FastNetMon can send emails about hosts blocked using blackhole approach and it can send emails about each partial block rule (BGP Flow spec mode) deployed to block malicious traffic.
We recommend using SMTP server in your network to avoid issues during DDoS attacks because external connectivity may be affected by attack and email notification will not be send.
Example configuration which includes all available options:
sudo fcli set main email_notifications_enabled enable sudo fcli set main email_notifications_tls enable sudo fcli set main email_notifications_auth enable sudo fcli set main email_notifications_port 587 sudo fcli set main email_notifications_host smtp.gmail.com sudo fcli set main email_notifications_from mynotificationemail@gmail.com sudo fcli set main email_notifications_username mynotificationemail@gmail.com sudo fcli set main email_notifications_password please_keep_it_secure sudo fcli set main email_notifications_recipients noc@yourcompany.com sudo fcli set main email_notifications_recipients tech@yourcompany.com
Then you could use this command and send test email to configured notification emails
sudo fcli set email_test
In case of any issues with email delivery, please check that your server has application “msmtp” installed. Also, you may check /var/log/fastnetmon/email.log file about any error messages.
You also may change default email subects easily:
sudo fcli set main email_subject_blackhole_block "Our defense system blocked host {{ ip }}"
sudo fcli set main email_subject_blackhole_unblock "Our defense system unblocked host {{ ip }}"
sudo fcli set main email_subject_partial_block "FastNetMon partially blocked traffic for host {{ ip }}"
sudo fcli commit