cancel
Showing results for 
Search instead for 
Did you mean: 
cestrada
Level 7

Alert if # of connections exceeds xxx

2 part question.  Is there a way to get real time stats on number of connections per appliance?  Also is there a way to setup an email alert if # of connections exceeds xxx? 

Message was edited by: cestrada on 1/10/13 6:52:42 AM CST
0 Kudos
3 Replies
lubomir.cerny
Level 12

Re: Alert if # of connections exceeds xxx

There is variable NumberOfClientConnections which can be used in Error Handler setting to create email or do any other action. See other examples in Loh Handler - Monitoring rule section as reference.

0 Kudos
btlyric
Level 12

Re: Alert if # of connections exceeds xxx

Via SNMP,  you could query for these values:

tcpCurrEstab.0

stConnectedSockets.0

stClientCount.0

0 Kudos
McAfee Employee

Re: Alert if # of connections exceeds xxx

Building on what's been said you can just use what's already there (by mimicing the default rules to do what you want).

Using the counters found here:

https://community.mcafee.com/docs/DOC-4438

I used the counter "ConnectedSockets" (which may or may not be what you want).

And I created a ruleset to generate a message when the ConnectedSockets reaches 20,000.

You then have other options to use syslog, send an email, or send an SNMP trap.

See screenshot below:

connection_count.png

Attached is the ruleset itself for conveinence.

Best,

Jon

0 Kudos