Configuring Advanced Threat Protection

Using the Instrumentation Monitor

Configuring Instrumentation Monitor

The following commands and parameters are used to configure the operational thresholds that are monitored on the switch. By default, the instrumentation monitor is disabled.

Syntax: [no] instrumentation monitor [parameterNameall] [<lowmedhighlimitValue>]

[log] : Enables/disables instrumentation monitoring log so that event log messages are generated every time there is an event which exceeds a configured threshold.

(Default threshold setting when instrumentation monitoring is enabled: enabled)

[all] : Enables/disables all counter types on the switch but does not enable/disable instrumentation monitor logging.

(Default threshold setting when enabled: see parameter listings below)

[arp-requests] :The number of arp requests that are processed each minute.

(Default threshold setting when enabled: 1000 (med))

[ip-address-count]:The number of destination IP addresses learned in the IP forwarding table.

(Default threshold setting when enabled: 1000 (med))

[learn-discards]:The number of MAC address learn events per minute discarded to help free CPU resources when busy.

(Default threshold setting when enabled: 100 (med))

[login-failures]:The count of failed CLI login attempts or SNMP management authentication failures per hour.

(Default threshold setting when enabled: 10 (med))

[mac-address-count] :The number of MAC addresses learned in the forwarding table. You must enter a specific value in order to enable this feature.

(Default threshold setting when enabled: 1000 (med))

[mac-moves] :The average number of MAC address moves per minute from one port to another.

(Default threshold setting when enabled: 100 (med))

[pkts-to-closed-ports] :The count of packets per minute sent to closed TCP/UDP ports.

(Default threshold setting when enabled: 10 (med))

[port-auth-failures] :The count of times per minute that a client has been unsuccessful logging into the network.

(Default threshold setting when enabled: 10 (med))

[system-resource-usage]:The percentage of system resources in use.

(Default threshold setting when enabled: 50 (med)))

[system-delay] :The response time, in seconds, of the CPU to new network events such as BPDU packets or packets for other network protocols.

(Default threshold setting when enabled: 3 seconds (med))

[trap] : Enables or disables SNMP trap generation.

(Default setting when instrumentation monitoring is enabled: disabled)

8-35