Follow

Info: Setting up logging and event notifications via SMTP

Applies to:

All 6.x versions.

Summary: 

Certificate Manager contains a rich set of pre-defined event logging (alerts). They are configurable through the logging tree and contain these four main components. 

  1. Events.
  2. Channels.
  3. Notification rules.
  4. A server that collects and delivers the logging events.

More Info:

Events:

Events are defined in the logging tree. There are events for all features of Venafi Encryption Director, including Applications and Certificate Authority objects.  

TIP: Be sure to know what default values are set on the event settings tab of each policy object are.  Go to <Policy object> Settings > Monitoring. 

events-logging.jpg

 

 

Channels:

Channels define where the event gets sent and how.  The below example shows an SMTP channel. The recipients are the consumer of each Application object (the owners of any server that is currently using the certificate).

smtp-logging.jpg

Other SMTP channels include:

  • E-mail to owner: E-mails the  message to the Certificate Contacts
  • E-Mail to Parent: E-mails the message to the Contacts assigned on the parent object.
  • E_mail to System Administrator: Emails a message to the Local Master admin accounts. 

Notification rules:

Notification rules define what events get triggered and how. Each notification is configured via boolean logic to trigger off one or more Events.  A notification object also defines what channel(s) events are sent to.  In the below screenshot we are triggering off a Certificate expired event, but only if we are 30 days out from expiring. This event is being sent to two channels- "Email to Owner" and "Email to consumer".  

channel-smtp.jpg

 

Server:

The below example shows the primary logging object ( server) in the logging tree. While running the Certificate Manager install, you are given a choice of wether or not to install the logging server on that server. You can verify if logging is installed for you server in question by navigating to the platforms tree.  While, typically only one logging server exists per Certificate Manager installation, a backup logging server can exist.logging_object.jpg

 

Setting up e-mail notifications: 

Notification Rules trigger off of events, and are sent out through channels  configured for to send to SMTP, or SNMP servers.  Channels can can also be configured to be sent to a text file for analysis. By way of example, once an event is triggered, a SMTP e-mail session is initiated from the configured logging server to a e-mail server. this will send notifications e-mail(s)  to a single, or group of e-mails addresses. The rest of this article is dedicated to configuring e-mail for the purpose of sending out notifications. 

Setting up e-mail notifications can be divided into three main steps.

  1. Setting up your channel(s). 
  2. Linking the notification rule to a channel.
  3. Configuring your object for the right ownership.

1: Setting up your channel.

  • Select the channels object. 
  • Select a pre-defined channel such as 'E-mail to Owner' and configure 
  • TIP: If you do not set an e-mail address for the sender, no SMTP connection will be initiated. 
  • In the hosts field, type in the DNS name or IP address of your SMTP server.
  • TIP: If you want to only set this once for all you channels, set this on the channel object itself.
  • Press apply. 

2: To link a rule to this channel, follow these steps.

  • In the logging tree, select notification rules, and choose a rule such as 'Certificate expiring in 30 days', as per the screenshot above.
  • Ensure that the target channel is the one you selected in step 1 above.

3: Configuring the policy object for the right ownership. 

In the above example, we used the default notification called "Certificate expiring in 30 days" so we'll follow on with that example. This notification is configured for a channel called "Email to owner". The owner of each object in the policy tree is called the "contact".  
To discover who the owner is for an object, follow these steps:  
  • Navigate to the Policy tree.
  • Find a policy object, and locate the contact field.  
  • TIP: If the object does not have a contact, no e-mails will be sent for events on this object.
  • You can choose one by using the browse button.  
  • TIP: The browse button has three dots on it.
  • Navigate to the identify tree, and find the object.
  • Select the object.  
  • TIP:  Ensure this object has a e-mail address configured.

Frequently asked questions:

  • Why don't my 45 day and 60 certificate expiration rules appear to be working?  You need to change the event settings tab on the relevant policy object to be greater than the default value of 30. 
  • Below are some common events I might see in the logs for SMTP?

 

Un-configured contact:

SourceIP, ClientTimestamp, Component, Severity, Event, Description
0.0.0.0, 7/25/2012 5:28:27 PM, \VED\Logging\Channels\Email to Owner: \VED\Logging\Channels\Email to Owner, Error: Error, Translated event: Log - SMTP Message Failure, \VED\Logging\Channels\Email to Owner SMTP Notification Failed. Event Message:The discovery service module \VED\Engines\WIN-GNFDFPQ3566\Discovery has begun processing the Discovery \VED\Discovery\Disc 1.. Error: Failure sending mail.. Additional error data at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Venafi.Logdrivers.LogSMTP.ProcessEvent(Event logEvent).

 

SMTP successful send to host: ( to see this error you must click the radio button on 'log delivery' in the channel) 

 SourceIP, ClientTimestamp, Component, Severity, Event, Description

0.0.0.0, 7/26/2012 10:52:38 AM, \VED\Logging\Channels\Email to Owner: \VED\Logging\Channels\Email to Owner, Info: Info, Translated event: Log - SMTP Message Sent, SMTP Channel Driver \VED\Logging\Channels\Email to Owner successfully delivered a message titled Info - \VED\Discovery\Disc 1 to 1 recipients (martin.irwin@venafi.com )

 

SMTP failing to send to host:

SourceIP, ClientTimestamp, Component, Severity, Event, Description
0.0.0.0, 7/25/2012 5:11:45 PM, \VED\Logging\Channels\Email to Owner: \VED\Logging\Channels\Email to Owner, Error: Error, Translated event: Log - SMTP Message Failure, \VED\Logging\Channels\Email to Owner SMTP Notification Failed. Event Message:The discovery service module \VED\Engines\WIN-GNFDFPQ3566\Discovery has finished processing the Discovery \VED\Discovery\Disc 1.. Error: The parameter 'addresses' cannot be an empty string.
Parameter name: addresses. Additional error data at System.Net.Mail.MailAddressCollection.Add(String addresses)
at Venafi.Logdrivers.LogSMTP.ProcessEvent(Event logEvent).

Additional Resources: 
  • For a good Microsoft article on how to troubleshoot SMTP using telnet, see 153119
Was this article helpful?
0 out of 0 found this helpful

Comments