Alerts Configuration
Configuration - JSON Structure
Alerts are stored as JSON configuration, in Ceptor's configuration as a property named "alerts_JSON_" in the abstract server configuration named "alerts" (the Ceptor Console will create it for you if it does not already exists - but if you need to change it using APIs, you need to know the naming).
Example alert actions
{"actions": [
{
"name": "Log the alert",
"type": "log",
"conditions": [],
"level": "WARN"
},
{
"name": "Alert Administrator",
"type": "sms",
"conditions": [],
"mobile": "+4526164023"
},
{
"name": "Send email to admin",
"type": "email",
"conditions": [],
"email": "kr@asseco.dk",
"email.prefix": "[Alert !!!]"
},
{
"name": "Create an action",
"type": "log",
"conditions": [{
"name": "Only server down",
"type": "server_down"
}],
"logger": "alerts",
"level": "ERROR"
},
{
"name": "Run a script",
"type": "script",
"conditions": [],
"script": "%{script}//\r\n// Example javascript that simply writes both the configuration and alerts to stdout\r\n//\r\n\r\nprint(context.configuration);\r\nprint(context.alert.getType());\r\nprint(context.alert.getID());\r\nprint(context.alert.getTitle() + ' - ' + context.alert.getMessage());\r\nprint(context.alert.toJSONString());"
}
]}The "alerts_JSON_" property contains a JSON array called "actions", and each action looks like this:
Key | Description |
|---|---|
name | Name of the Alert Action |
type | Type of action, must be one of:
|
conditions | JSON Array of conditions - if empty, no conditions are defined, meaning Alert Action matches all alerts. |
logger | Name of logger to log message to - only for actions of type "log" |
level | Logger Level, either TRACE, DEBUG, INFO, WARN or ERROR - only for actions of type "log" |
Email address - only for actions of type "email" | |
email.prefix | Email subject prefix - only for actions of type "email" |
mobile | Mobile phone number - only for actions of type "sms" |
script | Script to execute - only for actions of type "script" |
For conditions, each condition is a JSON object within the conditions array in an Alert Action
Key | Description |
|---|---|
type | Type of alert to match, one of:
|
subject | Pattern matching certificate Subject |
issuer | Pattern matching certificate Issuer |
destination | Pattern matching gateway destination name |
gateway | Pattern matching gateway name |
host | Pattern matching hostname |
port | Port number |
script | Script to execute to decide if this condition matches |
Configuration - Properties
In order to be able to send emails / SMS messages, some configuration is required - this configuration must be set for the Ceptor Configuration Server which processes the alert actions defined.
Example configuration:
<group name="alerts" description="Alert actions related configuration">
<property name="mail.from" value="" description=""/>
<property name="mail.replyto" value="" description=""/>
<property name="mail.smtp.host" value="" description=""/>
<property name="mail.smtp.password" value="" description=""/>
<property name="mail.smtp.port" value="25" description=""/>
<property name="mail.smtp.protocol" value="smtps" description=""/>
<property name="mail.smtp.user" value="" description=""/>
<property name="sms.apikey" value="" description="For CPSMS, if present, sms.password is not used"/>
<property name="sms.appnr" value="1231" description="For unwire, specify from phone number"/>
<property name="sms.flashsms" value="false" description="If true, SMS is sent as flash SMS"/>
<property name="sms.from" value="Ceptor" description="Max 11 characters from name or number"/>
<property name="sms.httpProxyHost" value="" description="HTTP Proxy Server"/>
<property name="sms.httpProxyPassword" value="" description="HTTP Proxy Password for proxy authentication"/>
<property name="sms.httpProxyPort" value="8080" description="HTTP Proxy Port"/>
<property name="sms.httpProxyUser" value="" description="HTTP Proxy Userid to use for authentication"/>
<property name="sms.mediacode" value="" description="For unwire, specify mediacode"/>
<property name="sms.password" value="" description="Password for SMS gateway"/>
<property name="sms.provider" value="cpsms" description="cpsms or unwire depending on which SMS provider to use (locallogging for logging codes to log file)"/>
<property name="sms.smsc" value="dk.tdc" description="For unwire, specify operator to use"/>
<property name="sms.username" value="portalprotect" description="Username for SMS gateway"/>
<property name="sms.verifysslhostname" value="true" description="Set to false to turn off hostname verification"/>
<property name="sms.verifysslservercert" value="true" description="Set to false to turn SSL server certificate validation"/>
</group>The following properties exists for sending alerts via Email:
Name | Default | Description |
|---|---|---|
mail.smtp.host |
| Hostname of SMTP server |
mail.smtp.protocol | smtps | Email protocol, should be smtp or smtps |
mail.smtp.port | 25 | Port number of SMTP server |
mail.smtp.user |
| Userid for authenticating to SMTP server |
mail.smtp.password |
| Password for SMTP Server - see Encrypting or Obfuscating Passwords for info on encrypting it |
mail.from |
| Sender of the email |
mail.replyto |
| If present, the reply-to email header is set to this. |
And the following properties exists for sending alerts via SMS:
Name | Default | Description |
|---|---|---|
sms.httpProxyHost |
| HTTP Proxy hostname |
sms.httpProxyPort |
| HTTP Proxy port |
sms.httpProxyUser |
| HTTP Proxy username |
sms.httpProxyPassword |
| HTTP Proxy password |
sms.from | Ceptor | Name of Sender - shows up as SMS sender |
sms.flashsms | false | True if SMS should be sent as flash SMS - flash SMS's are not saved in the history, and shown as popup. |
sms.verifysslhostname | true | Set to false to turn off hostname validation of SMS server |
sms.verifysslservercert | true | Set to false to turn off SSL certificate validation when calling the SMS server |
sms.provider | cpsms | Name of SMS Provider, either cpsms or unwire |
When SMS Provider is cpsms | ||
sms.server | https://www.cpsms.dk | Server to use when sending SMS |
sms.username |
| Username from CPSMS |
sms.password |
| Password |
sms.apikey |
| API Key - if specified, the API Key is used instead of password when authenticating to the SMS provider. |
When SMS provider is unwire | ||
sms.server | https://gw.unwire.com | Unwire gateway Server URL. |
sms.username |
| Userid for unwire account |
sms.password |
| Password for unwire account |
sms.smsc | dk.tcp | SMSC - contact unwire for info |
sms.appnr | 1231 | Number to send via - contact unwire for info |
sms.mediacode |
| Optional mediacode - contact unwire for info |
Alerts - JSON Structure
Each Alert has its own JSON Structure
Example Alert
{
"type": "server_up",
"id": "63ba3e15-0275-4c8b-aa0f-b2340873cc1e",
"title": "Server api.worldbank.org:80 up",
"message": "Server worldbank_sandbox (api.worldbank.org@api.worldbank.org:80) is back up after 42 minutes",
"gateway": "gateway1",
"destination": "worldbank_sandbox",
"host": "api.worldbank.org",
"port": 80,
"duration": 2520512
}This is a list of the keys / attributes that the alert can contain:
Key | Description |
|---|---|
type | Type of alert, one of:
|
id | Unique ID of this alert |
title | Alert title |
message | Message body |
source | For Certificates, the source, e.g. name of keystore or file it was loaded from. |
owner | For Certificates, the name of the module that loaded the certificate, e.g. "sessionctrl1" |
purpose | Purpose of the certificate, e.g. SAML Signing or JWT Validation |
certificate | X.509 Base64 encoded version of the certificate |
gateway | Gateway name |
destination | Destination name |
host | Hostname |
port | Port number |