Best rule to use to determine whether or not a device is up?

Unanswered Question
Nov 9th, 2011

Hello:

What would be the best rule to use to determine whether or not a device (including routers and switches) is up and able to report/log?

Thanks in Advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3 (1 ratings)
juteixei Wed, 11/09/2011 - 12:40

Hi dec0dernyc,

     The MARS has a built in system rule named "System Rule: Inactive CS-MARS Reporting Device", which triggers an incident whenever the "Inactive CS-MARS reporting device" event is generated.  The event, in turn, is generated when the MARS has not heard from a device in 10 minutes and contains the IP address of the inactive device.  This is the closest that you'll find on the MARS to the functionality you describe.

Best Regards,

JT

dec0dernyc Wed, 11/09/2011 - 12:53

Thanks for the reply Justin. I am aware of that rule which is ideal for firewalls.

I guess my question should be which rule would be able to tell if a non-chatty device is down, like a switch or router.

If a switch goes down id like to be notifed via the rule.

Thanks again.

Actions

Login or Register to take actions

This Discussion

Posted November 9, 2011 at 11:19 AM
Stats:
Replies:2 Avg. Rating:3
Views:2158 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard