Environment
Situation
Can SecureLogin audit Securelogin enabled application via SMTP?
Managing the SMTP alerts from a single location
Resolution
SecureLogin can send alert messages via SMTP. This is accomplished by using third-party mail software such as BMAIL.exe. SecureLogin can execute the mail software when a particular event occurs This is achieved through scripting.
The Application definition editor is able to provide a central area for SMTP alerts to be managed so many SecureLogin applications can generate alerts using one generic SMTP script. The benefit of this script is that all the alerts are held in a central location, which makes it easier to create and manage mail alerts. The basic SMTP_ALERTS script already supports the following alerts:
- Login Successful
- Wrong Password
- Change Password
- Incorrect Login
- Account Lockout
The subject line will be in the following format:
Application Name – Username – Alert message
For Example:
Notepad.exe – mkeeffe – Account Locked before continuing
To configure the SecureLogin enabled application to send SMTP, follow the instructions below:
1. Insert the following lines into the top of the Application Definition:
Include SMTP_ALERTS Set ?App [Application Name]
For Example:
Include SMTP_ALERTS Set ?App Notepad.exe
2. To send an alert at a particular point in the Application definition, call the matching subroutine from the SMTP_ALERTS script, which is attached further below. For example the following alerts contained in the SMTP_ALERTS script are inside the following sub routines:
Login Successful (SMTP_SuccessFullLogin) Wrong Password (SMTP_WrongPassword) Change Password (SMTP_ChangePassword) Incorrect Login (SMTP_IncorrectLogin) Account Lockout (SMTP_AccountLockout)
For Example: If I wanted to send a Wrong Password message via SMTP, the following line would be inserted at the point of the script where SecureLogin handles the wrong password. (The line to be inserted is in bold)
If –Text ""Incorrect Password. Please Try again"" Call SMTP_WrongPassword DisplayVariables ""Incorrect Password. Please try again."" Type $Password Password EndIf
3. Create a generic type SecureLogin definition called SMTP_ALERTS and copy and paste the following script:
##==================================================================== # Name: SNMP_ALERTS # Date: 16th May 2005 # Author: Martin Keeffe # Purpose: A Generic Template for Applications to send SMTP alerts. # # SMTP ALERTS # ALERT SUB-ROUTINE #- Login Successful (SMTP_SuccessFulLogin) #- Wrong Password (SMTP_WrongPassword) #- Change Password (SMTP_ChangePassword) #- Incorrect Login (SMTP_IncorrectLogin) #- Account Lockout (SMTP_AccountLockout) ##===================================================================== ##===================================================================== # Location of BMAIL.exe or ThirdParty mail software ##===================================================================== Set ?Mail ""F:bmail.exe"" ##===================================================================== # SMTP Settings ##===================================================================== Set ?MailTo ""email@domain.com"" Set ?MailFrom ""email@domain.com"" Set ?SMTPServer ""mail.server.com"" Set ?EmailBody ""Body of Email"" ##===================================================================== Sub SMTP_SuccessFulLogin Strcat ?Part1 ?app ""-"" Strcat ?Part2 ?Part1 ?Sysuser Strcat ?Error ?Part2 "" - Login Successful"" Run ""?Mail"" –s ""?SMTPServer"" –t ""?MailTo"" -f ""?MailFrom"" -a ""?Error"" -b ""?EmailBody"" EndSub ##===================================================================== Sub SMTP_WrongPassword Strcat ?Part1 ?app ""-"" Strcat ?Part2 ?Part1 ?Sysuser Strcat ?Error ?Part2 "" - Wrong Password"" Run ""?Mail"" –s ""?SMTPServer"" –t ""?MailTo"" -f ""?MailFrom"" -a ""?Error"" -b ""?EmailBody"" EndSub ##===================================================================== Sub SMTP_ChangePassword Strcat ?Part1 ?app ""-"" Strcat ?Part2 ?Part1 ?Sysuser Strcat ?Error ?Part2 "" - Change Password"" Run ""?Mail"" –s ""?SMTPServer"" –t ""?MailTo"" -f ""?MailFrom"" -a ""?Error"" -b ""?EmailBody"" EndSub ##===================================================================== Sub SMTP_IncorrectLogin Strcat ?Part1 ?app ""-"" Strcat ?Part2 ?Part1 ?Sysuser Strcat ?Error ?Part2 "" - Incorrect Login"" Run ""?Mail"" –s ""?SMTPServer"" –t ""?MailTo"" -f ""?MailFrom"" -a ""?Error"" -b ""?EmailBody"" EndSub ##===================================================================== Sub SMTP_AccountLockout Strcat ?Part1 ?app ""-"" Strcat ?Part2 ?Part1 ?Sysuser Strcat ?Error ?Part2 "" - Account Locked"" Run ""?Mail"" –s ""?SMTPServer"" –t ""?MailTo"" -f ""?MailFrom"" -a ""?Error"" -b ""?EmailBody"" EndSub ##=====================================================================
Please note, Contained in the SMTP_ALERTS script is a variables that holds the location of the mail software and the SMTP settings. Please modify these variables to hold the correct information.
To create more SMTP alerts, use the following template and append it to the bottom of the SMTP_ALERTS script.
##================================================================== Sub [NameOfAlert] Strcat ?Part1 ?app ""-"" Strcat ?Part2 ?Part1 ?Sysuser Strcat ?Error ?Part2 "" – [Alert String]"" Run ""?Mail"" –s ""?SMTPServer"" –t ""?MailTo"" -f ""?MailFrom"" -a ""?Error"" -b ""?EmailBody"" EndSub ##==================================================================
[NameOfAlert]
This is the name of the SubRoutine that sends the SNMP Alert. The naming should be similar to the others listed, so it is easier to refer and call in other scripts. For Example:
Sub SNMP_ApplicationClosed
[AlertString]
Alert string is the string that will appear in the log. For example:
Strcat ?Error ?Part2""- Application Closed""