This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Limit notifications" broken?

I do have "Limit notifications" checked on the Management - Notifications - Global tab. The help text says "Sophos UTM has sensible default values to limit the number of notifications sent per hour."

However, every time my UTM detects a portscan, I get at least four or five email alerts, even if the attack lasts only a second or two. More often, I'll receive a dozen or so alerts for a single attack, but yesterday morning took the cake, generating over ninety(!) WARN-856 email alerts for a portscan that lasted a little under 30 seconds.

Is this really what the system considers "sensible," or is something broken?

This thread was automatically locked due to age.

0 BarryG over 11 years ago

Hi,

Look at the logs and see how many events were logged; if it's significantly higher than the # of emails, then it's 'working'.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 JonEtkins over 11 years ago

Good thought. Checked the log during that long scan, and sure enough, it continued for another 15 minutes and generated over eleven thousand log entries!

So yes, I guess you'd have to say that the limit is working after all; I guess I just wish it was somewhat lower than it is, for portscans at least - a hundred messages is certainly a lot better than several thousand, but it still seems a tad excessive.
Cancel
Vote Up 0 Vote Down

Cancel
0 JavierCasares over 10 years ago

Well, sensible for me is not to SPAM with 90 mails during the same minute. It should send one warning from the same source for every 5 minutes (or maybe better, should be configurable). Having 180 mails in a couple of minutes doesn't provide any use.

I consider this a bug because the term "sensible" is not followed.

Is there a place at SOPHOS where we can post bug reports/feature requests?
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 10 years ago

Is there a place at SOPHOS where we can post bug reports/feature requests?
UTM (Formerly ASG) Feature Requests: Hot (1778 ideas) for feature requests. Bugs should be reported to Sophos Support, but you can only contact Support if you are using a paid license (not the free home license).

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

"Limit notifications" broken?

Submitted a Tech Support Case lately from the Support Portal?