14.04.2019 FastNetMon

FastNetMon e-mail notification

FastNetMon can send emails about hosts blocked using blackhole approach and it can send emails about each partial block rule (BGP Flow spec mode) deployed to block malicious traffic.

We recommend using SMTP server in your network to avoid issues during DDoS attacks because external connectivity may be affected by attack and email notification will not be send.

Example configuration which includes all available options:

sudo fcli set main email_notifications_enabled enable
sudo fcli set main email_notifications_tls enable
sudo fcli set main email_notifications_auth enable
sudo fcli set main email_notifications_port 587
sudo fcli set main email_notifications_host smtp.gmail.com
sudo fcli set main email_notifications_from mynotificationemail@gmail.com
sudo fcli set main email_notifications_username mynotificationemail@gmail.com
sudo fcli set main email_notifications_password please_keep_it_secure
sudo fcli set main email_notifications_recipients noc@yourcompany.com
sudo fcli set main email_notifications_recipients tech@yourcompany.com

Then you could use this command and send test email to configured notification emails

sudo fcli set email_test

In case of any issues with email delivery, please check that your server has application “msmtp” installed. Also, you may check /var/log/fastnetmon/email.log file about any error messages.

You also may change default email subjects easily:

sudo fcli set main email_subject_blackhole_block "Our defense system blocked host {{ ip }}"
sudo fcli set main email_subject_blackhole_unblock "Our defense system unblocked host {{ ip }}"
sudo fcli set main email_subject_partial_block "FastNetMon partially blocked traffic for host {{ ip }}"
sudo fcli commit

If your server uses custom auth method then you can specify it explicitly but in almost all cases you do not need to do so, best auth method will be selected automatically:

sudo fcli set main email_notifications_auth_method XXX

Where XXX may be one of the following options:

  • login
  • plain
  • scram-sha-1
  • cram-md5
  • gssapi
  • external
  • digest-md5
  • ntlm