AIProtection Alerts via Email

[strych91908]

I understand that there were some bugs and workarounds for email notifications for this tool, and mine worked well for the most part. I am not a fan of the ASUS Router phone app, and it doesn't properly push notifications as it should. If fact, it doesn't work at all. Now that email notifications aren't baked into the firmware for this service, is there any script that I could build to bring back email notifications back to this tool? I've never thought it a good thing to rely on external software to do what a device should have built into it in the first place. I'm not clear on why the function was removed in the first place. Any ideas? Thank you.

 

[strych91908]

I put together some inelegant scripts for anyone else who might need or want the email notifications back for AiProtection. While not perfect, they serve the purpose from my original post. It works well, but you will get a second email notice when you delete the AiProtection event(s) through the router GUI. If someone can polish up the code to prevent that, please share.

About the attached files: "monitor_ai_protection.sh" should require no modifications to work. "ai_email_notification.sh" will require you to change the email account specifics to your own. Rename the "monitor_ai_protection" and "ai_email_notification" files replacing ".txt" with ".sh" before proceeding.

1. Ensure that "Custom jffs scripts" is enabled in the router GUI.
2. SSH into your router and install the Entware tools (refer to this guide.)
3. Copy the renamed files to your "/jffs/scripts" folder.
4. Using nano, modify the "ai_email_notification.sh" file to your own email address/credentials and save it.
5. Make each file executable with "chmod +x <filename 1 filename 2>"
6. Open the attached "services-start" file and copy the string to paste into the "services-start" file that should be located at "/jffs/scripts/services-start" after the Entware installation. Use nano to edit.
7. Cd to "/jffs/scripts" and test email function with "./ai_email_notification.sh". You should see activity in your terminal. It will show an error if something isn't right. Check your email for receipt.
8. Once that is confirmed as working, execute the monitor with "./monitor_ai_protection.sh" while still in the "/jffs/scripts" folder. If it's working correctly, you will see "Monitoring /jffs/.sys/AiProtectionMonitor/AiProtectionMonitor.db for content changes...", else you will see an error message.

Reboot your router and then attempt to trigger an AiProtection event using a safe website like wicar.org. AiProtection may take a few moments and a screen refresh or two before showing the intrusion count. Once you see that, you should have received an email shortly thereafter.

Keep in mind I am not a programmer. I used online recources to piece together a solution that suits my needs. If it helps you too, all the better.

 

[martinr]

I understand that there were some bugs and workarounds for email notifications for this tool, and mine worked well for the most part. I am not a fan of the ASUS Router phone app, and it doesn't properly push notifications as it should. If fact, it doesn't work at all. Now that email notifications aren't baked into the firmware for this service, is there any script that I could build to bring back email notifications back to this tool? I've never thought it a good thing to rely on external software to do what a device should have built into it in the first place. I'm not clear on why the function was removed in the first place. Any ideas? Thank you.

I set mine up this weeks after many years of not bothering with it, because I am going to start using MerlinAU and wanted to benefit from the email notifications. (After installing ABSolution, the predecessor of Diversion, AIProtectiom had nothing to do, and therefore stopped sending alerts, so I lost interest in the email feature.)

AMTM > em

This post was most helpful

Post in thread 'amtm - e-mail settings.'
https://www.snbforums.com/threads/amtm-e-mail-settings.78150/post-808779

Worked practically the first time, to my amazement.

 

[strych91908]

I set mine up this weeks after many years of not bothering with it, because I am going to start using MerlinAU and wanted to benefit from the email notifications. (After installing ABSolution, the predecessor of Diversion, AIProtectiom had nothing to do, and therefore stopped sending alerts, so I lost interest in the email feature.)

AMTM > em

This post was most helpful

Post in thread 'amtm - e-mail settings.'
https://www.snbforums.com/threads/amtm-e-mail-settings.78150/post-808779

Worked practically the first time, to my amazement.

I use this for my BACKUPMON notifications. Thank you.

 

[killweav]

Thanks! I confirm this works with my gmail. As it pertains to folks saying they use some other filtering service, etc. and not needing AIProtection let me throw out that you can disable 2 of the 3 features. I highly recommend keeping 2 way IPS on because Trend Micro uses DPI to check for other types of malicious vectors. It's like having a virus scanner on your router's WAN port.

I use Control D (DNS filtering), and Skynet (IP filtering) and do not need the AiProtection malicious site blocking or infected device blocking (Control D has C&C servers block list). I keep the 2 way IPS on because I like the additional DPI layer "virus scanning" my WAN port.

I also don't use the ASUS app and turned off the ASUSNAT tunnel in Merlin. So having this e-mail notifier should be handy. It seems that almost every time my WAN IP changes with my fiber company (which is quite often it seems), there is another 2 way IPS event detected. Usually it's some Broadcom or Realteck vulnerability code injection that Trend Micro picks up and blocks.

Thanks for the post and the scripts.

PS: I changed the 2 second monitor interval to 300 seconds to save JFFS reads.