cancel
Showing results for 
Search instead for 
Did you mean: 

ESM - Red flag & Yellow flag

In our ESM we are observing red & yellow flag on the devices.

can you explain the red & yellow flag status ?

Any unusual or things need to be checked on the devices ?

5 Replies
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: ESM - Red flag & Yellow flag

Yellow = Warning; Red = Critical.

These status flags should be investigated to make sure ESM is running optimal.

Re: ESM - Red flag & Yellow flag

Hi,

Please help with more information why red & yellow flag are seen ?

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: ESM - Red flag & Yellow flag

You may refer to the product guide, as there are lots of status that are covered by the status flags.

Highlighted
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: ESM - Red flag & Yellow flag

When you click on a red or yellow flag, the options presented will guide you towards the cause.

Commonly yellow flags are triggered by inactive data sources. The idle time can be customized or disabled for each data source. Yellow flags may also indicate that alarms need to synced or there is a Write button that needs to be clicked.

A red flag usually indicates a more serious condition that will usually lead you toward the System log. Regardless of the issue, a red flag won't clear before "acknowledging" it but bringing up the System Log. Often times a red flag indicates a data source with a bad timestamp but also would be generated for something like a failed power supply or unresponsive process.

One caveat for the red flag is that it will be generated when the ESM rolls a partition off. The finite amount of data and eventually the oldest data will be rolled off to Archival or removed. This is normal behavior but a flag is a generated because data is removed and compliance standards dictate a notification is created.

Best practice is to keep the Device Tree "flag free" so something like a hardware failure isn't obscured by a data source with a bad timestamp.

Re: ESM - Red flag & Yellow flag

Hi Andy,

Thanks for your clarification.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community