Il s'agit d'un message multivolet au format MIME. Hi MLM specialists,
I never used MLM, but I am studying a way of preventing trapd being overload
with unsollicited
traps, and as discussed before, if no action is possible at the agent level,
MLM seems to be a good
solution.
The problem is to prevent an overload, i.e. filter traps from an agent if the
flow is greater from a
predefined threshold.
It seems that the throttle fields of the MLM filter table could help in doing
that, but I did not
understand very well the use of Arm Count, Armed Command in combination with
Disarm Timer or Disarm
Count and Disarm Command...
Typically, what I would like to perform :
If the number of trap from the same host is greater than 10 within 5 sec =>
activate filter
Deactivate filter when trap flow is lower than 1 trap / 2 sec
Is that possible, and how would it be implemented?
Thanks for your help
Luc BARNOUIN
luc.barnouin.vcf
Description: Carte pour Luc BARNOUIN
|