In getting ready to deploy v11.6 (on RHEL 5.8) in forwarding mode, the question came up, "We have to provide health metrics on the status of every technology in the email message chain. So:
1) Is there a port that being open on the DLP box tells us the DLP services are actually processing email messages (instead of just running)? OR...
2) Are there "start-stop" events on the DLP box (or that they invoke on the upstream or downstream SendMail servers) that tell us the DLP services are actually processing (not just running)?"
Anyone have a good answer to identify such "key indicator(s)"? Just monitoring that the "service" is running is not the answer being sought.
there is a message wait time, you can look at also under system>servers>alerts you can coinfgiure a server alert for a particular warning of info severe and warning...
not sure this is what you are looking for? are you using amy type of SIEM or syslog server?
Thanks for pointing us to the Systems Alerts.
Can anyone share with me your set of System Alerts? I am especially looking for ones applicable to Prevent for Email in forwarding mode.
In reading through the various configuration options and events, it seems there would be a common way of configuring a standard set of conditions (with event codes) specific to each mode option (reflective and forwarding). The event codes I think one would want to see would be: 1501, 1503 and 2305 for either mode.
And as well as for each sensor and the Enforce server. A quick search here did not produce any results, none for any of trhe sensors nor for Enforce.
Our initial roll-out of components are:
do you have anything like solarwinds you can use for reporting? or a SIEM/syslog cerver you can report to to generate alerts? send me a message and let me see what i can do for you.