Archiver: Step 5: Configure Archiver Monitoring

Document created by RSA Information Design and Development on Jul 26, 2016
Version 1Show Document
  • View in full screen mode
 

Configuring the Archiver monitoring enables you to automatically generate notifications when critical thresholds concerning Archiver aggregation and storage have been met. 

To configure Archiver storage monitoring:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select the added Archiver service.
  3. In the Actions column, click View > Config.
    The Services Config view of Archiver is displayed.
  4. In the Storage tab, click To configure the alert mechanisms related to the Archiver storage navigate here.
    The Archiver Monitoring page is displayed.
  5. In the Aggregation Status section, perform the following:
    1. In the Notify After field, select the number of minutes or hours from the respective drop-down menu.
    2. In the For field, select the following:
      • Failed - If you want to get a notification when the Archiver's aggregation status is failed for the defined number of minutes or hours.
      • Offline - If you want to get a notification when the Archiver's aggregation status is offline for the defined number of minutes or hours. 
  6. In the Aggregation Connection section, select the number of minutes or hours in the Notify After Failing For field.
    You will receive a notification if the Archiver's aggregation connection fails for the defined number of minutes or hours. 
  7. In the Storage Connection section, select the number of minutes or hours in the Notify After Failing For field.
    You will receive a notification if the Archiver's storage connection fails for the defined number of minutes or hours.
  8. In the Storage Capacity section, perform the following in the Storage Threshold By field:
    • Select Time, if you want to receive a notification when the files stored in the Archiver's exceeds the defined number of days in the When Oldest Storage File Is field.
    • Select Space, if you want to receive a notification when the Archiver's storage capacity exceeds the percentage defined in the When Storage Size Is field or in the When Warm Storage Size Is field..
  9. In the Notification Type field, perform the following:
    1. Click Configure email or distribution list to configure email so that you can receive notifications in Security Analytics. For more information, see Configure Email Server and Notification Account in the System Preferences Guide.
    2. Click Configure Syslog and SNMP Trap servers to configure audit logs. For more information, see Configure Audit Log in the System Preferences Guide.
    3. Select the following notification mechanisms as per your requirement:
      • SA Console - To get notifications on the Security Analytics UI notification toolbar.
      • Email - To get email notifications.
      • Syslog Notification - To generate syslog events.
      • SNMP Trap Notifications - To get audit events as SNMP traps.
You are here: Configure Archiver > Step 5: Configure Archiver Monitoring

Attachments

    Outcomes