Solved: Re: How to configure alert for identity collector

soni_kumari1 · ‎2019-01-17

How to configure alert for identity collector for below condition.

If identity collector got disconnected.
if gateway got disconnected .
If gateway didn't received last hour events.

customer is having both R80.10 and R77.30 version gateway.

Kaspars_Zibarts · ‎2019-01-29

I'm afraid I can't give you full script as it is fully integrated into our own in-house monitoring system so it wouldn't make much sense

but to give you an idea assuming you have multiple IDCs (else you can take away while loop)

currTime=`date +%s`

pdp conn idc | grep ^[1-9] > idc.tmp

while read line; do

if [ `echo $line | grep -c "No events received in the last hour" ` -eq 0 ]; then
lastEvent=`echo $line | awk '{print $5" "$6}'`

lastEvent=`date --date="$lastEvent" +%s`

let diff=$currTime-$lastEvent

if [ $diff -gt 120 ]; then

do something here if no events seen in last 2 minutes
fi

fi

done < idc.tmp

View solution in original post

G_W_Albrecht · ‎2019-01-18

I could not imagine how to do that. But what i know is that Identity Collector is using the Windows Event Log API for fetching DC´s security logs. And if you know that these conditions show up in logs, you can use SmartEvent for alerting.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Kaspars_Zibarts · ‎2019-01-18

We have scripted it and are checking update timestamp against current time. Then issue alert if nothing arrives in X minutes depending on the time of the day

It really depends what sort of alert you want to generate. Custom SNMP traps are described here

SNMP Custom Traps for Monitoring Processes

Juraj_Skalny · ‎2019-01-25

Hello Kasparas,

would you be so kind and share scripts please?

or navigate us further where to focus please?

thanks,

Juraj

Kaspars_Zibarts · ‎2019-01-29

I'm afraid I can't give you full script as it is fully integrated into our own in-house monitoring system so it wouldn't make much sense

but to give you an idea assuming you have multiple IDCs (else you can take away while loop)

currTime=`date +%s`

pdp conn idc | grep ^[1-9] > idc.tmp

while read line; do

if [ `echo $line | grep -c "No events received in the last hour" ` -eq 0 ]; then
lastEvent=`echo $line | awk '{print $5" "$6}'`

lastEvent=`date --date="$lastEvent" +%s`

let diff=$currTime-$lastEvent

if [ $diff -gt 120 ]; then

do something here if no events seen in last 2 minutes
fi

fi

done < idc.tmp

Juraj_Skalny · ‎2019-01-30

Thank you Kasparas very much...really helpful...

soni_kumari1 · ‎2019-02-02

Thanks Kasparas ,Its really helpful .

phlrnnr · ‎2019-10-15

CP has released better monitoring capability for identity collector in R80.20. If you look at sk108235 at the 'Monitoring Capability' section, you can get more details.

Basically, you have to enable it on the identity collector server in the registry by adding a key called 'MonitoringEnabled'. Once enabled, it will send stats from IDC to the attached gateways / PDPs. You can view that info from the CLI using:

cpstat identityServer -f idc (R80.20)
pdp idc status (R80.30)

You can also monitor these items via SNMP on the gateway:

The SNMP Object Identifiers (OIDs) that points to this information are found in $FWDIR/conf/identity_server.cps

Hope that helps.

Are you a member of CheckMates?

How to configure alert for identity collector