|Issue||NIC System message %NIC-4-400029|
What is NIC System message %NIC-4-400029 and how do I configure Envision to use it?
NIC System message %NIC-4-400029, also known as the "Device Down" message, is a configurable system event to assist with notification of event sources that are no longer sending events to Envision as expected. NIC System message %NIC-4-400029 was designed as a replacement for NIC System message %NIC-6-508100.
To enable support for NIC System message %NIC-4-400029, you:
1. Modify an Envision environment variable to tell the NIC Collector to generate NIC System message %NIC-4-400029.
Note: To insure that you have support for this message, please make sure you have the latest Event Source Update installed.
By default, the NIC Collector does not generate NIC System message %NIC-4-400029. To tell the NIC Collector to generate this message, modify this entry in %_ENVISION%\etc\pi.ini:
Set this variable to TRUE to generate the message or to FALSE to stop generating the message.
Note: Regardless of whether this variable is set to TRUE or FALSE, NIC System message %NIC-4-400029 messages are not generated for Active/Disabled devices.
If configuring NIC System message %NIC-4-400029, it is recommended that you disable NIC System message %NIC-6-508100 to decrease the load on the system:
If you disable NIC System message %NIC-6-508100, the NIC Logger will still generate these messages for the NIC System devices. There are at most 10 NIC System devices per site, so the traffic generated by this is trivial compared to the traffic generated by the total number of event sources.
RSA Envision uses a configuration file named devicedown.conf to define when the NIC Collector should generate a NIC System message %NIC-4-400029 message. The devicedown.conf configuration file exists in one of two locations within the common storage directory (Usually \\NAS IP Address\vol0\nic csd for distributed architectures or E:\nic\csd for stand-alone appliances).
If the configuration file is placed ..\nic\csd\config\collectors directory, the settings are global and used used by all of the NIC Collectors within the site.
The configuration file can also also exist in the ..\nic\csd\config\collectors\<Node Name> directory. If it exists here, it applies to only the NIC Collector service running on that node.
Note: If the configuration file is placed in both locations, the specific local location takes priority over the more global specification.
Timeouts are how long the NIC Collector waits for an event from an event source before it determines that the event source is down. All timeouts are specified in minutes. Setting the timeout to zero disables the generation of NIC System message %NIC-4-400029.
You can configure timeouts at four levels:
Timeouts are applied to devices in the order presented above. This means that if you have both a System timeout and Device Type timeout defined for the same device, the Device Type timeout takes priority over the System Timeout.
The four timeout levels are configured in this manner:
System SYSTEM_TIMEOUT time
The polling period is the rate at which the NIC Collector checks for timeouts. For example, if it is set to 2, then every 2 minutes the NIC Collector checks for event sources that have exceeded their timeout. The default polling period is 5 minutes, but should be set to half the smallest timeout. For example, if a device timeout is set to 2 minutes, then the polling period should be set to 1 minute.
The polling period is set with the following variable:
The configuration period is the rate at which the NIC Collector reads the configuration file. For example, if it is set to 20, then every 20 minutes the NIC Collector reads the configuration file and applies any changes to the device timeouts. The default configuration period is 30 minutes. This is an expensive operation because of the database access required, so it should not be set low except for testing. Configuration files are first read at startup and the again at each configuration period interval.
The configuration period is set with the following variable:
The alert period is the rate at which NIC System message %NIC-4-400029 is sent after the timeout is reached. For example, let's say a device times out after 30 minutes. If the alert period is set to 3 minutes, then a NIC System message %NIC-4-400029 is sent every 3 minutes until the device is back up again. The default alert period is 5 minutes. If the alert period is set to zero, the alert period defaults to the timeout specified for the device. For example, if the timeout for a device is 30, The NIC Collector would generate NIC System message %NIC-4-400029 every 30 minutes while the event source is down.
The alert period is set with the following variable:
If a variable is not configured, the default values used are:
Valid values for the variables in the devicedown.conf are:
DEVICETYPE_TIMEOUT ciscopix 150
DEVICEGROUP_TIMEOUT ExchangeServers 10
DEVICE_TIMEOUT checkpointfw1 18.104.22.168 0
Line 01: Sets the default timeout for all devices to 60 minutes.
Line 06: Sets the timeout for the ciscopix device type to 150 minutes.
Line 10: Sets the timeout for devices in the ExchangeServers device group to 10 minutes.
Line 12: Disables the 400029 message for the checkpointfw1 device with the IP address 22.214.171.124.
Line 17: Ends the configuration file and is a mandatory statement.
Once configurations are set and the devicedown.conf file is saved, the NIC Collector needs to be stopped and then restarted on each affected node.
The NIC Collector uses a position File, called devicedown.pos, to track the time for each event source's last event received. The position file exists in the ..\nic\csd\config\collectors\<Node Name> directory. This file is written every 5 minutes and on shutdown. Upon start up, the NIC Collector Service reads this file and updates its internal cache of the times. If the file does not exist, then the current time is used as the "last message received" time for each device.
|Legacy Article ID||a50132|