Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
2
Replies

Sensor Health Thresholds

james.grayson
Level 1
Level 1

‎08-05-2009 06:52 AM - edited ‎03-10-2019 04:43 AM

We now have the concept of system health which can be viewed in the IDM Dashboard, but can/could the same monitors be configured to send a snmptrap on threshold breach?

Labels:
0 Helpful
2 Replies 2

mkodali
Cisco Employee
Cisco Employee

‎08-05-2009 04:14 PM

Threshold breaches on sensor are tracked by health monitor application in the form of heartbeat messages encapsulated in evStatus events every 300 seconds as shown below :

evStatus: eventId=1172446951295212902 vendor=Cisco

originator:

hostId: qssm-230

appName: monitor

appInstanceId: 359

time: 2007/02/26 05:00:05 2007/02/26 05:00:05 UTC

healthAndSecurity:

description: Heartbeat

healthStatus: red

securityStatus:

virtualSensor: vs0

status: green

...

...

evStatus messages cannot be sent as snmp traps like evError messages. However the events that cause the threshold to exceed in some cases are also generated as evError messages which are eligible to be sent as snmptraps. Some examples are termination of some application like sensorApp or removing the monitoring interface from virtual sensor, etc. as shown below :

evError: eventId=1172446951295212899 severity=warning vendor=Cisco

originator:

hostId: qssm-230

appName: sensorApp

appInstanceId: 456

time: 2007/02/26 04:59:14 2007/02/26 04:59:14 UTC

errorMessage: name=errWarning unspecifiedWarning:There are no interfaces assigned to any virtual sensors. This can result in some packets not being monitored.

Hope this helps

0 Helpful

james.grayson
Level 1
Level 1
In response to mkodali

‎08-06-2009 08:38 AM

That is indeed useful info, thanks for replying :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card