Exchange mail filter
Plugin with which you can filter emails and the number of emails that match the filters used.
- Introduction
- Compatibility matrix
- Pre requisites
- Parameters
- Manual execution
- Configuration in PandoraFMS
- Modules generated by the plugin
Introduction
Ver. 15-02-2023
Plugin with which you can filter mails and the number of mails that match the filters used.
Type: Server plug-in.
Compatibility matrix
Systems where tested |
exchange 2016, exchange online |
Systems where it should work |
Any version of exchange |
Pre requisites
- Pandora FMS Data Server enabled
- Pandora FMS Plugin Server enabled.
- OAuth authentication for exchange online
Steps to enable OAuth in online exchange:
-
Application Registration in Azure AD:
- Log in to the Azure Application Portal.
- Navigate to Azure Active Directory > Application Logs > New Logging Application.
- Complete the application details.
-
Permissions Configuration:
- After registering the application, go to "API Permissions" and assign the necessary permissions for Exchange Online (full_access_as_ap).
-
Obtaining Application Credentials:
- In the "Credentials" section of the application, create a new secret key and use this, the tenant id and client id of the application to authenticate with the plugin.
Parameters
--server | Server name |
--smpt_address | Mailing Address |
--user | Exchange user |
--client_id | Client id |
--tenant_id | Tenant id |
--secret | secret |
--password | User password |
--smtp_address | User account from which emails will be filtered. |
--subject | To filter word or phrase in the subject. |
--sender | To filter by e-mail |
--date_start | Each date must be separated by a hyphen and enclosed in quotation marks, with the following format: 'year-month-day-day-hour-minute'. example: '2021-1-12-0-0'. |
--date_end | Each date must be separated by a hyphen and enclosed in quotation marks, with the following format: 'year-month-day-hour-minute'. example: '2021-1-12-0-0'. |
--mail_list | To create a new module with a list of matching mails. |
--transfer_modo | Transfer mode |
--tentacle_port | Tentacle port in case you want to send data in this way |
--tentacle_address | Tentacle address in case you want to send the data in this way |
--agent_prefix | Name of the agent that will contain the modules |
--module_prefix | To add a prefix to the module, "Exchange" is the default prefix. |
--group | Target group in pandora |
--interval | Time creation interval for the agent |
--temporal | Temporary file directory. |
--data_dir | Data destination address |
--log_file | Log file path |
--auth | Authentication mode. The two possible options are 0Auth and basic. The basic authentication is required in exchange online. |
Manual execution
The plugin creates an agent with two modules for each execution, one with the number of emails that match the filtering and another with the list of these emails. The filtering parameters are as follows:
--subject
--sender
--date_start
--date_end
You can filter by any of these or you can combine them as follows:
subject + sender
subject + sender + date_start-date_end
Manual execution example
./exchange_mail \
--auth <oauth> \
--server <server> \
--smtp_address <smtp_address> \
--client_id <client_id> \
--tenant_id <tenant_id> \
--secret <secret> \
[--user <user>] \
[--password <password>] \
[--subject <subject>] \
[--sender <sender>] \
[--date_start <date_start>] \
[--date_end <date_end>] \
[--mail_list <mail_list>] \
[--module_prefix <module_prefix>] \
[--agent_prefix <agent_prefix>] \
[--group <group>] \
[--interval <interval>] \
[--temporal <temporal>] \
[--data_dir <data_dir>] \
[--transfer_mode <transfer_mode>] \
[--tentacle_client <tentacle_client>] \
[--tentacle_opts <tentacle_opts>] \
[--tentacle_port <tentacle_port>] \
[--tentacle_address <tentacle_address>] \
[--log_file <log_file>]
Help example
Configuration in PandoraFMS
Manual installation
Go to servers > plugins:
Click on add:
We put the name and description of your choice:
We enter as command the execution with the path of the plugin:
</path_exchange_mail>
Remember that the recommended path for the use of the server plugins is: /usr/share/pandora_server/util/plugin/
And in plugin parameters we will introduce these followed by the macro "_field<N>_", the mandatory ones for the plugin to work are --server, --auth, --smtp_address and depending on the authentication method, user and password in the basic one and client_id, tenant_id and secret in OAuth authentication.
Although it is not mandatory, the use of the --agent_name parameter is highly recommended, since it allows us to customize the name of the agent that will contain the created modules.
Once this is done, we will click on "create".
Once this is done, the only thing left to do is to call it, so we will go to some agent's view and create an add-in module:
We will give it a name and in the section "plugin" we will put the one we have just configured.
Once this is done, click on create.
If the module is shown with 1, it means that it is running correctly.
Modules generated by the plugin
- The plugin will create an agent with a module called "Coincidences_count" with the number of coincidences and if the ```--mail_list`` parameter is used it will also create a module with a list of coincidences.