Trunc - Setting Alerts and Notifications

Configure Alerts and Notifications

Collecting and aggregrating logs is only one piece of a log management strategy. The second piece is being able to quickly identify when an event occurs that requires action.

We help achieve this level of awareness via our notification engine.

Trunc provides a powerful notification engine that allows an administrator to configure pre-defined notifications based on industry standard events, or based on custom events created by an organization. This help document shows you how to access and how to configure notifications.

Configure Trunc Notifications

Trunc alows you to configure Slack and Email notifications.

Access the notifications via the Alerts page.

By default, the system will use the email for your account as the default notification option.

Enable any of the predefined alert notifications and the system will start working automatically. By default the settings are all disabled (set to Quiet, toggle to Alerting to enable).

Predefined Notifications

By default we offer 10 predefined alerts you can enable. They are grouped into logical groupings - System Availability Alerts, Security Activity Alerts, Web Activity Alerts, and Other Alerts.

System Availability Alert

Name	Description
Disk Space Full	Alerts on logs regarding the disk being full
Low Memory	Alerts on logs related to low memory.
System Crash	Alerts on logs that may indicate a system crash.

Security Activity Alert

Name	Description
Failed 'sudo' attempt	Alerts whenever Linux 'sudo' authentication fails
Failed 'su' attempt	Alerts whenever Linux 'su' authentication fails
Brute Force attempt	Alerts whenrver a brute force attack is detected
Brute Force attempt success	Alerts on brute force attacks followed by a success
New user added	Alerts when new users are added
New application installed	Alerts when a new application is installed

Web Actvity Alerts

Name	Description
Web server errors	Alerts if multiple web servers errors are detected
HTTP 404 Errors	Alerts if multiple 404 errors from the same IP address are detected. Likely a web recon scan.
HTTP 500 Errors	Alerts if multiple 500 errors from the same IP address are detected. Might indicate an attack or web scan.

Other Alerts

Name	Description
Service availability	Alerts on logs that indicate an availability issue
System limit reached	Alerts whenever a system limit is reached.
New package added or removed	Alerts whenever we detect a new package being installed or removed

Custom Configurations

In addition to the predefined alerts, you have the option to create your own alerts using the alert generation card.

This card is found at the bottom of the Alerts page:

All custom alerts get added to notification addresses in your account. If you have five accounts, all five will get the new alert rule.

Posted in trunc product_configuration by trunc_team

Logging Guides

We love logs. In this section we will share some articles from our team to help you get better at logging.

Trunc Logging

Logging for fun and a good night of sleep.

* Real time search
* Google simple
* Cheap
* Just works
* PCI compliance

Latest articles

Latest articles from our learning center.

2024-03-26
Log Management: Introducing Active Response, Putting Logs to Work

2024-03-19
Log Management: Understanding its Importance and Functionality

2024-03-07
5 Ways Log Management and SIEM Technologies Strengthen Security Governance

2023-01-25
5 Reasons to Monitor Web Server Logs

2023-01-25
Logging basics: What is syslog

2022-10-27
Log Managment and Security

Contact us!

Do you have an idea for an article that is not here? See something wrong? Contact us at support@noc.org

Tired of price gouging

Clear pricing. No need to guess. Real people. Real logging.