DFM tuning (pix Interfaces)

Unanswered Question
Feb 11th, 2008
User Badges:

We are tuning DFm so we don;t get quite as many alerts out of the box.


We changed the thresholds for fast ethernet interfaces to 80% utilization, however I noticed this did not apply to the PIX's fast ethernet ports.


Does anyone know what interface group it would fall into (pix515E) or how to find out which interface it is falling under?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Mon, 02/11/2008 - 12:49
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You mention both interfaces and ports here. I'm assuming you're looking at the Interface group membership. First, double-check the membership list for the group you modified under DFM > Configuration > Polling and Thresholds > Managing Thresholds > View. If the PIX interface is not listed there, check the Others group. If it is listed there, re-check your event, and make sure the utilization is really under 80%. We have been seeing a lot of problems lately with bogus utilizations in the 6 trillion percent range. They would look like (for example):


6.1234E17


Note the 'E' indicating an exponential.

martinUpchu Mon, 02/11/2008 - 16:17
User Badges:

I looked through all the interfaces under DFM>Configuration>Polling and Thresholds > Managing Tresholds > View (under DFM > System Defined Groups) and have not found the interface for the PIX. I can tell from the alert that it has a default threshold value, but I don't know where it is being applied (I have set all fast ethernet interface, and 'other' interface utilization thresholds to 80%)


EVENT ID = 00002A7

ALERT ID = 000011K

TIME = Fri 08-Feb-2008 10:05:46 PST

STATUS = Active

SEVERITY = Critical

MANAGED OBJECT = 172.xxx.xxx.xxx

MANAGED OBJECT TYPE = Security and VPN

EVENT DESCRIPTION = HighUtilization::Component=IF-172.xxx.xxx.xxx/2 [inside] [172.xxx.xxx.xxx];OutputPacketRate=5809.329 PPS;Type=ETHERNETCSMACD;CurrentUtilization=80.20113 %;TrafficRate=1.0025142E7 BYPS;UtilizationThreshold=40;DuplexMode=FULLDUPLEX;MaxSpeed=100000000;

CUSTOMER IDENTIFICATION =


Joe Clarke Mon, 02/11/2008 - 16:33
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It may be grouped under a User Defined Group instead. Check the User Defined Interface Groups to see if it's showing up there.

martinUpchu Mon, 02/11/2008 - 18:46
User Badges:

I don't seem to see it under any group including the user defined groups.


I can see it in the device group correctly, but not the interface group.

Joe Clarke Mon, 02/11/2008 - 18:51
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What version of DFM is this?

Joe Clarke Mon, 02/11/2008 - 19:03
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Run the following command:


NMSROOT/objects/smarts/bin/dmctl -s DFM


Then, at the dmctl> prompt, type:


get Interface::IF-172.xxx.xxx.xxx/2


Where the xxx stuff corresponds to the interface name seen in the event. The GroupingX properties should tell you to what group(s) this interface belongs. If you do not see an Interface group, you will need to modify one of the Customizable Interface Groups to match this interface. Form there you will be able to adjust the threshold.

Actions

This Discussion