Setting up e-mail and message notification

IDS is a notification system. You can optionally configure IDS to send real-time intrusion notifications to a message queue and to specific e-mail addresses. That way, you can alert systems administrators about specific types of intrusions and extrusions so that they can take actions to stop further intrusions from occurring. You can enable or disable IDS e-mail and message notification per policy.

Prerequisites:
  • You must have *ALLOBJ and *IOSYSCFG authority to be able to display or change the IDS properties.
  • To use IDS e-mail notification, System i SMTP must be configured and running. For information on how to use SMTP, see E-mail.
To set up e-mail and message notification for IDS, perform these steps:
  1. In IBM® Navigator for i, expand IBM i Management > Security > All Tasks > Intrusion detection.
  2. Click Intrusion Detection System properties.
  3. In the IDS Properties page, select the Notification tab.
  4. To send intrusion messages to a message queue, select the Send message notifications check box and specify the name of the message queue and library. (If the check box remains cleared, IDS does not send notifications to a message queue.)
  5. To send intrusion messages to an e-mail address, select the E-mail address check box and enter the e-mail address. You can send intrusion messages to up to three e-mail addresses. (If the check box remains cleared, IDS does not send notifications to an e-mail address.)
  6. To allow Internet Control Message Protocol (ICMP) redirect messages, click the ICMP tab and select the check box. (If the check box remains cleared, IDS does not notify you of ICMP redirect messages.)

    ICMP redirect messages are used to inform a host of a more optimal route to a destination. However, a hacker could send an ICMP redirect message to a host to have future traffic directed to the hacker's system.

Intrusion detection events are sent to the specified message queue and e-mail addresses. The IDS Properties settings apply to all of the intrusion detection policies.
Tip: You can configure each intrusion detection policy to send e-mail and message notifications when an intrusion event is detected. To do this, select the Notification tab on the IDS Policy Properties page for the specific policy.