4 Replies Latest reply on Jun 6, 2016 11:36 PM by kdevmu

    Filter and Alert for Health resource utlization

    kdevmu

      I want to monitor health resource utilization of my firewall appliances using LEM. In Syslog, I get the information about the CPU, Memory, Disk and Totalsession values. Its just the numbers I get in Syslog. My question is, can I create a filter for those events in which CPU/MEM/DISK value goes beyond value 70? If yes, please guide me how to do it. As far as I understand, we can make use of parameter 'constants' but dont know how to do it.

        • Re: Filter and Alert for Health resource utlization
          curtisi

          Okay, without a sample event (can I get a screenshot?) I have to make some assumptions.

           

          One: If the details you want are in the Event Info field, so it's something like "Firewall reports CPU usage is 68%, memory is 72%, disk is 88% and total sessions at 127,659" then no, you can't do any rules off that.  You can't write rules that look at a piece of the text like that since LEM will want the rule to be something like "EVENT.EventInfo >" and you can't really do a boolean greater-than on a text string.

           

          Two: If the details are getting broken out into a specific field, so somewhere you have a field that JUST has a number in it, than yes, we can write alerts with a greater than value.

           

          In both cases, the product that really does what you want is Network Performance Monitor, which can gather this info via SNMP and graph/store and alert off it.