Notifications: Notify on Blocked URL by Filter
Whenever a url is blocked by the url filter, have an email notification sent to appropriate admin users to advise who's trying to access blocked content.
As an administrator I like the idea of getting a realtime alert of someone attempting to access sites they shouldn't. For example if a member of staff is trying to access proxy bypass sites I'd like to be notified immediately
We had other proxy security software that issued an email to designated people when users attempted aces to prohibited sites. Gives a manager instant feedback on who is attempting to abuse the system
Kevin Coddington commented
This is a very needed feature, as it can lead to signs of malware infection and attempts at web abuse. In organizations with large amounts of employees and web traffic, this could be very beneficial when constantly monitoring the logging/reporting sections is not a viable solution. Thresholds on all Uncategorized website hits alone would be huge. +3 votes.
Active alerting rather than having to trawl through logs or wait for a report is a good thing. Having an alert threshold would mean that only persistent attempts to access a blocked site would be flagged. We have found this useful in other products where it came in useful highlighting repeated attempts to call back to cnc sites or users who were deliberately trying to access sites which were against company policy.
Ben Ford commented
In trying to understand this request, can you let me know what the problem you are trying to solve with this "live email" is? Is the continuos reporting not enough? If they users are getting blocked pages, the filter is doing its job, what is the benefit to you by knowning about their attempts via email? (this could create a ton of messagesl
You can use the ARM product (or another host running syslog-ng plus some filter rules) in order to achieve this goal until this feature has been implemented.