Alerts
Overview
Starting with release 6.4, Ceptor supports sending out Alerts.
Alerts are generated when various conditions occur, such as servers going down (or back up) or when loaded are close to expiring or have expired already.
These alerts are generated by the various modules and are all sent to the Ceptor Configuration Server which can then process them.
To process them, you can configure any number of Alert Actions, which are then triggered when alerts occur. An Alert Action can optionally have a set of conditions for which it is triggered - conditions could be specific alerts or specific content within the alerts.
Alert Types
Ceptor currently has these types of alerts:
- A certificate will expire soon
- A certificate has expired
- A server is down
- A server is back up after going down previously
Alert Actions
An Alert Action can e.g. send an SMS/Text message or an Email when it encounters a specific alert.
All configured Alert Handlers are executed once an Alert occurs.
Conditions
An Alert Handler can define a set of conditions under which it is triggered - if conditions are set, at least one of the conditions must match or the Alert Handler is not executed.
Configuration
Within Ceptor Console, you configure Alert Actions / Handlers.
You can add an action, give it a name and select the type from the list of available types.
Conditions
For each type, you can choose the conditions - if any conditions are defined for an Alert Action, at least one condition must match before the alert action is done.
In the condition, you can give it a name (which is required but has no meaning other than to identify it) - and you can optionally choose a specific type of alert to match.
If the alert refers to a certificate, you can limit to certain subject or issuer names, and if the alert refers to a server down/up alert, you can put some conditions on the gateway, destination, hostname and/or port number.
In addition, you can add condition scripts where you make a decision by writing a script that looks deeper into the individual alert. See Scripts
Logging alerts
For Alert Actions of the type "Write Log Message", you can define the log level and an optional logger name - this can then be used together with the logback configuration to route specific loggers to specific logging destinations, e.g. alerts in Splunk, databases or whatever needs suit your environment.
Sending SMS/Text messages
For Alert Actions of the type "SMS/Text Message", you can specify a mobil phone number to send the alert to.
To be able to send SMS text messages or emails, you need to have the configuration for email server and SMS provider in place - see Alerts Configuration for details.
Sending emails
For Alert Actions of the type "Send email" you can specify the receiving email address and an optional Subject Prefix which the email subject will be prefixed with to make it easily recognizable.
The actual text in the subject and message body depends on the type of alert issued.
To be able to send SMS text messages or emails, you need to have the configuration for email server and SMS provider in place - see Alerts Configuration for details.
Create Action in Console
This will create an action in the console -see Actions for more information.
Execute Script
Instead of using one of the predefined actions, you can also create a script where you do processing of your own - this processing could include calling existing SIEM systems, sending SMS messages to non-standard SMS gateways or other any other actions you might take for a given alert.
Scripts
When a script is called, it is called with a variable context in scope - this context looks like this:
public class ScriptContext { public Properties configuration; public Alert alert; } public interface Alert extends JSONAware, Serializable { /** * Type of alert */ public enum Type { certificateexpires_soon, certificate_is_expired, server_down, server_up } /** Type of alert */ public Alert.Type getType(); /** Unique ID of alert */ public String getID(); /** Alert title */ public String getTitle(); /** Alert message */ public String getMessage(); /** Exception, if available */ public Throwable getThrowable(); }
In addition, the Alert implements the JSONAware interface, which gives it 2 additional methods;
- toJSON() - returns a JSON Object
- toJSONString() - returns the alert as a JSON String.
Below is an example javascript which simply prints out the alert to stdout:
print(context.configuration); print(context.alert.getType()); print(context.alert.getID()); print(context.alert.getTitle() + ' - ' + context.alert.getMessage()); print(context.alert.toJSONString());
When a script is called as a condition, it needs to return a value - either true or false depending if the condition matches or not.
© Ceptor ApS. All Rights Reserved.