Product guide
11-25
Configuring Advanced Threat Protection
Using the Instrumentation Monitor
To enable instrumentation monitor using the default parameters and thresh-
olds, enter the general instrumentation monitor command. To adjust specific
settings, enter the name of the parameter that you wish to modify, and revise
the threshold limits as needed.
Examples
To turn on monitoring and event log messaging with the default medium
values:
ProCurve(config)# instrumentation monitor
To turn off monitoring of the system delay parameter:
ProCurve(config)# no instrumentation monitor system-
delay
To adjust the alert threshold for the MAC address count to the low value:
ProCurve(config)# instrumentation monitor mac-
address-count low
[learn-discards] : The number of MAC address learn events per minute discarded to
help free CPU resources when busy.
(Default threshold setting when enabled: 100 (med))
[login-failures] : The count of failed CLI login attempts or SNMP management authen-
tication failures per hour.
(Default threshold setting when enabled: 10 (med))
[mac-address-count] : The number of MAC addresses learned in the forwarding table.
You must enter a specific value in order to enable this feature.
(Default threshold setting when enabled: 1000 (med))
[mac-moves] : The average number of MAC address moves per minute from one port
to another.
(Default threshold setting when enabled: 100 (med))
[pkts-to-closed-ports] : The count of packets per minute sent to closed TCP/UDP ports.
(Default threshold setting when enabled: 10 (med))
[port-auth-failures] : The count of times per minute that a client has been unsuccessful
logging into the network.
(Default threshold setting when enabled: 10 (med))
[system-resource-usage]: The percentage of system resources in use.
(Default threshold setting when enabled: 50 (med)))
[system-delay] : The response time, in seconds, of the CPU to new network events such
as BPDU packets or packets for other network protocols.
(Default threshold setting when enabled: 3 seconds (med))
[trap] : Enables or disables SNMP trap generation.
(Default setting when instrumentation monitoring is enabled: disabled)