cancel
Showing results for 
Search instead for 
Did you mean: 
srutheen.u
Level 7

I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

​ !

I have already tried using "Device status change"  to idle, unfortunately it dint throw us any alarm when the log sources were "IDLE". Thanking you in advance.

0 Kudos
9 Replies
sssyyy
Level 12

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

Doesn't work for me neither.

0 Kudos
g.funk
Level 7

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

We use this in our environment and it works fine. Our condition is just Device Status Change > Idle Time > 10 minutes in our case. Maybe it isn't your condition but the Action that is the problem?

0 Kudos
sssyyy
Level 12

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

what's the action of your alert? and what version of esm r u running on? thanks.

0 Kudos
g.funk
Level 7

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

For our actions we have Log event, Auto-acknowledge, and Send Message enabled...also, and this should go without saying, but make sure you actually have the alarm Enabled (checkbox) so it's turned on.

We're running version 10.1.1 (just came out a few weeks ago).

0 Kudos
sssyyy
Level 12

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

Good to know, will give it another try once i upgrade to 10.1.1.

0 Kudos
srutheen.u
Level 7

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

Thank you all for the suggestions &

0 Kudos
shri16
Level 7

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

May be this can help

Name : Device Status for Critical Devices

Condition : Type: Device Status Change, Health Monitor Status: Idle Time, Maximum Condition Trigger Frequency : TIME YOU REQUIRED

Devices: Select the Devices you wish monitor    

Actions: The Action you wish to take

No need of upgrading the SIEM

0 Kudos
sssyyy
Level 12

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

I am sure that I have configured it correctly, but don't know why it just doesn't trigger when conditions are met.

0 Kudos
srutheen.u
Level 7

Re: I have to write an alarm in ESM, it has to trigger when any of the log source stops sending logs for a period greater than 60 minutes. Guys seek your help.

Its working for me, we need to check "connection" &"Idle". That when i was able to produce alerts. Thanks guys.

0 Kudos