threshold_config

Description

You can configure a variety of different SNMP thresholds that generate SNMP traps, or alerts. You can use these thresholds to monitor many system components automatically without requesting information from each object or device.

You configure these SNMP Monitoring Thresholds only on the Security Management Server, Multi-Domain Server, or Domain Management Server and install the Access Policy. During policy installation, the managed a Security Gateway and Clusters receive and apply these thresholds as part of their policy.

For more information, see sk90860: How to configure SNMP on Gaia OS.

Procedure

Step	Description
1	Connect to the command line on the Management Server.
2	Log in to the Expert mode.
3	On Multi-Domain Server, switch to the context of the applicable Domain Management Server: `[Expert@HostName:0]# mdsenv <`Name or IP address of Domain Management Server`>`
4	Go to the Threshold Engine Configuration menu: `[Expert@HostName:0]# threshold_config`
5	Select the applicable options and configure the applicable settings (see the next table). Threshold Engine Configuration Options: --------------------------------------- (1) Show policy name (2) Set policy name (3) Save policy (4) Save policy to file (5) Load policy from file (6) Configure global alert settings (7) Configure alert destinations (8) View thresholds overview (9) Configure thresholds (e) Exit (m) Main Menu Enter your choice (1-9) :
6	Exit from the Threshold Engine Configuration menu.
7	Stop the CPD daemon: `[Expert@HostName:0]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"`
8	Start the CPD daemon: `[Expert@HostName:0]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"`
9	Wait for 10-20 seconds.
10	Verify that CPD daemon started successfully: `[Expert@HostName:0]# cpwd_admin list \| egrep "STAT\|CPD"`
11	In SmartConsole, install the Access Policy on Security Gateways and Clusters.

Threshold Engine Configuration Options

Menu item	Description
`(1) Show policy name`	Shows the name of the current configured threshold policy.
`(2) Set policy name`	Configures the name for the threshold policy. If you do not specify it explicitly, then the default name is "`Default Profile`".
`(3) Save policy`	Saves the changes in the current threshold policy.
`(4) Save policy to file`	Exports the configured threshold policy to a file. If you do not specify the path explicitly, the file is saved in the current working directory.
`(5) Load policy from file`	Imports a threshold policy from a file. If you do not specify the path explicitly, the file is imported from the current working directory.
`(6) Configure global alert settings`	Configures global settings: How frequently alerts are sent (configured delay must be greater than 30 seconds) How many alerts are sent
`(7) Configure alert destinations`	Configures the SNMP Network Management System (NMS), to which the managed Security Gateways and Cluster Members send their SNMP alerts. `Configure Alert Destinations Options:` `-------------------------------------` `(1) View alert destinations` `(2) Add SNMP NMS` `(3) Remove SNMP NMS` `(4) Edit SNMP NMS`
`(8) View thresholds overview`	Shows a list of all available thresholds and their current settings. These include: Name Category (see the next option "`(9)`") State (disabled or enabled) Threshold (threshold point, if applicable) Description
`(9) Configure thresholds`	Shows the list of threshold categories to configure. `Thresholds Categories` `----------------------` `(1) Hardware` `(2) High Availability` `(3) Local Logging Mode Status` `(4) Log Server Connectivity` `(5) Networking` `(6) Resources` Where:
	The "`(1) Hardware`" category contains: `Hardware Thresholds:` `--------------------` `(1) RAID volume state` `(2) RAID disk state` `(3) RAID disk flags` `(4) Temperature sensor reading` `(5) Fan speed sensor reading` `(6) Voltage sensor reading`
	The "`(2) High Availability`" category contains: `High Availability Thresholds:` `-----------------------------` `(1) Cluster member state changed` `(2) Cluster block state` `(3) Cluster state` `(4) Cluster problem status` `(5) Cluster interface status`
	The "`(3) Local Logging Mode Status`" category contains: `Local Logging Mode Status Thresholds:` `-------------------------------------` `(1) Local Logging Mode`
	The "`(4) Log Server Connectivity`" category contains: `Log Server Connectivity Thresholds:` `-----------------------------------` `(1) Connection with log server` `(2) Connection with all log servers`
	The "`(5) Networking`" category contains: `Networking Thresholds:` `----------------------` `(1) Interface Admin Status` `(2) Interface removed` `(3) Interface Operational Link Status` `(4) New connections rate` `(5) Concurrent connections rate` `(6) Bytes Throughput` `(7) Accepted Packet Rate` `(8) Drop caused by excessive traffic`
	The "`(6) Resources`" category contains: `Resources Thresholds:` `---------------------` `(1) Swap Memory Utilization` `(2) Real Memory Utilization` `(3) Partition free space` `(4) Core Utilization` `(5) Core interrupts rate`

Thresholds Categories

Category	Sub-Categories
`(1) Hardware`	`Hardware Thresholds:` `--------------------` `(1) RAID volume state` `(2) RAID disk state` `(3) RAID disk flags` `(4) Temperature sensor reading` `(5) Fan speed sensor reading` `(6) Voltage sensor reading`
`(2) High Availability`	`High Availability Thresholds:` `-----------------------------` `(1) Cluster member state changed` `(2) Cluster block state` `(3) Cluster state` `(4) Cluster problem status` `(5) Cluster interface status`
`(3) Local Logging Mode Status`	`Local Logging Mode Status Thresholds:` `-------------------------------------` `(1) Local Logging Mode`
`(4) Log Server Connectivity`	`Log Server Connectivity Thresholds:` `-----------------------------------` `(1) Connection with log server` `(2) Connection with all log servers`
`(5) Networking`	`Networking Thresholds:` `----------------------` `(1) Interface Admin Status` `(2) Interface removed` `(3) Interface Operational Link Status` `(4) New connections rate` `(5) Concurrent connections rate` `(6) Bytes Throughput` `(7) Accepted Packet Rate` `(8) Drop caused by excessive traffic`
`(6) Resources`	`Resources Thresholds:` `---------------------` `(1) Swap Memory Utilization` `(2) Real Memory Utilization` `(3) Partition free space` `(4) Core Utilization` `(5) Core interrupts rate`

Notes

If you run the threshold_config command locally on a Security Gateway or Cluster Members to configure the SNMP Monitoring Thresholds, then each policy installation erases these local SNMP threshold settings and reverts them to the global SNMP threshold settings configured on the Management Server that manages this Security Gateway or Cluster.
On Security Gateway and Cluster Members, you can save the local Threshold Engine Configuration settings to a file and load it locally later.
The Threshold Engine Configuration is stored in the $FWDIR/conf/thresholds.conf file.
In a Multi-Domain Security Management environment:
- You can configure the SNMP thresholds in the context of Multi-Domain Server (MDS) and in the context of each individual Domain Management Server.
- Thresholds that you configure in the context of the Multi-Domain Server are for the Multi-Domain Server only.
- Thresholds that you configure in the context of a Domain Management Server are for that Domain Management Server and its managed Security Gateway and Clusters.
- If an SNMP threshold applies both to the Multi-Domain Server and a Domain Management Server, then configure the SNMP threshold both in the context of the Multi-Domain Server and in the context of the Domain Management Server.
  However, in this scenario you can only get alerts from the Multi-Domain Server, if the monitored object exceeds the threshold.
  
  Example: If you configure the CPU threshold, then when the monitored value exceeds the configured threshold, it applies to both the Multi-Domain Server and the Domain Management Server. However, only the Multi-Domain Server generates SNMP alerts.