08-05-2009 06:52 AM - edited 03-10-2019 04:43 AM
We now have the concept of system health which can be viewed in the IDM Dashboard, but can/could the same monitors be configured to send a snmptrap on threshold breach?
08-05-2009 04:14 PM
Threshold breaches on sensor are tracked by health monitor application in the form of heartbeat messages encapsulated in evStatus events every 300 seconds as shown below :
evStatus: eventId=1172446951295212902 vendor=Cisco
originator:
hostId: qssm-230
appName: monitor
appInstanceId: 359
time: 2007/02/26 05:00:05 2007/02/26 05:00:05 UTC
healthAndSecurity:
description: Heartbeat
healthStatus: red
securityStatus:
virtualSensor: vs0
status: green
...
...
evStatus messages cannot be sent as snmp traps like evError messages. However the events that cause the threshold to exceed in some cases are also generated as evError messages which are eligible to be sent as snmptraps. Some examples are termination of some application like sensorApp or removing the monitoring interface from virtual sensor, etc. as shown below :
evError: eventId=1172446951295212899 severity=warning vendor=Cisco
originator:
hostId: qssm-230
appName: sensorApp
appInstanceId: 456
time: 2007/02/26 04:59:14 2007/02/26 04:59:14 UTC
errorMessage: name=errWarning unspecifiedWarning:There are no interfaces assigned to any virtual sensors. This can result in some packets not being monitored.
Hope this helps
08-06-2009 08:38 AM
That is indeed useful info, thanks for replying :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide