000016907 - NIC System message %NIC-4-400029

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016907
IssueNIC System message %NIC-4-400029
What is NIC System message %NIC-4-400029 and how do I configure Envision to use it?
Resolution

NIC System message %NIC-4-400029, also known as the "Device Down" message, is a configurable system event to assist with notification of event sources that are no longer sending events to Envision as expected. NIC System message %NIC-4-400029 was designed as a replacement for NIC System message %NIC-6-508100.


 


To enable support for NIC System message %NIC-4-400029, you:


 


     1. Modify an Envision environment variable to tell the NIC Collector to generate NIC System message %NIC-4-400029.
     2. Create a configuration file to define when the NIC Collector should fire NIC System message %NIC-
4-400029.
     3. Stop and restart the NIC Collector.
     4. Generate an alert to look for the occurrence of NIC System message %NIC-
4-400029 and fire an alert. (Optional)


 


Note: To insure that you have support for this message, please make sure you have the latest Event Source Update installed.



Enabling Support For NIC Message 400029
---------------------------------------


 


By default, the NIC Collector does not generate NIC System message %NIC-4-400029. To tell the NIC Collector to generate this message, modify this entry in %_ENVISION%\etc\pi.ini:


 


     ENABLE_400029_MESSAGE=TRUE


 


Set this variable to TRUE to generate the message or to FALSE to stop generating the message.


Note: Regardless of whether this variable is set to TRUE or FALSE, NIC System message %NIC-4-400029 messages are not generated for Active/Disabled devices.


 


If configuring NIC System message %NIC-4-400029, it is recommended that you disable NIC System message %NIC-6-508100 to decrease the load on the system:


 


     ENABLE_508100_MESSAGE=FALSE


 


If you disable NIC System message %NIC-6-508100, the NIC Logger will still generate these messages for the NIC System devices. There are at most 10 NIC System devices per site, so the traffic generated by this is trivial compared to the traffic generated by the total number of event sources.


 



Configuration File Settings (devicedown.conf)
---------------------------------------------


 


RSA Envision uses a configuration file named devicedown.conf to define when the NIC Collector should generate a NIC System message %NIC-4-400029 message. The devicedown.conf configuration file exists in one of two locations within the common storage directory (Usually \\NAS IP Address\vol0\nic csd for distributed architectures or E:\nic\csd for stand-alone appliances).


 


If the configuration file is placed ..\nic\csd\config\collectors directory, the settings are global and used used by all of the NIC Collectors within the site.


 


The configuration file can also also exist in the  ..\nic\csd\config\collectors\<Node Name> directory. If it exists here, it applies to only the NIC Collector service running on that node.


 


Note: If the configuration file is placed in both locations, the specific local location takes priority over the more global specification.
 
You use the configuration file to specify
timeouts, polling period, configuration period, and alert period.


 


Timeouts are how long the NIC Collector waits for an event from an event source before it determines that the event source is down. All timeouts are specified in minutes. Setting the timeout to zero disables the generation of NIC System message %NIC-4-400029.


 


You can configure timeouts at four levels:


 


     System
     Device Type
     Device Group
     Device


 


Timeouts are applied to devices in the order presented above. This means that if you have both a System timeout and Device Type timeout defined for the same device, the Device Type timeout takes priority over the System Timeout.


 


The four timeout levels are configured in this manner:


 


     System SYSTEM_TIMEOUT time
     Device Type
DEVICETYPE_TIMEOUT devicetype time
     Device Group
DEVICEGROUP_TIMEOUT devicegroup
     Device DEVICE_TIMEOUT devicetype ip_address time


 


The polling period is the rate at which the NIC Collector checks for timeouts. For example, if it is set to 2, then every 2 minutes the NIC Collector checks for event sources that have exceeded their timeout. The default polling period is 5 minutes, but should be set to half the smallest timeout. For example, if a device timeout is set to 2 minutes, then the polling period should be set to 1 minute.


 


The polling period is set with the following variable:


 


     POLLING_PERIOD time


 


The configuration period is the rate at which the NIC Collector reads the configuration file. For example, if it is set to 20, then every 20 minutes the NIC Collector reads the configuration file and applies any changes to the device timeouts. The default configuration period is 30 minutes. This is an expensive operation because of the database access required, so it should not be set low except for testing. Configuration files are first read at startup and the again at each configuration period interval.


 


The configuration period is set with the following variable:


 


     CONFIGURATION_PERIOD time


 


The alert period is the rate at which NIC System message %NIC-4-400029 is sent after the timeout is reached. For example, let's say a device times out after 30 minutes. If the alert period is set to 3 minutes, then a NIC System message %NIC-4-400029 is sent every 3 minutes until the device is back up again. The default alert period is 5 minutes. If the alert period is set to zero, the alert period defaults to the timeout specified for the device. For example, if the timeout for a device is 30, The NIC Collector would generate NIC System message %NIC-4-400029 every 30 minutes while the event source is down.


 


The alert period is set with the following variable:


 


     ALERT_PERIOD time


 


If a variable is not configured, the default values used are:


 


     SYSTEM_TIMEOUT 120


     POLLING_PERIOD 5


     CONFIGURATION_PERIOD 30


     ALERT_PERIOD 5


 


Valid values for the variables in the devicedown.conf are:


 


     SYSTEM_TIMEOUT 1-1000000
    
DEVICETYPE_TIMEOUT 0-1000000 (maximum 250 types)
    
DEVICEGROUP_TIMEOUT 0-1000000
     DEVICE_TIMEOUT 0-1000000


     POLLING_PERIOD 1-1000000


     CONFIGURATION_PERIOD 1-1000000


     ALERT_PERIOD 0-1000000



Sample Configuration File
-------------------------


     SYSTEM_TIMEOUT 60
     POLLING_PERIOD     1
     CONFIGURATION_PERIOD     20
     ALERT_PERIOD 3


 


     DEVICETYPE_TIMEOUT ciscopix 150
    
DEVICETYPE_TIMEOUT ciscorouter 1500
    
DEVICETYPE_TIMEOUT checkpointfw1 5


 


     DEVICEGROUP_TIMEOUT ExchangeServers 10


 


     DEVICE_TIMEOUT checkpointfw1 196.24.90.3 0
     DEVICE_TIMEOUT
checkpointfw1 196.24.90.4 3
     DEVICE_TIMEOUT
checkpointfw1 196.24.90.5 4
     DEVICE_TIMEOUT
checkpointfw1 196.24.90.6 0


 


     END


 


     Line 01:  Sets the default timeout for all devices to 60 minutes.
     Line 02:  sets the polling period 1 minute.
     Line 03:  Sets the configuration period 20 minutes.
     Line 04:  Sets the alert period 3 minutes.


 


     Line 06:  Sets the timeout for the ciscopix device type to 150 minutes.
     Line 07:  Sets the timeout for the
ciscorouter device type to 1500 minutes.
     Line 08:  Sets the timeout for the
checkpointfw1 device type to 5 minutes.


 


     Line 10:  Sets the timeout for devices in the ExchangeServers device group to 10 minutes.


 


     Line 12:  Disables the 400029 message for the checkpointfw1 device with the IP address 196.24.90.3.
     Line 13:  Sets the timeout for the
checkpointfw1 device with IP address 196.24.90.4 to 3 minutes.
     Line 14:  Sets the timeout for the
checkpointfw1 device with IP address 196.24.90.5 to 4 minutes.
     Line 15:  Disables the 400029 message for the
checkpointfw1 device with the IP address 196.24.90.6.


 


     Line 17:  Ends the configuration file and is a mandatory statement.


 


Once configurations are set and the devicedown.conf file is saved, the NIC Collector needs to be stopped and then restarted on each affected node.



Device Down Position File (devicedown.pos)
------------------------------------------


 


The NIC Collector uses a position File, called devicedown.pos, to track the time for each event source's last event received. The position file exists in the ..\nic\csd\config\collectors\<Node Name> directory. This file is written every 5 minutes and on shutdown. Upon start up, the NIC Collector Service reads this file and updates its internal cache of the times. If the file does not exist, then the current time is used as the "last message received" time for each device.

Legacy Article IDa50132

Attachments

    Outcomes