Best rule to use to determine whether or not a device is up?

Unanswered Question
Nov 9th, 2011
User Badges:


What would be the best rule to use to determine whether or not a device (including routers and switches) is up and able to report/log?

Thanks in Advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Justin Teixeira Wed, 11/09/2011 - 12:40
User Badges:
  • Bronze, 100 points or more

Hi dec0dernyc,

     The MARS has a built in system rule named "System Rule: Inactive CS-MARS Reporting Device", which triggers an incident whenever the "Inactive CS-MARS reporting device" event is generated.  The event, in turn, is generated when the MARS has not heard from a device in 10 minutes and contains the IP address of the inactive device.  This is the closest that you'll find on the MARS to the functionality you describe.

Best Regards,


dec0dernyc Wed, 11/09/2011 - 12:53
User Badges:

Thanks for the reply Justin. I am aware of that rule which is ideal for firewalls.

I guess my question should be which rule would be able to tell if a non-chatty device is down, like a switch or router.

If a switch goes down id like to be notifed via the rule.

Thanks again.


This Discussion