Behavior Models Cookbook
-
Vendor Models - SnmpresLoginMonitor -
Path: /model/vendors/snmp_research/snmpres_login_monitor.mod
This behavior model monitors failed logins reported by SNMP Research's CIAgent. When the number of attempts reaches the threshold (three by default) within a specified time (the default is five minutes), NerveCenter sends a 110071 Inform to the platform. If the time expires before the attempt threshold is reached, the alarm is grounded. The nodes monitored must be associated with a property group that contains the property siLogEntry.
The following property must be in the property group for the nodes hosting the applications you want to monitor:
Below is a list of the objects that generate triggers:
Events Sent to OpenView by SnmpresLoginMonitor summarizes the events this behavior model sends to OpenView:
Events Sent to OpenView by SnmpresLoginMonitor
| Event Name | Inform Number | Description |
|---|---|---|
For complete information about events sent to OpenView, see the trapd.conf.txt file shipped with these behavior models residing in:
/model/vendors/snmp_research
For more information about integrating NerveCenter with OpenView, or the other NerveCenter-supported network manager platforms, refer to the book Integrating NerveCenter with a Network Management Platform.
Below is a list of behavior model settings that you might want to customize to suit the requirements of your site.
The following is a sample CIAgent configuration that you might want to customize to suit the requirements of your site:
On UNIX, the location of the log files varies for every platform and application. Below is a sample entry for monitoring the syslog file on Solaris:
siLogEntry 1 Syslog /var/adm/messages "login: *pam_authenticate:
*error" 2 10 \ 200 25 - 1 8233138 0 - 2 15 2 System 1
The default path to the CIAgent log file monitoring configuration file on UNIX is:
/etc/srconf/agt/logagt.cnf
/etc/syslog.conf file.| SnmpresGenericLogMonitor | SnmpresMemUsage |
| 29 July 2003 |