This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Limit notifications" broken?

I do have "Limit notifications" checked on the Management - Notifications - Global tab. The help text says "Sophos UTM has sensible default values to limit the number of notifications sent per hour."

However, every time my UTM detects a portscan, I get at least four or five email alerts, even if the attack lasts only a second or two. More often, I'll receive a dozen or so alerts for a single attack, but yesterday morning took the cake, generating over ninety(!) WARN-856 email alerts for a portscan that lasted a little under 30 seconds.

Is this really what the system considers "sensible," or is something broken?

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi,

Look at the logs and see how many events were logged; if it's significantly higher than the # of emails, then it's 'working'.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi,

Look at the logs and see how many events were logged; if it's significantly higher than the # of emails, then it's 'working'.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data

"Limit notifications" broken?

Submitted a Tech Support Case lately from the Support Portal?