e-dokumen.id

Integrate IIS SMTP serverEventTracker v8.x and abovePublication Date: May 29, 2017

Integrate IIS SMTP serverAbstractThis guide helps you in configuring IIS SMTP server and EventTracker to receive SMTP Server events. In thisguide, you will find the detailed procedures required for monitoring IIS SMTP server.AudienceAdministrators, who are assigned the task to monitor and manage IIS SMTP server events using EventTracker.The information contained in this document represents the current view of EventTracker. on theissues discussed as of the date of publication. Because EventTracker must respond to changingmarket conditions, it should not be interpreted to be a commitment on the part of EventTracker,and EventTracker cannot guarantee the accuracy of any information presented after the date ofpublication.This document is for informational purposes only. EventTracker MAKES NO WARRANTIES,EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limiting therights under copyright, this paper may be freely distributed without permission fromEventTracker, if its content is unaltered, nothing is added to the content and credit toEventTracker is provided.EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectualproperty rights covering subject matter in this document. Except as expressly provided in anywritten license agreement from EventTracker, the furnishing of this document does not give youany license to these patents, trademarks, copyrights, or other intellectual property.The example companies, organizations, products, people and events depicted herein are fictitious.No association with any real company, organization, product, person or event is intended orshould be inferred. 2017 EventTracker Security LLC. All rights reserved. The names of actual companies andproducts mentioned herein may be the trademarks of their respective owners.1

Integrate IIS SMTP serverTable of ContentsAbstract . 1Audience . 1Overview . 3Prerequisites . 3Integration of IIS SMTP SERVER to EventTracker manager . 3EventTracker Knowledge Pack. 10Alerts . 10Flex Reports . 10Knowledge Object . 13Import IIS SMTP Server knowledge pack into EventTracker . 14Knowledge Objects . 14Alerts . 16Flex Reports . 17Verify IIS SMTP Server knowledge pack in EventTracker. 19Knowledge Objects . 19Alerts . 19Flex Reports . 20Create Flex Dashboards in EventTracker . 21Schedule Reports . 21Create Dashlets . 24Sample Flex Dashboards . 282

Integrate IIS SMTP serverOverviewThe Simple Mail Transfer Protocol (SMTP) service provided by IIS is a simple component for deliveringoutgoing e-mail messages. Delivery of a message is initiated by transferring the message to a designatedSMTP server.EventTracker helps you to monitor event activities in IIS SMTP server. It will trigger an alert whenever itdetects an error or a blacklisted spam IP address. Its knowledge object will help you make the log searcheasier and informative. It generates flex reports, flex dashboards for IIS SMTP server.Prerequisites EventTracker v8.x should be installed.IIS SMTP server 6.0 or laterIntegration of IIS SMTP SERVER to EventTrackermanagerIn Internet Information Services 6 (IIS6) and earlier.1. Right click the SMTP server and choose Properties.3

Integrate IIS SMTP serverFigure 12. Check the Enable logging at the bottom.3. Choose the log format W3C Extended Log File Format from the drop-down box.Figure 24. Click on the Properties button and in the pop up the window, select the options as per yourrequirement. Under Directory, specify the path where the log file should be stored. The default is%System Drive%\Windows\System32\LogFiles\4

Integrate IIS SMTP serverFigure 35. Move to the Advanced tab and set the configuration to collect all the available information in yourSMTP logs to help you troubleshoot mail issues.Figure 45

Integrate IIS SMTP serverNOTE: We should monitor log file using EventTracker LFM AgentLFM Configuration:In EventTracker Control Panel,1. Click EventTracker Agent Configuration.Figure 4The EventTracker Agent configuration page displays.6

Integrate IIS SMTP serverFigure 52. Select Logfile Monitor and click Add File Name. It will pop up a window.7

Integrate IIS SMTP serverFigure 63. In the window check Get All Existing Log Files and Select Log File Type as W3C4. Under Enter File name select brwosebutton to browse the location of the IIS SMTP log files.Figure 75. Select the drive, folder and check “Show all the files” to display all the files. Click OK6. Select the log file extension as \*.log and click OKFigure 88

Integrate IIS SMTP serverFigure 97. Click on Add String button8. Select Field Name as date from dropdown menu.9. Type * in Search String, check Current Date Time and click OK to exit.Figure 109

Integrate IIS SMTP server10. Search string will be added in the window. Click OK to exit.Figure 11EventTracker Knowledge PackOnce logs are received into EventTracker, alerts, reports and knowledge object can be configured intoEventTracker.The following Knowledge Packs are available in EventTracker Enterprise to support SMTP Server (IIS 6.0).Alerts IIS SMTP server: SPAM Blacklist IP detected – This alert is generated when a Blacklisted IP accessesthe server.IIS SMTP server: AUTH error- This alert is generated when an authentication failure happens.IIS SMTP server: Slow mail flow-This alert is generated when a process taken unlikely gets delayed.IIS SMTP server: EHLO and HELO continuous request- This alert is generated when there is acontinuous request of EHLO or HELO from the client.Flex Reports 10IIS SMTP Server-Error reports– This report provides information about the errors on SMTP methodslike (MAIL, RCPT, DATA, AUTH, QUIT) in IIS SMTP server.

Integrate IIS SMTP serverSample Logs IIS SMTP Server-AUTH error details– This report provides information about the client authenticationfailures and errors.Sample logs:11

Integrate IIS SMTP server IIS SMTP Server-Mail sender and receiver details– This report provides information about the Mailsender and recipient details.Sample logs: 12IIS SMTP Server-EHLO and HELO Request Details– This report provides information about the clientwho requested EHLO and HELO to SMTP server. This report will provide the client IP address andquery requested.

Integrate IIS SMTP serverSample logs: IIS SMTP Server-All traffic reports– This reports provides information about the mail traffic on themail server.Knowledge Object 13IIS SMTP AUTH Error – This knowledge object will help us to analyze the log related with IIS SMTPauthentication errors.IIS SMTP – This knowledge object will help us to analyze the log related to IIS SMTP server.

Integrate IIS SMTP serverImport IIS SMTP Server knowledge pack intoEventTracker1. Launch EventTracker Control Panel.2. Double click Export Import Utility.Figure 123. Click the Import tab.Knowledge Objects1. Click Knowledge objects under Admin option in the EventTracker manager page.2. Locate the IIS SMTP Server Knowledge Objected, and then click Import button14

Integrate IIS SMTP serverFigure 133. Choose the Knowledge objects that needs to be imported and click on upload.Figure 144. Knowledge objects are now imported successfully.Figure 1515

Integrate IIS SMTP serverAlerts1. Click Alerts option, and then click the browsebutton.Figure 162. Locate All alert for IIS SMTP Server.isalt file, and then click the Open button.3. To import alerts, click the Import button.EventTracker displays success message.16

Integrate IIS SMTP serverFigure 174. Click OK, and then click the Close button.Flex Reports1. Click Reports option, and select new from the option.Figure 182. Locate the IIS SMTP Server Reports.etcrx file, and then click the Open button.17

Integrate IIS SMTP serverFigure 193. Click the Import button to import the reports. EventTracker displays success message.Figure 2018

Integrate IIS SMTP serverVerify IIS SMTP Server knowledge pack in EventTrackerKnowledge Objects1. In the EventTracker web interface, click the Admin dropdown, and then click Knowledge Objects.In the Knowledge Object tree, expand IIS SMTP group folder to see the imported Knowledge objects.Figure 21Alerts1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Alerts.3. In Search field, type ‘IIS SMTP SERVER, and then click the Go button.19

Integrate IIS SMTP serverFigure 22Alert Management page will display all the imported IIS SMTP alerts.4. To activate the imported alerts, select the respective checkbox in the Active column.EventTracker displays message box.Figure 235. Click OK, and then click the Activate Now button.NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respectivecheckbox in the Alert management page, and then click the Activate Now button.Flex Reports1. In the EventTracker Enterprise web interface, click the Reports menu, and then select Configuration.2. In Reports Configuration pane, select Defined option.3. In search box enter ‘IIS SMTP, and then click the Search button.20

Integrate IIS SMTP serverEventTracker displays Flex reports of ‘IIS SMTP ServerFigure 24Create Flex Dashboards in EventTrackerNOTE: To configure the flex dashboards, schedule and generate the reports. Flex dashboard feature isavailable from EventTracker Enterprise v8.0.Schedule Reports1. Open EventTracker in browser and logon.21

Integrate IIS SMTP serverFigure 252. Navigate to Reports Configuration.3. Select IIS SMTP Server in report groups. Check Defined dialog box.Figure 264. Click on ‘schedule’to plan a report for later execution.5. Click Next button to proceed.6. In review page, check Persist data in EventVault Explorer option.22

Integrate IIS SMTP serverFigure 277. In the next page, check column names to persist using PERSIST checkboxes beside them. Choose suitableRetention period.23

Integrate IIS SMTP serverFigure 288. Proceed to next step and click Schedule button.9. Wait till the reports get generated.Create Dashlets1. Open EventTracker Enterprise in browser and logon.24

Integrate IIS SMTP serverFigure 292. Navigate to Dashboard Flex.Flex Dashboard pane is shown.Figure 303. Fill suitable title and description and click Save button.4. Click25to configure a new flex dashlet. Widget configuration pane is shown.

Integrate IIS SMTP serverFigure 315. Locate earlier scheduled report in Data Source dropdown.6. Select Chart Type from dropdown.7. Select extent of data to be displayed in Duration dropdown.8. Select computation type in Value Field Setting dropdown.9. Select evaluation duration in As Of dropdown.10. Select comparable values in X Axis with suitable label.11. Select numeric values in Y Axis with suitable label.12. Select comparable sequence in Legend.13. Click Test button to evaluate. Evaluated chart is shown.26