| | | |
 Uploading ....Stopping Event Flood
What is Event Flood?
If a huge number of events of the same ID get generated from a machine within a short span of time, probe or central is unable to process the sudden flood of events and run slow or go down.
How we have solved this?
A new thread is added in the probe to monitor the number of events generated every hour and cross verify it with a predefined value. If a particular event is generated for more number of times and exceeds the predefined value, the process of updating that particular event in the probe database is stopped and an Info event is created. Info event indicates that event update process has been stopped due to event flood and will be resumed from the next hour. You can access info event from Alerts page. This handled from build 7205.
What should be configured to handle Event Flood?
To configure the limit of events generated:
- From the probe machine, go to <probe home>/conf
- Open serverparameters.conf
- Check for the variable #EVENTS_PER_HOUR 1000
- Remove the '#' symbol at the start of line to monitor event generation.
- Increase the set default value '1000' as per your requirements, but cannot be set below 1000.
- Save the file and restart the probe.
Note:
The one hour limit will start from the time of start of probe. So if
the probe is started at 1pm, it will check the limit from 1pm to 2pm.
If it exceeds within 2pm, the event generation will get stopped. Again
it will resume from 2pm and will check till 3pm and the process gets
repeated. This time interval cannot be configured.
|
Type of events currently handled:
- All types of eventlogs
- All types of traps
Available from 7205 build
|
|
|
| | | |
|
