cancel
Showing results for 
Search instead for 
Did you mean: 
jhonny
Level 7

Feed health monitoring in Nitro

Hello all,

maybe somebody is already using custom Nitro feed health monitoring alerts/correlations, to automatically generate alert or case due to one of the existing data feeds inactivity? Lets say if Nitro receiver doest receive any data in 10-15mins auto generate an alert for analyst for futher troubleshooting reasons or required escalations?

Would appreciate any ideas/comments.

Thanks,

J.

0 Kudos
4 Replies
protah
Level 7

Re: Feed health monitoring in Nitro

Hey J,

So to first answer your question about ERC events received within a specific time-frame can be setup in the Inactivity Threshold feature.

But to sort of resolve any other questions you have regarding health status alarms, See the below list for the native Health Status Signature IDs to create alarms from. Let me know if you have any questions.

R/

Jacob D

Rule nameSignature ID
A RAID error has occurred306-50054
Advanced Syslog Parser collector state change alert306-50029
APM distiller process306-50066
Archive process state change alert306-50051
Blue Martini parser alert306-50071
Bypass NIC state alert306-50001
Communication channel state change alert306-50013
Data partitions free disk space alert306-50005
Database detection services state alert306-50036
Deep packet inspector state change alert306-50008
Disk drive failure alert306-50018
ELM archive process state change alert306-50045
ELM file process306-50065
ELM FTI alert306-50064
ELM mount point state change alert306-50053
ELM query engine state change alert306-50046
ELM redundant storage306-50063
ELM system database error306-50044
Email collector state change alert306-50040
Error communicating with ELM306-50047
eStreamer Collector alert306-50070
eStreamer Collector state change alert306-50041
Failed to format SAN device306-50057
File collector state change alert306-50049
Filter process state change alert306-50050
Firewall alert aggregator state change alert306-50009
Health monitor internal alert306-50027
HTTP collector state change alert306-50039
IPFIX collector state change alert306-50055
Log partitions free disk space alert306-50004
McAfee EDB database server state change alert306-50010
McAfee ePolicy Orchestrator Collector alert306-50069
McAfee Event Format state change alert306-50031
Microsoft Forefront Threat Management Gateway alert306-50068
MS-SQL retriever state change alert306-50035
Multi-event log alert306-50062
NetFlow collector state change alert306-50024
NFS/CIFS collector state change alert306-50048
NitroFlow collector state change alert306-50026
OPSEC retriever state change alert306-50028
OPSEC retriever state change alert306-50034
Oracle IDM Collector alert306-50072
Oversubscription alert306-50012
Plug-in Collector/Parser alert306-50073
Receiver HA306-50058
Receiver HA Opsec Configuration306-50059
Remote NFS mount point state change alert306-50020
Remote share/mount point free disk space alert306-50021
Remote SMB/CIFS share state change alert306-50019
Risk Correlation state change alert306-50061
Root partitions free disk space alert307-50002
SDEE retriever state change alert306-50033
sFlow collector state change alert306-50025
SNMP collector state change alert306-50023
SQL collector state change alert306-50038
Symantec AV collector state change alert306-50056
Syslog Collector state change alert306-50037
System logger state change alert306-50014
Temporary partitions free disk space alert306-50003
Text log parser state change alert306-50052
VA Data Engine status alert306-50043
Websense Collector alert306-50067
WMI Event Log collector state change alert306-50030
0 Kudos
colibri
Level 7

Re: Feed health monitoring in Nitro

So that would be Inactivity signature as there are many signatures related to health status ?

Thank you.

Anthony

0 Kudos
shankar.g
Level 7

Re: Feed health monitoring in Nitro

Hi Jacob,

would you please help me out how to create device health status dash board and how to create health status alarms with the signatures ID's which you shared

Regards

S.G

0 Kudos
rth67
Level 12

Re: Feed health monitoring in Nitro

You can also try setting up Alarms using the "Deviation from Baseline" - we monitor the Receivers, ACE, and APM as a whole, and then a few specific high profile devices individually.

Query on Total Events, Last "X" (Minutes / Hours)

Specify % Above and % Below

Finally how often to Check - "X" Hours and "Y" Minutes

0 Kudos