General Information on Log Monitor Thresholds
Log Monitor Thresholds are used to set up and administer the log monitor facility, which notifies a specified user ID when any specified threshold condition(s) are satisfied.
Further Information
Monitoring the Firewall Logging
Class Type
Indicates the type of log monitor configuration. Click the pull-down menu to choose from the list.
Mail Notification
-- Will send mail when any threshold is exceeded to specified email addresses.
Execute Command
-- Command to be executed when any threshold is exceeded. A descriptive alert message is sent as the first parameter to the command.
Per User Threshold
-- Monitors user-related authentication failures in the log. If a user causes a specific authentication failure to occur more than the specified count within the time period, a threshold is exceeded.
Total Authentication Failures Threshold
-- Monitors all authentication failures in the log. If any authentication failures occur more than the specified count within the time period, a threshold is exceeded.
Per Host Threshold
-- Monitors host-related authentication failures in the log. If a host causes a specific authentication failure to occur more than the specified count within the time period, a threshold is exceeded.
Message Threshold
-- Monitors the frequency of a user specified message tag. If this message tag occurs more than the specified count within the time period, a threshold is exceeded.
User ID
E-mail address of recipient.
Command Filename
Indicates the file name of the shell command that will be executed when a threshold is exceeded.
Message Tag
Every log message generated has an identifying tag id, of the form "ICAnnnns". where "nnnn" is a four digit number and "s" is a letter indicating severity. A list of all log messages, including associated tags and descriptions, is provided in the manual.
Threshold Count (Num.)
If the number of occurrences of a specified log message tag exceeds the specified count within the specified time (in minutes), fwlogmond sets off the alarm. Threshold Count can be no greater than 99999.
Threshold Time (Min.)
If the number of occurances of a specified log message tag exceeds the specified count within the specified time (in minutes), fwlogmond sets off the alarm. Threshold Time can be no greater than 99999. A value of 0 for time indicates infinity
Pager Notification
If a threshold is exceeded, and pager notification is set to yes then the configured pagercommand will be executed according to what is specified in the pager setup.
Comment
This space allows you to keep any information that may be necessary for a particular class that is being defined.
OK
Press the "OK" button to save changes and close the window.
Cancel
Press the "Cancel" button to close the window without saving any changes.