Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SSIM System State Monitor - notify for Monitoring Agents not Sensors

Created: 05 Dec 2012 | 2 comments

I like the idea of the System State Monitor.

However, I need to generate an alert whenever an agent or SSIM goes offline for resolution, but enabling this will also cause alerts whenever any Sensor fails to log. This should really be split into two.

I had a look in the configuration file in /opt/Symantec/simserver/rulesvc/monitors/System_State_Monitor.cfg

This is the same as the GUI, and doesn't allow any further config.

Is there any way to have an Agent Monitor, and a separate Sensor Monitor ?
 

Comments 2 CommentsJump to latest comment

Mike Buckley's picture

Isn't the server being monitored anyway?  Couldn't that send the info into SSIM?

I agree that the system state stuff needs an update and more functionality, who knows what's coming next year.

Milan_T's picture

Manually Monitoring Agents or sensor is not feasible for large SSIM infrastructure.

One way is to set mail notification in which we can specify alert request if agent not sends event within few time like 5 min etc.

But one Agent may be used for several sensors.

For this we can also create query like Agent IP= IP of server on which AGENT is installed.

And it should be unique by Collection Device IP.

After running this query we can match count or can export this in excel and compare matches.

If mismatch found we can filter non-logging sensor