Monitoring of emergency messages

When operating a video surveillance system, emergencies can occur: For example, breaks in fiber-optic networks, unauthorized power failure, failure of video cameras, opening of cabinets with equipment, etc. As a rule, it is required to inform about this the chief of security service and technical specialist who serves the video surveillance system. Therefore, there is a task of prompt notification about accidents.

Fort-Telecom offers a simple and free solution with the help of SMS messages.

When alarms occur, PSW-2G4F  switch sends messages to the PC where TFortis Syslog2SMS application is running. This program redirects all messages via the Internet to the SMS gateway. Further SMSes get to the addressees. The operation is shown in the diagram below.

operating system: Windows XP, Vista, 7

constant access to the Internet

an account on the service www.sms.ru

 

The program TFortis Syslog2SMS monitors UDP port 514 (Syslog) and when receiving the message it generates and sends http request to the sms.ru service, which in turn sends sms to the specified number. The volume of traffic transmitted over the Internet is small, less than 1 KB.

 

The program does not need to be installed. Before running, copy the “Syslog2SMS.exe” file to any separate folder. The program stores the settings in the settings.ini file, which is automatically created after the initial configuration. It may also be necessary to add the program to firewall exceptions if it blocks the program access to the Internet.

 

Initially, you need to configure the PSW-2G4F switch to send Syslog messages to the computer address, where the program is running. To do this, go to the web-interface of the switch, in the Events → Event List tab, check the boxes next to the events of interest. Let's say, we are interested in changing the link.

So, PSW-2G4F is configured, let’s go to the program setup.

The first thing to do is to get access to the sms.ru service. It allows you to send free messages to the registered number, so for monitoring a small network it is quite enough.

 

Go to sms.ru and in the upper right corner click on “registration”.

Fill the fields. Click on “Sign Up” After that, a confirmation code will be sent to the specified number that is entered on the next page.

Copy api_id. It serves as a unique identifier when sending an HTTP request. Paste the string into the Syslog2SMS program in the API_ID field (field 3).

In the field Tel_Num (field 2), enter your phone number in the international format (but without the “+”). If necessary, you can specify several recipients. In this case, phone numbers should be separated by commas without spaces.

For example: 7963123456,79062226677

After entering the information in API_ID and Tel_Num fields, click Apply and the settings will be saved.

Then you can check the sending of the messages by clicking on the “Send Test SMS” button. There should come a message with the text “Test Message”

 

Please note, the program uses the Internet Explorer settings. Therefore, before setting up, you need to check the IE settings. To do this, go to “Internet Options” → Connections → Network Setup.

If you are not satisfied with the name of the SMS sender (and by default it will be the same as the phone number). Service sms.ru allows you to create a text sender. Replacing the sender’s number with a text string, for example “PSW-2G4F”.

To create a text sender on the main page in the personal account of the sms.ru service, open Senders tab and then click on Create a text sender. Then you will need to create and send the application. 

After the application is approved, set the default sender name by selecting “use by default”.

After that, you can check by sending a test message from the program “TFortis Syslog2SMS” 

The program is configured. Now all Syslog messages will be instantly sent to specialists.

 

 

SNMP (Simple Network Management Protocol) — a protocol that is used for managing and monitoring network devices. Using the SNMP protocol, the software can access information that is stored on managed devices (for example, on the switch). On managed devices, SNMP stores information about the device where it operates in a database called MIB.

Now, PSW-2G switches do not support SNMP in full: only part of it – SNMP Trap v1.

SNMP Trap – asynchronous messages sent on the client’s initiative, reporting on events occurring in the switch. Events can be as serious as restarting (someone accidentally turned off the switch), or less significant, such as change in the port status. The switch generates “traps” messages and sends them to the recipient of the alarms (or network manager).

The messages are encoded by a numerical sequence, which is described in the management information base (MIB). The switch stores its MIB in the internal memory. The application program for proper processing of the traps must also be aware of the structure of the variables. To do this, you must connect the MIB file PSW.mib. (The file is supplied in the archive with the firmware. The latest version can be downloaded in the section Support → Documentation → TFortis PSW-2G4F → PSW Firmware )

 

 

State — protocol status

Server IP address - Server IP address

Community - a community string is intended for user authentication. The default is public

 

 

1. Enable operation with SNMP and configure the server address. Apply the settings (Apply)

2. Specify for which events to send messages (setting is common for SYSLOG, SNMP and SMTP). For SNMP, it is important to just tick the State box, and the Level field is only required for the SYSLOG protocol.

Apply the settings (Apply). Now the PSW-2G4F switch will send traps to the server.

3. Server configuration.

As a program for receiving traps, you can use any program that supports:

reception of SNMP v1 traps

loading MIB files

community-string authorization

 

Examples of such programs include:

Nagios (http://www.nagios.org/) - a powerful system for monitoring computer systems and networks with open source. It is intended for observation, control of the state of computing nodes and services, notifies the administrator in the event that some of the services stop (or resume) their work.

ZABBIX (http://www.zabbix.com/) - a free system for monitoring and tracking the status of various services of the computer network, servers and network equipment.

ManageEngine MibBrowser (www.manageengine.com/products/mibbrowser-free-tool/) - a simple free program for viewing MIB files with the ability to receive SNMP traps.

 

As a simple example, let’s consider the last program.

After the startup, we need to connect the MIB file. To do this, click on File → Load MIB and specify the file location.

Then let’s proceed to receiving SNMP traps:

In the appeared window, check that the Community field matches the one specified in the PSW and click on Start. Then, when SNMP traps arrive to us, they are displayed in this window with the IP address of the device that sent them, the date and the text message decrypted based on the MIB file. For greater convenience, we are encouraged to save the traps in a log file or send by email. Enabling these options occurs by corresponding check marks in the TrapViewer window.

At this stage, the program is configured.

 

 

SMTP – (Simple Mail Transfer Protocol) a protocol that sends e-mail messages over the network. SMTP is used for sending messages to the mail server. To receive messages from the mail server, client applications typically use POP or IMAP protocols.

The SMTP protocol does not involve storing messages and transferring them to the client, so the network must have an SMTP server to which these duties will be assigned.

The SMTP protocol is based on TCP, so the delivery of the message is guaranteed.

 

State — SMTP status

Server IP address -IP address of the mail server

Port - TCP port number through which the messages are sent (0 - 65534). 25 by default.

Sender e-mail address- sender’s e-mail address. It is displayed in the “From” field of the email.

Receiver e-mail address- receiver’s e-mail address. It is displayed in the “To” field of the email. Up to 3 recipients are available for additional user potential.

Subject - subject of the email.

Login, Password - login and password, if the mail server requires an authentication procedure.

If these fields are filled in, the authentication with the server mechanism automatically turns on. If the fields are left empty, then the mechanism operates without authentication.

The PSW-2G4F switch supports AUTH PLAIN and AUTH LOGIN authentication methods.

 

There are several options for organizing e-mail operation:

1. A dedicated mail server is located in the local network.

2. An external mail server is used.

Each option has its advantages and disadvantages. The option with the dedicated mail server can be recommended in the event when the video surveillance network is physically separated from the Internet and it is impossible to use external mail services, or there is already a mail server in the network and no additional efforts are required to create and maintain the server. Using external mail services makes configuration easier and faster, eliminates the need to maintain a mail server, but in this case, you need a permanent connection to the Internet, which may not always be possible because of company security policies.

 

 

1. Example of setting up a mail server within a local network

Let’s consider it on an example of a network with the following topology:

For example, you need to configure SMTP on SW2 (PSW-2G4F) switch with IP 192.168.0.1 to send the messages about the link change on the ports of the PSW-2G4F switch to the operator’s computer 192.168.0.3.

Because the SMTP protocol does not involve storing messages and sending them to the mail client, you need to enable the mail server (192.168.0.2) in the network.

Let’s select for our network the domain name companyname.com

For PSW-2G4F, select e-mail address psw2g4f@companyname.com,

for SMTP server- server@companyname.com,

for client - client@companyname.com .

 

Firstly, you need to specify an event that, when it occurs, a message will be sent. In our case, this event is a link change. To do this, in the Events → Event List tab, tick the appropriate event.

Now, let’s configure SMTP

Go to the Events tab → SMTP. Enable operation of SNMP and configure the server address,

set the e-mail address of the sender (i.e. PSW) psw@companyname.com,

set the e-mail address of the main recipient server@companyname.com,

also let’s set up a backup address server2@companyname.com, where messages will be duplicated.

Email title is “PSW-2G4F log”.

Login and Password fields are left blank: we will not use authentication.

Click on “Apply”. The settings are activated.

 

There are a large number of mail server programs for various operating systems and supporting various protocols. For us is important SMTP and POP3 support.

As an example of a mail server for Windows, let’s consider Office Mail Server (https://www.box.com/oms). This is a free program with a simple configuration.

Technical support and instructions are available on the website: http://oficemailserver.livejournal.com/

Install the program, and after startup, the main window will be available:

In the menu Options->SMTP/POP3 server options set up

Local domain name: companyname.com

In the field Users add a client. Then set the user type [BOSS].

Office mail Server supports the following specialized types of users:

Postmaster — user responsible for running and maintaining Office mail Server. He receives special messages generated by the system in case of an error.

Daemon— is used for remote start of communication with an external SMTP/POP3 server, for sending and receiving messages

Boss— user who receives copies of all messages sent through the SMTP server. 

 

 

In the tab Options->Transaction options:

Set the IP address of the server, check the box "Automatically send outbound message if found"

disable authorization for SMTP (button SMTP login ...)

Now all the messages coming to the server will be forwarded to client@companyname.com

 

 

Client Configuration is not particularly difficult. Configuration example based on Mozilla Thunderbird:

After finishing all the settings, you can go to the Web-interface to the SMTP Settings tab and check the sending of the test message. Fill in the Subject and Message fields and send the email. If everything is configured correctly, Mozilla Thunderbird will notify you of a new email.

In this example, let’s consider setting up the PSW-2G4F using an external mail server.

In the example, let’s use mail.ru mail service. Other services are similar in operation if they support AUTH PLAIN or AUTH LOGIN authentication.

Before setting up, you must verify that the switch is connected to the Internet. To do this, you can ping any external IP address from the web interface. (tab Diagnostic tools → Ping). (For example 4.2.2.2)

You also need to create an Email account. In addition, define the SMTP connection settings. For mail.ru address of SMTP server: smtp.mail.ru ans port 25. Since the PSW-2G4F does not support the DNS in the current firmware version, it is necessary to specify the IP address of the SMTP server in the settings. You can find it out in various ways, for example by executing the command “ping smtp.mail.ru” on the command line.

In our case, the address is 94.100.177.1.

 

Now you can proceed directly to the setup.

Address for sending messages fort-telecom@mail.ru,

let’s make a recipient address the same, i.e. as if we are sending a message to ourselves.

Login: fort-telecom@mail.ru (login in mail.ru is the address itself)

Password: 123

After finishing all the settings, you can go to the Web-interface to the SMTP Settings tab and check the sending of the test message. Fill in the Subject and Message fields and send the email.

And let’s check if the email came:

Syslog — the standard for sending messages about the events occurring in the system (logs) used in IP networks. Syslog protocol is simple: when certain events occur, the PSW-2G4F sends a short text message, less than 1024 bytes in size, to the recipient. Messages are sent via UDP (port 514). Syslog is used for ease of administration and information security.

In the switch, you can flexibly configure only the events of interest and assign them an appropriate level of importance. Tab Events → Event List. Levels range from 0 to 7, where 0 is the highest level of importance.

Generally accepted gradation of levels:

(0) Emergency: system is inoperable

(1) Alert: system requires immediate intervention

(2) Critical: critical state of the system

(3) Error: error messages

(4) Warning: warning messages on possible problems

(5) Notice: messages about normal but important events

(6) Informational: information messages

(7) Debug: debugging messages

Using such logical separation of the importance levels of events, it is possible to process them in different ways on the receiving side. For example, event messages with a level of 6, 7 can simply be written to the event log, and event messages with a level of 0-3 are output to the operator. In the PSW-2G4F switch, the events are divided into two groups: Set and trap.

Set – group of events that occur when configuration parameters are changed via the Web interface. And trap — events that occur asynchronously when external events occur, such as change in the link, PoE status, cameras restart, etc.

All events are divided into categories:

base settings - settings change in the “Base Settings” group (network settings, access settings, Syslog, SMTP, SNTP settings)

port settings - settings change in the “Port Settings” group (port speed, duplex, Flow Control, PoE status)

VLAN settings - change in VLAN settings

STP/RSTP settings - change in reservation settings (via STP protocol)

other settings - change in other settings (QoS, Special Functions)

port.link - change in link status

port.PoE - change in PoE status

STP - change in STP/RSTP topology 

special function.link - link disappeared when the Auto Restart function was active

special function.ping - remote device did not respond to PING when the Auto Restart function was active

system - change in the system status (reboot, update, reset to factory settings, etc.)

UPS - change in the UPS operation (only in PSW-2G4F UPS version) (switching to battery power and back to mains)

Syslog message format

According to the Syslog standard, the message has the following format: <level of importance> <date and time> <message>

The <date and time> field contains the date and time of the event. Wherein, the date and time are obtained from the SNTP server. If there is no SNTP server in the network or the protocol is not configured, the message will show the relative time from the start in seconds.

Also, the message body itself has its own format: [numeric message code] text message decryption.

 

Let’s consider it in an example. For example, we have a message received by Wireshark:

 

Here we see that in the Base Settings group on the Syslog page, syslog was enabled. The level of importance is set as Debug, the message was sent on March 25 at 12:01:25. You can also see the numeric marking of the message [1.1.4.0.1]. It is planned to use it in the future for integration with network management and monitoring programs.

 

 

 

Configuration on the switch is not particularly difficult. Firstly, you need to select events of interest in the Events → Event List tab. For example, we are interested in the link change event.

Then, in the Events → Syslog Settings tab, enable the Syslog protocol and set the IP address of the server where messages will be sent.

After configuring the switch, we proceed to configure the server.

Consider an example for Windows. There are many programs for working with syslog-messages. Here are some of them:

Kiwi Syslog

Syslog Watcher

Datagram SyslogServer Suite

Syslogbroadband

LogZilla

Syslog Server Free Tool

Let’s select Kiwi Log Viewer, it is a free, simplified version of the Kiwi Syslog Server. But it satisfies the set tasks.

Address for downloading -http://www.kiwisyslog.com/downloads.aspx

 

The program installation is not particularly difficult; the only thing that you need to do is to select Install as Service in the Chose Operating Mode window (in this case Kiwi Syslog is set as a service: it will be launched when OS starts and resident in the tray resident)

After installation, run the program. By default, all received messages will be displayed in the main window. These messages are written to a text file. It is also possible to configure the forwarding by email.