Applicable for ENA v17.0 P05 upwards
To prevent excess syslog/trap flooding
In Entuity, flooding is enabled by default, but you can limit the rate of accepted syslog messages and traps that the Event Management System (EMS) receives per source object. This will prevent disk space being flooded with syslogs/traps. This is done via entuity.cfg.
When configured, any syslog messages or traps exceeding the limit will be dropped, and events and incidents will then be raised to notify you of this.
To prevent excess syslog/trap flooding:
Enter the following in entuity.cfg, depending on your preferences. Note, property names use dots to separate the section name from the property name, e.g. syslogger.maxEventsPerSec means that the 'maxEventsPerSec' property should appear under the [syslogger] section in the entuity.cfg.
Property Name | Default Value | Description |
---|---|---|
syslogger.maxEventsPerSec | 50 | maximum rate of syslog messages that syslogger will accept from a single source. |
syslogger.droppedEventsNotificationPeriodSec | 3600 | period at which syslogger will send an event indicating loss of messages. |
otr.maxEventsPerSec | 50 | maximum rate of traps that prologV2 will accept from a single source. |
otr.droppedEventsNotificationPeriodSec | 3600 | period at which prologV2 will send an event indicating loss of traps |
If syslog/trap rate exceed the specified value, the following events and incidents will be raised:
Events:
Event Name | Source | Severity | Details Text |
---|---|---|---|
Excessive Syslog Message Rate | system | high (4 - orange) | dropped total of N syslog message(s) from M distinct source(s) during last P seconds. |
Excessive SNMP Trap Rate | system | high (4 - orange) | dropped total of N SNMP trap(s) from M distinct source(s) during last P seconds. |
Incidents:
Incident Name | Age Out | Expiry |
---|---|---|
Excessive Syslog Message Rate | 3 days | 1 day |
Excessive SNMP Trap Rate | 3 days | 1 day |
Comments
0 comments
Please sign in to leave a comment.