Imperva Cyber Community

Expand all | Collapse all

Meaning of System Events

Jump to Best Answer
  • 1.  Meaning of System Events

    CHAMPION
    Posted 18 days ago
    Hello,

    In system events i am getting different event types for the GW being Unresponsive/Disconnected. As i am trying to figure out if it was an overflow of network Events, or SQL events or a network connection issue between MX And GW i noticed:


    Does anyone know the difference between these events? I did have a look at the "System Events Reference Guide" in ftp but it isn't given much context there either.
    #AllImperva

    ------------------------------
    Sabajete Elezaj
    SNT Albania
    ------------------------------


  • 2.  RE: Meaning of System Events
    Best Answer

    Imperva Employee
    Posted 3 days ago

    Hello Sabajete,

     
    Hope you are fine.
    Let me try to explain each of the messages, in summary all of them are addressing performance problems, I recommend you to open a support case.


    • For Gateway performance Monitoring Status

    MX fetches GWs' counters every x minutes and calculates status of the gateways at a certain period. Each indicator is scored (OK/Warning/Overloaded/Unknown) per given time period.

    There are 5 indicators which impact GW status.

    Number of Samples in 15 minutes intervals are taken into consideration. If all of the intervals indicates same status (different than current) a change of status is made in the system events.

     

    You may already have seen it but if not please check below link.

    https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/10085.htm

     

    • For Gateway Status change

    It's likely you are seeing the status of the GW changing when it is unable to communicate correctly with the MX when any of the parties are under heavy load.

    The reason for this could be due to

    -  Connectivity issue
    -  GW is busy and failed to respond the request messages.
    -  MX is busy with other jobs.

     

    In general:
    * The MX check if the GW is alive or not every 30 seconds and do this 4 times.
    * After 120 seconds if there were no response from the GW; the MX will change the GW status to Disconnected.

     

    • For Gateway Unresponsive message

     

    Alert on MX "Gateway Unresponsive" seen mainly when not responding on ssh. There may not be any capacity issue on the gateways even unresponsive alert is received. This might again related to MX busy with other jobs, also could be network issue. Most of the time this message is received when there are "connection timed out" messages for the isAlive packets.

     

    On top of all the explanations when you see these kind of alerts and please feel free to open a case, support will investigate the logs and find the root cause of the alerts.



    ------------------------------
    Orkun Utku
    Customer Success Manager
    Belfast
    ------------------------------



  • 3.  RE: Meaning of System Events

    CHAMPION
    Posted 3 days ago
    Hello @Orkun Utku, thank you very much for your time and the thorough answer.


    ------------------------------
    Sabajete Elezaj
    Security Engineer
    Snt Albania
    Tirana
    ------------------------------



  • 4.  RE: Meaning of System Events

    Imperva Employee
    Posted 3 days ago
    Pleasure for me, @Sabajete Elezaj

    ------------------------------
    Orkun Utku
    Senior Sales Engineer
    Belfast
    ------------------------------