTP server located on the Internal network, you must enable the system policy rule to allow this traffic. To do this, in the Remote Monitoring configuration group of the System Policy Editor, select SMTP, and then click Enable. This enables the "Allow SMTP from Forefront TMG to trusted servers" system policy rule.
If you specify an SMTP server located on the External network, you must create an access rule that allows the Local Host network to access the External network (or the network on which the SMTP server is located), using SMTP.
In the From box, type the e-mail address of the sender.
In the To box, type the e-mail addresses of the recipients.
Click OK to save the new action for this alert, and then click Apply on the Apply Changes bar.
Configuring an alert to run a program
You can specify the following settings when configuring an alert to run a program when the alert is triggered:
To configure an alert to run a program
On the Actions tab, click Run a program.
For Program file, type the location of the program.
Note
The program path specified must exist on all Forefront TMG servers in the array. It is therefore recommended that you use an environment variable (such as %SystemDrive%) within the path name in order to allow per-server adjustment of the path.
For Parameters, type the appropriate parameters for running this program.
Note
Do not specify an interactive program that requires user input.
Click Set Account if a user account other than the Local System Account is required, and type the appropriate user credentials.
Note
Use the Local Security Policy to configure user privileges.
Note
Be sure that the specified user has Logon as batch job privileges.
Click OK to save the new action for this alert, and then click Apply on the Apply Changes bar.
Configuring actions for Alert Action Failure alert
Although the Alert Action Failure alert can be configured, it is recommended that you do not edit properties for this alert. If the action for this alert fails, the failure is not registered anywhere, and troubleshooting will be difficult.
If you encounter this alert, check the event log for action failures. Check the event message associated with the failure, and the previous events issued before the action failure event. They may provide additional information about which action failed.