| Enhancements | |
| Release M.10.04 Enhancements | |
|
| |
Parameter Name | Description |
|
|
|
|
The number of destination IP addresses learned in the IP forwarding table. Some |
| |
| attacks fill the IP forwarding table causing legitimate traffic to be dropped. | |
The percentage of system resources in use. Some | ||
(Denial of Service logging) | will cause excessive system resource usage, resulting in insufficient resources for | |
| legitimate traffic. | |
The count of failed CLI login attempts or SNMP management authentication failures. | ||
| This indicates an attempt has been made to manage the switch with an invalid login | |
| or password. Also, it might indicate a network management station has not been | |
| configured with the correct SNMP authentication parameters for the switch. | |
The count of times a client has been unsuccessful logging into the network | ||
The response time, in seconds, of the CPU to new network events such as BPDU | ||
| packets or packets for other network protocols. Some DoS attacks can cause the | |
| CPU to take too long to respond to new network events, which can lead to a | |
| breakdown of Spanning Tree or other features. A delay of several seconds indicates | |
| a problem. | |
The number of MAC addresses learned in the forwarding table. Some attacks fill the | ||
| forwarding table so that new conversations are flooded to all parts of the network. | |
The average number of MAC address moves from one port to another per minute. | ||
| This usually indicates a network loop, but can also be caused by DoS attacks. | |
Number of MAC address learn events per minute discarded to help free CPU | ||
| resources when busy. | |
|
|
|
Operating Notes
■To generate alerts for monitored events, you must enable the instrumentation monitoring log and/or SNMP trap. The threshold for each monitored parameter is configurable and can be adjusted to minimize false alarms (see “Configuring Instrumentation Monitor” on page 73).
■When a parameter exceeds its threshold, an alert (event log message and/or SNMP trap) is generated to inform network administrators of this condition. The following example shows an event log message that occurs when the number of MAC addresses learned in the forwarding table exceeds the configured threshold:
Standard Date/Time Prefix |
|
|
|
| Threshold |
| Current | |
|
| Monitored |
|
| ||||
for Event Log Messages |
| Instrumentation Monitor event |
| Parameter |
| Value |
| Value |
|
|
|
|
|
|
|
|
|
W 05/27/06 12:10:16
Figure 16. Example of Event Log Message generated by Instrumentation Monitor
71