Interpreting Syslog Messages


 

When configured, OpUtils will automatically log the alerts from IP Address Manager, Switch Port Mapper and Rogue Detection tools to your Syslog Server. Every alert that gets logged into your Syslog Server will follow a specific format:

 

OpUtils-<Tool Name>-<Alert Title>: <Alert Description>

 

where,

 

<Tool Name> refers to the OpUtils tool that generated this alert. This can be IPAM for IP Address Manager, SPM for Switch Port Mapper, and ROGUE for Rogue Detection tool.

 

<Alert Title> tells you what the problem is or why this alert has been generated. The details of various alerts generated by OpUtils are explained in the table below.

 

<Alert Description> will give the details of the alert

 

Alert Title Purpose

IP Address Manager Tool

FORWARD-LOOKUP-FAILED

When a forward lookup to an IP fails

REVERSE-LOOKUP-FAILED

When a reverse lookup to an IP fails

LOW-IP-UTILIZATION

When the % of USED IP in a subnet is below the configured level

HIGH-IP-UTILIZATION

When the % of USED IP in a subnet is above the configured level

MAC-MOVED

When the IP address of a device gets changed

IP-STATE-CHANGED

When the state of an IP address gets changed to Available or Used

Switch Port Mapper Tool

STATE-CHANGED

When the state of a Switch Port gets changed to Available or Used

PORT-DISABLED

When a switch port is administratively disabled

MAC-DETECTED

When a new MAC address is detected on a switch port

MAC-DELETED

When a device is removed from a port

MAC-CHANGED

When a devices is moved to a different switch port

MULTIMAC-DETECTED

When more than one MAC address is detected on a switch port

VIRTUALIP-DETECTED

When virtual IP is detected for a device that is connected to a switch port

LOW-PORT-UTL

When the USED port is lower than the configured level

HIGH-PORT-UTL

When the USED port is higher than the configured level

SWITCH-DOWN

When the switch is not accessible - could be powered off or not accessible via SNMP

Rogue Detection Tool

NEW-SYSTEM-DETECTED

When a new device is detected on the network

ARP-SPOOFING-DETECTED

When multiple IP's gets associated to the same IP

GUEST-VALIDITY-EXPIRED

When the guest validity of a device gets expired.

 

 

Copyright © 2004-2012, ZOHO Corp. All Rights Reserved.
ManageEngine