cancel
Showing results for 
Search instead for 
Did you mean: 

ESM - Red flag & Yellow flag

In our ESM we are observing red & yellow flag on the devices.

can you explain the red & yellow flag status ?

Any unusual or things need to be checked on the devices ?

0 Kudos
5 Replies
sssyyy
Level 12

Re: ESM - Red flag & Yellow flag

Yellow = Warning; Red = Critical.

These status flags should be investigated to make sure ESM is running optimal.

0 Kudos

Re: ESM - Red flag & Yellow flag

Hi,

Please help with more information why red & yellow flag are seen ?

0 Kudos
sssyyy
Level 12

Re: ESM - Red flag & Yellow flag

You may refer to the product guide, as there are lots of status that are covered by the status flags.

0 Kudos
McAfee Employee

Re: ESM - Red flag & Yellow flag

When you click on a red or yellow flag, the options presented will guide you towards the cause.

Commonly yellow flags are triggered by inactive data sources. The idle time can be customized or disabled for each data source. Yellow flags may also indicate that alarms need to synced or there is a Write button that needs to be clicked.

A red flag usually indicates a more serious condition that will usually lead you toward the System log. Regardless of the issue, a red flag won't clear before "acknowledging" it but bringing up the System Log. Often times a red flag indicates a data source with a bad timestamp but also would be generated for something like a failed power supply or unresponsive process.

One caveat for the red flag is that it will be generated when the ESM rolls a partition off. The finite amount of data and eventually the oldest data will be rolled off to Archival or removed. This is normal behavior but a flag is a generated because data is removed and compliance standards dictate a notification is created.

Best practice is to keep the Device Tree "flag free" so something like a hardware failure isn't obscured by a data source with a bad timestamp.

Re: ESM - Red flag & Yellow flag

Hi Andy,

Thanks for your clarification.

0 Kudos