1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Firewall
  5. M4050 - Network Security Platform
  6. Troubleshooting manual

How Sensor Handles New Alerts During Connectivity Loss; Manager Connectivity To The Database - McAfee M4050 - Network Security Platform Troubleshooting Manual

Troubleshooting guide
Hide thumbs Also See for M4050 - Network Security Platform:
Table of Contents

Advertisement

McAfee® Network Security Platform 6.0
For more information, see the KnowledgeBase article KB55587 (Go to
http://mysupport.mcafee.com/Eservice/, and click

How Sensor handles new alerts during connectivity loss

The Sensor stores alerts internally until connection is restored. Network Security Platform
classifies events and prioritizes to ensure the buffer is filled with the most meaningful
events to an analyst.
The following table lists the number of alerts that can be stored locally on the Sensor.
100000
Once the connection from the Sensor to the Manager has been re-established, the queued
alerts are forwarded up to the Manager. So the customer will retain them even in the event
that connectivity is disrupted for some time.
If the buffer fills up before connectivity is restored, the Sensor will drop new alerts, but if
blocking is enabled, the Sensor will continue to block irrespective of the Sensor's
connectivity with the Manager.

Manager connectivity to the database

In the event that the Manager loses connectivity to the database (i.e. the database goes
down) the alerts are stored in a flat file on the Manager server. When the database
connectivity is restored, the alerts are stored in the database.
Check to ensure the Management port on the Sensor is configured with the proper
speed and duplex mode as described in Management port configuration.
Has the time been reset on the Manager server? The connection between the Sensor
and Manager server is secure, and this secure communication is time-sensitive, so
the time on the devices should remain synchronized. You must set the time on the
Manager server before you install the Manager software and never change the time
on that machine. If the time changes on the Manager server, the Manager will lose its
connectivity with the Sensor and the Update Server. A time change could ultimately
cause serious database errors.
Number
Signature based alerts
2500
Throttled alerts (with source and destination IP
information)
2500
Compressed throttled alerts (alerts with no source and
destination IP information)
2500
Statistical or anomaly DoS
2500
Throttled DoS alerts
1000
Host sweep alerts
1000
Port scan alerts
Troubleshooting Network Security Platform
Search the KnowledgeBase
Alert Type
30
)

Advertisement

Table of Contents
loading

Related Manuals for McAfee M4050 - Network Security Platform

Related Content for McAfee M4050 - Network Security Platform

This manual is also suitable for:

Network security platform 6.0

Table of Contents