[sysmon-help] snmp survey

BengtGördén bengan at sunet.se
Tue Apr 22 10:50:05 EDT 2003

On Sat, Apr 19, 2003 at 09:49:17AM -0400, Jared Mauch wrote:
> On Sat, Apr 19, 2003 at 07:53:53AM +0200, Bengt Gördén wrote:
> > 
> > Hi!
> > 
> > I would really like to have traps implemented in sysmon. Also, a delta
> 	What would you like the traps to do?  How should an alert
> generated from a trap be 'cleared'?
> 	What if receipt of a trap from a host queues all the
> checks for that host for an active polling.  The trap would
> just indicate that something happened, then sysmon would go out
> and check the device.

A bit like this. If a trap is received sysmon goes out and checks
that device. There has to be some rules for how to check the device
and how to clear it. I believe that, if possible, these rules should
be defined by the user. Some obvious rules could be preprogrammed like
link up/down.

> > between two variables with a hysteresis to trigger an alarm would be
> > nice. 
> > 
> 	Would a 'rate' type clause work?
> 	I'm thinking about how I want to handle interfaces and
> want the ability to generate an alert if they
> get close to full as well as if the pps rate is higher than some
> multiple of the average over the past 24 hours, or if it's a massive
> spike over previous pps rates on an interface.
> 	eg: if an interface has never peaked over 130Mb/s in the past
> 24 hours, and it begins doing 440m suddenly it should generate some
> sort of traffic level alert until the stats averaging over the past
> 24 hours (or longer, this will likely be configurable) makes the rate
> fall into the formula.

Right on. This is exactly what I'm after. One thing that would be nice
though is self defined variables like attack, decay and duration. But it
could be a bit to much with this.

If you need beta testers I'm one of them. 

- Bengan -----------------------------------------------------------
- KTHNOC/SUNET/NORDUnet | http://www.sunet.se/~bengan | 08-7906586 -

More information about the Sysmon-help mailing list