AnsweredAssumed Answered

Event sources availability monitoring

Question asked by RSA Admin Employee on Mar 13, 2014
Latest reply on Jan 16, 2015 by ravick

Hello, guys,

 

There is a nice feature in envision to generate an message when the event source stops generating logs. There is a default message 508100 and a custom message 40029. You can setup that 40029 message with a special config: for example for one event source type to generate this message if no events come within 1 hour and for another device group to generate if no events come within 24 hours.

This is really good to monitor device availability.

I wonder is there anything like that in SA?

As I get it in 10.3 rsa put all the alerting/correlation in the paid ESA module - so I see no way of doing it automatically right now.

 

PS. You can find more info in the attached old-school 4.0 SP3 envision release notes.

Outcomes