The Event Notification Engine (ENE) sends email notifications about Privileged Access Security solution activities automatically to predefined users. It is installed automatically as part of the Vault server installation as a service.
Enable the ENE
After installing the Vault, the ENE must be enabled so that you will be able to receive email notifications about the Vault activities.
After the ENE has been configured, the ENE setup wizard will only be enabled if the SMTP address is set to 1.1.1.1. To rerun the ENE setup wizard, in the Notification Settings page, set the SMTP address to 1.1.1.1 then re-invoke the ENE setup wizard. |
Before enabling the ENE
-
Log onto the PrivateArk Administrative Client as an administrator user.
-
Make sure that the business email address of the user who will issue ENE notifications is specified in their user properties. This user must belong to the Vault Admins group. By default, this is the Administrator user.
Enable the ENE
The ENE is installed as part of the Vault server installation as a service called Cyber‑Ark Event Notification Engine. After Vault server installation or upgrade, do the following to enable the service:
-
Log onto the PVWA as an administrator user. Make sure that this user belongs to the VaultAdmins group so that you have the required permissions to enable ENE notifications.
-
Enable the Event Notification Engine:
-
In the System Configuration page, click Setup Wizard.
The Setup Configuration wizard displays the Vault setup page.
-
Select Email notifications, then click Next; the Configuration page appears.
- In the Setup Event Notification Engine area, specify the following details:
SMTP address – The IP address of the SMTP server. You can specify multiple IP addresses for high availability implementations. Separate multiple IP addresses with commas.
Sender Email – The mail address that will appear as the notification sender.
- In the Advanced Settings area, specify the following optional details:
Sender DisplayName – The name that will appear as the sender’s name.
SMTP Port – The port through which the ENE will send notifications.
Recipients Domain – The name of the domain where the recipient’s email account exists.
CA-PVWABaseURL – The URL of the machine where the PVWA is installed (e.g. https://www.myserver.com)
- Click Finish; the initial ENE configuration is saved and the Email notification setup message appears.
- Click Yes; a test email is sent to the members of the Vault Admins group.
-
Authenticated and encrypted email notifications
Configure authenticated email notifications
After you have configured encryption for email notifications, you can add an additional level of security by configuring authentication too.
-
In the NotificationEngine Safe, create an account that will authenticate to your mail server. Make sure this account has permission to send from the mailbox specified in the Mail parameter.
-
In Administration > Notification Settings, expand EventNotificationEngineSendMethod > SendMethod > Security and set the following parameter:
Parameter
Value
SMTPAccountName
The name of the account you created in step 1 and stored in the NotificationEngine Safe.
Note: This is not the username.
Configure encrypted email notifications
-
In the SMTP server, export the trusted root certificate that issued the SMTP server’s TLS certificate in Base-64 encoded X.509 format.
-
Copy the exported certificate to the ENE server (also the Vault server).
-
In Administration > Notification Settings, expand EventNotificationEngineSendMethod > SendMethod > Security and set the following parameters:
Parameter
Value
EnableTLS
Yes
TLSRootCertificatePath
The location of the certificate you stored on the ENE/Vault server in step 2.
-
In Administration > Notification Settings, expand EventNotificationEngineSendMethod > SendMethod > Servers > Server and set the following parameters:
Parameter
Value
CertificateAlias
The value that appears in the “Issued to:” field in the SMTP server’s TLS certificate.
Logs
In order to monitor ENE activity and status, the following log files are created in the Event Notification Engine installation folder:
ENEConsole.log
This file contains informational messages and errors that refer to ENE function. This log is meant for the system administrator who needs to monitor the status of the ENE.
ENETrace.log
This file contains errors and trace messages that can be used for troubleshooting. The types of messages that are included depend on the debug levels that are specified in the EventNotificationEngine.ini configuration file.
Parameters
Parameter | Defines ... |
---|---|
ControllerDebugLevel | The controller debug level. |
CollectorDebugLevel | The collector debug level. |
ParserDebugLevel | The parser debug level. |
SMTPSenderDebugLevel | The SMTP sender debug level. |
Trace levels
The amount of information written in the ENETrace.log is determined by the following trace levels:
Trace level | Indicates |
---|---|
1 | Only exceptions will be written in the trace log. |
2 | Trace messages will be written in the trace log. |
3 | Vault connectivity errors will be written in the trace log. This trace level is only available for the ControllerDebugLevel parameter. |
4 | Vault connectivity debug and activity logging will be written in the trace log. This trace level is only available for the ControllerDebugLevel parameter. |
New log files
New log files are created in either of the following scenarios:
Scenario | Description |
---|---|
Each time the ENE is started | New log files are created each time the ENE is started. When the ENE stops running, the log files are timestamped and stored in the ‘Event Notification Engine\Logs\Old’ folder so that they do not overwrite existing log files. |
When the log files reach 50 MB | When the log files reach 50 MB, they are timestamped and stored in the ‘Event Notification Engine\Logs\Old’ folder and new log files are created. |
Record ENE activities in the Event Viewer
In addition to the above log files, the Event log records activities that are performed by the ENE until the EventNotificationEngine parameters are retrieved from the Vault and the log files are created according to the specified parameters. This enables users to track all the activities carried out by the ENE from the moment it starts working.
In order to identify ENE components that performed activities, the following prefix is added to messages in the Event log:
■ | Cyber-Ark ENE |