Agents Administration - Tests
 

Default Parameters for CyberAVAlertTest

This test intercepts the traps sent by the protocols based on anti-virus detection, extracts relevant information related to the errors from the traps, and reports the count of anti-virus events to the eG manager. This information enables administrators to detect the failures if any, understand the nature of failures, and accordingly decide on the remedial measures.

This page depicts the default parameters that need to be configured for the CyberAVAlertTest test.

  • The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

  • In the SOURCE ADDRESS, specify a comma-separated list of IP addresses or address patterns of the hosts from which traps are considered in this test. For example, 10.0.0.1,192.168.10.*. A leading ‘*’ signifies any number of leading characters, while a trailing ‘*’ signifies any number of trailing characters.

  • Provide a comma-separated list of OID and value pairs returned by the traps. The values are to be expressed in the form, DisplayName:OID-OIDValue. For example, assume that the following OIDs are to be considered by this test: .1.3.6.1.4.1.9156.1.1.2 and .1.3.6.1.4.1.9156.1.1.3. The values of these OIDs are as given hereunder:

    • OID Value Value
    1.3.6.1.4.1.9156.1.1.2 Host_system
    1.3.6.1.4.1.9156.1.1.3 NETWORK

    In this case the OIDVALUE parameter can be configured as Trap1:.1.3.6.1.4.1.9156.1.1.2-Host_system,Trap2:.1.3.6.1.4.1.9156.1.1.3-Network, where Trap1 and Trap2 are the display names that appear as descriptors of this test in the monitor interface.An * can be used in the OID/value patterns to denote any number of leading or trailing characters (as the case may be). For example, to monitor all the OIDs that return values which begin with the letter 'F', set this parameter to Failed:*-F*.

    Typically, if a valid value is specified for an OID in the OID-value pair configured, then the test considers the configured OID for monitoring only when the actual value of the OID matches with its configured value. For instance, in the example above, if the value of OID .1.3.6.1.4.1.9156.1.1.2 is found to be HOST and not Host_system, then the test ignores OID .1.3.6.1.4.1.9156.1.1.2 while monitoring. In some cases however, an OID might not be associated with a separate value - instead, the OID itself might represent a value. While configuring such OIDs for monitoring, your OIDValue specification should be: DisplayName:OID-any. For instance, to ensure that the test monitors the OID .1.3.6.1.4.1.9156.1.1.5, which in itself, say represents a failure condition, then your specification would be: Trap5: .1.3.6.1.4.1.9156.1.1.5-any.

    In some cases, multiple trap OIDs may be associated with a single value. For instance, if two different OIDs (1.3.6.1.4.1.9156.1.1.4 and 1.3.6.1.4.9156.1.1.5) representing a failure condition needs to be monitored by the test, then, your specification should be: Trap6:.1.3.6.1.4.1.9156.1.1.4;.1.3.6.1.4.9156.1.1.5-any. Here, a semi-colon is used as a separator to separate the OIDs and the value should be specified after the last OID.

  • Specify True against SHOWOID to ensure that the detailed diagnosis of this test shows the OID strings along with their corresponding values. If you enter False, then the values alone will appear in the detailed diagnosis page, and not the OIDs.

  • By default, the TRAPOIDs parameter is set to all, indicating that the eG agent considers all the traps received from the specified SOURCE ADDRESS. To make sure that the agent considers only specific traps received from the SOURCE ADDRESS, then provide a comma-separated list of OIDs in the TRAPOIDs text box. A series of OID patterns can also be specified here, so that the test considers only those OIDs that match the specified pattern(s). For instance, *94.2*,*.1.3.6.1.4.25*, where * indicates leading and/or trailing spaces.

  • The DD FREQUENCY refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency.

  • Once the above values are provided, click on the UPDATE button to register the changes made.

When changing default configurations of tests, the values with “$” indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to “xyz*” and $port will be changed to “80” when configuring a test.