[] [1:2002973:1] Sample alert [] - Alert Message
msg "sample message" - Log Message
Both are messages. What is the difference between these messages ?
The two actions you mention do the following:
alert Generates an alert then logs the packet
log Just logs the packet (doesn't generate an alert)
The alert is a very simple overview of the event whereas the log is generally more detailed and contains a packet dump too.
Documentation for the rule actions can be found here
Related
Is there a way to create an Alert Center notification based on criteria returned in the Google Workspace Email Log Search?
For example..
If an email address sends a message to 1000+ recipients or sends 1000 messages to 1000 recipients...
We already see the System Defined alert center actions if say... someone flags a message as phishing, but we want to create a triggered alert rule based on the count of messages.
Thanks in advance.
This can be done using the Investigation tool found at ‘Security’ > ‘Investigation Tool’ Be advised this is a feature available for these editions: Enterprise; Education Standard and Plus as documented here
Basically what you are looking to do is build a query like this:
Data Source = Gmail Log Events
With Conditions Below:
Event Is User spam classification
AND
Spam classification Is Phishing
Like this
Then:
Click on the three dots at the top right, next to the bin icon.
Click on ‘Create activity rule’
Add a name + description. Click on ‘Next: View conditions’
Click on ‘Next: Add Actions’
Select the time window: 24hrs o 1hr
Scroll down and set the threshold desired and configure it (basically after how many incidents this will be triggered)
Add a desired action, eg. Send to quarantine, etc.
Select the severity of this rule
Check the box to ‘Send to alert center’
10.Configure Email Notifications.
11.Click on ‘Next: Review’ and make sure it is set to ‘Active’
12.Finally click on ‘Create Rule’
Keep in mind this may take some propagation time of up to 48hrs. For more information on the Investigation Tool see here
Unfortunately the way the Alert Center works would not allow an integration with the Email log search.
They both work on a different way, the Alert center has his own set of parameters to determine the severity, while the Email log search works like a direct tool to audit the data manually.
I believe the best available option to create rules and get notifications an alerts while using the Alert Center dat, is the Investigation tool which is only available with certain versions, check it!
All my alerts are critical except for one, called "not a critical alert". When this alert is triggered though, it has a critical severity. How can I set pagerduty to make this specific type of alert low severity?
Using the event rule capabilities within PagerDuty, it is possible to change the severity of an alert.
Depending on the alert severity, you may want to configure your services to use dynamic notifications, so that you are notified appropriately.
e.g. critical/error = phone call, warning/info = push/email.
For example, you could create an event rule that matches based on the alert summary, then updates the severity as needed.
Matching Condition
Action
I am using vuejs and socket.io in my application. The task is this: if I type a message in a dialogue with the user, display a message to both the interlocutor and myself, that I am typing a message.
How can I implement this?
Socket.io gives you lots of options to send messages across the board. What I always found very helpful is the Emit cheatsheet from the official docs (https://socket.io/docs/emit-cheatsheet/).
Here are some of the methods on how to broadcast messages to all clients including sender.
io.on('connect', onConnect);
function onConnect(socket) {
// sending to all clients in 'chat' room, including sender
io.in('chat').emit('typing', 'User xy is typing');
// sending to all clients in namespace 'chatNamespace', including sender
io.of('chatNamespace').emit('typing', 'User xy is typing');
// sending to a specific room in a specific namespace, including sender
io.of('chatNamespace').to('chat').emit('typing', 'User xy is typing');
}
Now this of course are just example methods. You would need to wrap this into your own business logic and probably register some socket event listeners to get this going.
I am having an issue where we have a rule set up to catch all mail coming in from a specific address and BCC the email off to 2 external addresses.
The rule is set up like this
If the message...
Is received from 'email#example.com'
Do the following...
Blind carbon copy(Bcc) the message to 'external#domain1.com' and 'external#domain2.com'
The email from email#example.com is sent from a web form and addressed to auser#mydomain.com and asharedmailbox#mydomain.com.
When the mail comes in, it is BCC'd twice to the external addresses and 1 copy only delivered locally in user and sharedmailbox.
This is all reflected in a message trace.
Has anyone come across this and knows how to prevent this?
TIA
Someone else in my organisation found out how to work around this.
They added in a condition to the "If the message" operation as below
If the message...
Is sent to 'auser#mydomain.com'
And Is received from 'email#example.com'
Do the following...
Blind carbon copy(Bcc) the message to 'external#domain1.com' and 'external#domain2.com'
And now the rule only processed once.
I'm using XEP-136 for message archiving in a chat system, when the user types his text, it will be displayed in the chat conversation for both users, and it will be automatically archived for further retrieving.
But when reloading the chat window, and re-connecting to the xmpp server (openfire), the last message won't be shown until one minute or more.
That means, the message won't be fully archived immediately.
Are there any settings in openfire that I must check out first? or do I have to try something other than message archiving?
This is my "retrieve collection" stanza (in strophe.js syntax) :
$iq({type: 'get'}).c('retrieve', {xmlns: 'urn:xmpp:archive', with : 'user#server',start:'13-10-28T16:30:00'}).c('set', {xmlns: 'http://jabber.org/protocol/rsm'}).c('max').t('100');
So far, The sending and receiving parts work great, the sole issue, is that when reloading page, messages less than 1 minute won't show up until reloading the page after another 1 minute.
it seems that messages take more than 1 minute before being archived.