Message rate alert can be set on log sources, logspaces and destinations.
Currently, only one email target can be set for all alerts.
Email target is configurable only for content-based alerts.
However, email targets can not be set for message rate alert (MRA), content-based alerts (CBA) with different email targets can be configured for the logs of the MRA.
SSB generates a log message in the local logspace every time a message rate violation happens.
The log message contains the name of the source, logspace or destination where the violation was detected.
Example logs:
Source
ssb/logstats[1998]: INFO (root@localhost) Violation detected; trap='ssbAbsoluteMessageRateAlert', id='s_legacy-messages-5', ssb_term='', alert_params=''parent': [ 's', 's_legacy' ], 'violationNumber': [ 'i', '0' ], 'min': [ 'i', '10' ], 'max': [ 'i', '1000' ]'Logspace
ssb/logstats[1998]: INFO (root@localhost) Violation detected; trap='ssbAbsoluteMessageRateAlert', id='ds_center-messages-5', ssb_term='', alert_params=''parent': [ 's', 'ds_center' ], 'violationNumber': [ 'i', '13' ], 'min': [ 'i', '10000' ], 'max': [ 'i', '100000' ]'Destination
ssb/logstats[1998]: INFO (root@localhost) Violation detected; trap='ssbAbsoluteMessageRateAlert', id='d_remote_srv-messages-5', ssb_term='', alert_params=''parent': [ 's', 'd_remote_srv' ], 'violationNumber': [ 'i', '13' ], 'min': [ 'i', '10000' ], 'max': [ 'i', '100000' ]'
This example shows the set up of a content based alert on the above logs.
Use the bold words in the above log in a search expression to find the MRAs. Note: ssb/logstats is the program that generates the log.
program:ssb/logstats Violation detected ssbAbsoluteMessageRateAlert s_legacy
program:ssb/logstats Violation detected ssbAbsoluteMessageRateAlert ds_center
program:ssb/logstats Violation detected ssbAbsoluteMessageRateAlert d_remote_srv
To search for a specific alert change the name in the expression. Use PREFIX_NAME, where PREFIX is d_ for destinations and ds_ for logspaces.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center