Hello Sabajete,
Hope you are fine.
Let me try to explain each of the messages, in summary all of them are addressing performance problems, I recommend you to open a support case.
- For Gateway performance Monitoring Status
MX fetches GWs' counters every x minutes and calculates status of the gateways at a certain period. Each indicator is scored (OK/Warning/Overloaded/Unknown) per given time period.
There are 5 indicators which impact GW status.
Number of Samples in 15 minutes intervals are taken into consideration. If all of the intervals indicates same status (different than current) a change of status is made in the system events.
You may already have seen it but if not please check below link.
https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/10085.htm
- For Gateway Status change
It's likely you are seeing the status of the GW changing when it is unable to communicate correctly with the MX when any of the parties are under heavy load.
The reason for this could be due to
- Connectivity issue
- GW is busy and failed to respond the request messages.
- MX is busy with other jobs.
In general:
* The MX check if the GW is alive or not every 30 seconds and do this 4 times.
* After 120 seconds if there were no response from the GW; the MX will change the GW status to Disconnected.
- For Gateway Unresponsive message
Alert on MX "Gateway Unresponsive" seen mainly when not responding on ssh. There may not be any capacity issue on the gateways even unresponsive alert is received. This might again related to MX busy with other jobs, also could be network issue. Most of the time this message is received when there are "connection timed out" messages for the isAlive packets.
On top of all the explanations when you see these kind of alerts and please feel free to open a case, support will investigate the logs and find the root cause of the alerts.
------------------------------
Orkun Utku
Customer Success Manager
Belfast
------------------------------
Original Message:
Sent: 02-08-2021 06:19
From: Sabajete Elezaj
Subject: Meaning of System Events
Hello,
In system events i am getting different event types for the GW being Unresponsive/Disconnected. As i am trying to figure out if it was an overflow of network Events, or SQL events or a network connection issue between MX And GW i noticed:
Does anyone know the difference between these events? I did have a look at the "System Events Reference Guide" in ftp but it isn't given much context there either.
#AllImperva
------------------------------
Sabajete Elezaj
SNT Albania
------------------------------