Anyone having issues with EM Threasholds for alerting?
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Anyone having issues with EM Threasholds for alerting? - 17.Sep.2009 9:15:57 AM
|
|
|
compustar12
Posts: 4
Score: 0
Joined: 17.Sep.2009
Status: offline
|
What we would like to accomplish is on our alerting for the switches smnp or syslog that we only be alerted on the first event that comes in for a time frame of 3 hours.
What were finding is the number of events and the time frame in the threashold doesn't seem to work.
We seem only to get an alert every time the event comes in - about 1 a minute. No matter what the time frame is set to.
Any sugguestions?
Thanks,
|
|
|
|
|
RE: Anyone having issues with EM Threasholds for alerting? - 17.Sep.2009 9:19:16 AM
|
|
|
DrewE
Posts: 1058
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
You should have two settings for thresholds.
This would control "One event per X minutes" OR "one event per X number of events" whichever comes first.
What are both settings set to currently ?
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Anyone having issues with EM Threasholds for alerting? - 17.Sep.2009 9:34:33 AM
|
|
|
compustar12
Posts: 4
Score: 0
Joined: 17.Sep.2009
Status: offline
|
We have tried numerus options.
Threshold:
Number of occurences: 2 (b\c we can't choose one)
Time interval (Seconds): 10800 (3hrs)
We have it setup on a rule for port security violation - invalid mac address plugged
With this configuration we are getting alerts every mintue.
< Message edited by compustar12 -- 17.Sep.2009 9:40:48 AM >
|
|
|
|
|
RE: Anyone having issues with EM Threasholds for alerting? - 17.Sep.2009 9:46:54 AM
|
|
|
DrewE
Posts: 1058
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
This will alert you to every other event - Try setting Number of Occurrences to a higher number like 1,000 or 5,000
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Anyone having issues with EM Threasholds for alerting? - 17.Sep.2009 10:07:57 AM
|
|
|
compustar12
Posts: 4
Score: 0
Joined: 17.Sep.2009
Status: offline
|
Correct me if I'm wrong but wouldn't it take 1000 occurances of the event in order to trigger our first alert then?
We want to be alerted ASAP when someone plugs another laptop/device into the switch with a different MAC so we can act on it.
In our testing the events are logged right away in events manager when this occurence happens but we don't want to be alerted on every event.
I know I have tried a higher number (1000) in the past but then no alerts came through even though the security voliolation was occuring.
Maybe we should be looking at Endpoint security that might better suit what we want to do?
Thanks,
|
|
|
|
|
RE: Anyone having issues with EM Threasholds for alerting? - 17.Sep.2009 10:25:32 AM
|
|
|
DrewE
Posts: 1058
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
Yes, GFI EndPointSecurity is one of the better ways to do this - to allow network connections only from designated network cards. Also, if the Router offers any type of MAC-filtering, this may also work.
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
