When it comes to monitoring systems, often times there just too many email notifications that can get mixed in with normal email traffic. Or perhaps you prefer to shut email down at night and not have to think about it – however there could be some important situations that come up you still want to be aware of. Let’s take a look at sending an email notification as a text to your phone for those higher priority cases.
Most cellular companies assign an email address to cellular phone numbers and support SMS or MMS messaging by email. You don’t need to install any special apps, you just need to be able to accept a text message.
The major US cellular carriers use the 10 digit phone number combined with a unique domain for each respective company for an address. For example the most common carriers use these email domains:
Carrier: Sample Email Address
- Alltel -> 1234567890@message.alltel.com
- AT&T -> 1234567890@txt.att.net
- Nextel -> 1234567890@messaging.nextel.com
- Sprint -> 1234567890@messaging.sprintpcs.com
- T-mobile -> 1234567890@tmomail.net
- Verizon -> 1234567890@vtext.com (text only)
- Verizon -> 1234567890@vzwpix.com (pictures and videos)
*Subject to change! Some companies may also offer aliases instead of using phone numbers for email.
Note that some carriers will break apart larger messages into 160 character messages, others will deliver only the first 160 characters. We discovered one instance where a carrier dropped the entire message due to exceeding the max characters allowed although this is believed to be uncommon. Please check with your provider on their specific policy.
So let’s take a look at setting up a text message alert using the Mail notification in ELM.
First off we’ll launch a new notification method from the Wizard in the main menu.
Next we’ll setup the email To Address field to point to our mobile number. In this case AT&T is the carrier so we’ll use their mms format for the domain.
Here we can also specify which Event fields are included in the message and any other freeform text. We’ll leave the defaults for now and modify later as needed after we see how the message looks.
Next we’ll add our SMTP server properties and account for sending the message. We’ll also limit the character count for message length to 160 since this is going to our phone.
Now we’ll assign this text email to a View. So any events that are filtered to appear in this view will trigger the notification. In this case we’re going to choose a Security View > Logon Failures.
Now we’ll fine tune the trigger just a bit. In this example we’re going to use this text notification for after hours messages. Specifically with any failed logon attempts, so we will set the threshold for three failed logons within two minutes to trigger the notification. This means it the failed logon will have to occur three consecutive times within that window before a notification is sent.
We’re going to leave the last checkbox to disable this for any old or cached data that is older than 1 hour.
Since this will be an after hours notification, we’re going to setup an exclude here for normal business hours and add it to the list of exclusions. So this will only be active outside of normal business hours Monday through Friday 5PM-8AM and on Weekends.
Now we’ll give this notification a good name and a description of what it’s configured for is always a good idea.
Once we’re finished with setup, you’ll see the new After Hours Text Notification has been added to our list in the left pane of the ELM Console.
Remember this Notification Method can be assigned to other Event Views, Security Views, and Correlation Views as well. Just keep in mind any special configuration that was used such as the after hours scheduling in this case.
Now we’re ready to catch any suspicious logon activity in the after hours.
In this case we can see some late night activity that is out of the norm. After seeing how the message is formatted we may want to go back in and modify the event fields and text that are used to narrow down or include exactly what we want to see for this type of an alert.
We could also create a new contact card on the phone to better highlight the importance of the sender of the text messages we’re receiving.
Note the time difference here shows an ELM server on the West Coast sending to a Phone who is currently on East Coast.
Here is a peak at the Security View that is triggering these after hours text notifications. This is sometimes helpful to take a look at while narrowing down the event fields we’re including in the notification being sent or any additional freeform text we want to include. Just keep in mind that 160 character limit for most carriers.
Coming Up Next….
Fire Mountain Software’s development team is well underway in developing an all new custom phone app for high priority notifications. Plans are to include features such as acknowledgement, assignment and escalation. Stay tuned for future updates but in the meantime we hope you find this tip on using text notifications helpful and wish you continued success with ELM Enterprise Manager!