0 Postoffice Initial Notification - fires anytime a sensor is reconfigured/restarted/rebooted
993 Missed Packet Count - fires when the sensor is receiving more packets than it is able to monitor. part of the alarm will designate the % of drops. A small 1 to 5% drop may be acceptable. larger drops rates should be looked into. You may be sending too much traffic to the sensor, or be generating too many alarms, or iplog traffic for the sensor to keep up
994 Have Traffic - Fires when the sensor starts receiving packets after having been reconfigured/restarted/rebooted or if there was a period of time when the sensor was not receiving any packets (i.e. 995 fired)
995 NO Traffic - Fires when the sensor is not receiving any packets for monitoring. This generally ocurrs if the sensing interface is physically disconnected, or a span has been disabled (though the alarm is not guaranteed to fire when a span is disabled because multicast and broadcast packets may still be seen) or when a network is really quiet (happens in many test networks)
996 Route Up - generated when a route is established, typical on restart/reconfigure/reboot or when network connectivity has been re-established.
997 Route Down! - Generated when a route goes down. Typical on resart/reconfigure/reboot or when network connectivity has gone down. Route Downs followed quickly by route ups are pretty typical. If, however you receive them often while not reconfiguring etc. then you may need to evaluate what is causing them. Long time periods between route downs and their associated route ups should also be investigated.
998 Daemon Down! - This is indicative of a problem. This only fires if a daemon has stopped responding and postoffice has to start a new daemon.
999 Daemon Unstartable! - This rarely ocurrs, but is indicative of a major problem. The daemon has stopped responding multiple times, so many in fact that postoffice will no longer try to restart it.
