PREVIOUS Alerts dashboard

NEXT How to?

Alerts and correlation libraries

The system comes with a pre-defined set of standard alerts that you can configure and activate as soon as data is being sent to Devo. 

Go to Administration → Alerts Configuration → Alert Subscriptions to view these and all other custom alerts defined in your domain.

The Alerts Filter lets you filter the alerts that are displayed in the list by selecting alert category and subcategory. There are three actions you can take with alerts displayed in the list:

  • Activate or deactivate an alert using the ON/OFF switch.
  • Mark an alert as a favorite by selecting the heart icon at the end of the row.
  • Apply one or more sending policies to an alert by clicking the paper airplane icon and selecting the desired policies. 

The following table lists and describes the standard alerts provided by Devo.

Category Subcategory Alert Description
Application Server Apache Tomcat Server Tomcat Startup Triggers an alert when a Tomcat server has been started.
Application Server Apache Tomcat Server Tomcat Shutdown Triggers an alert when a Tomcat server has been shut down.
Application Server Apache Tomcat Server Tomcat common errors Triggers an alert when a common error is reported in a Tomcat server. For example, out of memory, max open files, database exception, servlet exception, and so on.
Application Server Apache Tomcat Server Tomcat too many GCs Triggers an alert when there have been too many garbage collection in a short period of time.
Application Server Apache Tomcat Server Tomcat GC max time exceeded Triggers an alert when a garbage collection takes too much time to run, having a possible adverse effect on service performance.
Application Server Apache Tomcat Server Tomcat severe errors Triggers an alert when too many severe errors occur in a short period of time.
Application Server JBoss Server JBoss Startup Triggers an alert when JBoss starts.
Application Server JBoss Server JBoss Shutdown Triggers an alert when JBoss is shut down.
Application Server JBoss Server JBoss common errors Triggers an alert when a common error is reported in a JBoss server. For example, out of memory, max open files, database exception, servlet exception, and so on.
Attacks Suspicious Activity Malicious IP Addresses Triggers an alert when activity from blacklisted IP addresses (Alienvault OTX and TOR Network's output nodes lists) are detected in the customer logs.
Attacks Suspicious Activity Malware Domains

Triggers an alert when the customer server DNS logs report attempts to resolve domain names listed in malwaredomainlist.com and abuse.ch.

Attacks Suspicious Activity Malware URLs

Triggers an alert when the proxy navigation logs report accesses to URLs that are listed in the malwaredomainlist.com blacklist.

Attacks Scanning PortScan Triggers an alert when a port scan is recorded in the firewall log.
Attacks BruteForcing SSH Bruteforcing Triggers an alert when a SSH brute force attack, successful or not, has been detected in a server log.
Attacks BruteForcing DeskTop Triggers an alert when an RDP attack, successful or not, has been detected in the Windows log.
Attacks Geolocation Unusual Connection Triggers an alert when there is a connection from an unusual geolocation.
Devo Collector Logs format errors Triggers an alert when you are sending logs with an incorrect format.
Devo Structural common alerts Reminder Triggers an alert every "x" minutes while an antiflooding policy is active.
Devo Structural common alerts Recovery Triggers an alert when an Antiflooding policy finishes. 
Devo Structural common alerts Antiflooding Start Triggers an alert when an Antiflooding policy starts.

Monitoring

NetWork Data Sent

Monitors the system outbound traffic in bytes/second.

Default policy: avg(netSent)>=8 megabytes/second in a 10 min interval.

Monitoring NetWork Data Received

Monitors the inbound traffic in bytes/second.

Default policy: avg(netRecv)>=8 megabytes/second in a 10 min interval.

Monitoring Relay Events Per Second

Monitors the traffic volume handled by an In-house Relay in Events Per Second (EPS).

Default policy: avg(eps)>=5000 in a 10 min interval.

Monitoring Relay Events Per Minute

Monitors the traffic volume managed by an In-house Relay in Events Per Minute (EPM).

Default policy:  avg(epm)>=300.000 in a 10 min interval.

Monitoring Machine Load Load Alert

Monitors the machine load.

Default policy: avg(load)>=4 in a 5 min interval.

Monitoring

Generic Monitoring

Staying Alive Monitors if the service is active.
Monitoring

Generic Monitoring

Site Availability Monitors the site availability.
Monitoring CPU Monitoring CPU Alert A

Monitors the systems CPU load.

Default policy: avg(CPU)>75% in a 1 h interval.

Monitoring CPU Monitoring CPU Alert B

Monitors the systems CPU load.

Default policy: avg(CPU)>90% in a 15 min interval.

Monitoring Memory Monitoring Available Memory A

Monitors the amount of memory available in the system.

Default policy: memFree<=2% in a 10 min interval.

Monitoring Memory Monitoring Available Memory B

Monitors the amount of memory available in the system.

Default policy: memFree<=10% in a 1h interval.

Monitoring Disk Monitoring Disk Alert A

Monitors the amount of free disk space available in the system.

Default policy: diskFree<=10% in a 1h interval.

Monitoring Disk Monitoring Disk Alert B

Monitors the amount of free disk space available in the system.

Default policy: diskFree<=2% in a 30 min interval.

System Unix/Linux Unix Critical Error Triggers an alert when a serious error occurs on a Linux system, such as segmentation faults, potential kernel panics, I/O errors, reboots, rsyslogstart/stop, or others.
System Unix/Linux Unix Kernel Oops Triggers an alert when a Kernel Oops message has been written to the log.
System Unix/Linux APT Packages Triggers an alert when a package is added to or deleted from the system.
System Windows Windows Critical Error Triggers an informative alert about general errors that have occurred on a Windows system.
System MacOs MacOs Critical Error Triggers an informative alert about general errors that have occurred on a MacOs systems
System BSD BSD Critical Error Triggers an informative alert about general errors that have occurred  on BSD system.
System VmWare VmWareCritical Error Triggers an informative alert about general errors that have occurred in the VMware virtualization product logs.
Tracking User Tracking User Triggers an informative alert about the connections and activities of a specific user within the customer's system.
Web Server IIS IIS Critical Error Triggers an alert when a critical error has been reported in the IIS Server.
Web Server Generic SSL Warning Triggers an alert when an SSL Warning has been reported in the Web Servers.
Web Server HTTP Attack Malicious HTTP Methods Triggers an alert when an uncommon HTTP method such as PUT or webDAV extensions has been used. Depending on the service, these may not be malicious.
Web Server HTTP Attack Proxy Abuse Triggers an alert when there has been an attempt to use the web server as a proxy with the goal of accessing external or internal resources. Depending on the service, these may not be malicious.
Web Server HTTP Attack SuspiciousUser Agent Triggers an alert when the web server reports activity from unusual browsers or tools used to automate tasks.
Web Server Apache Apache Critical Error Triggers an alert when an Apache critical error such as segfault or PHP fatal error has been reported.
Web Server Apache Apache common errors Triggers an alert when an Apache generic error has been reported.
Web Server Apache Apache Invoke dir as script Triggers an alert when the Apache error "Attempt to invoke directory as script" has been reported.
Web Server Apache Apache client denied by server conf Triggers an alert when there has been an attempt to access a resource that is forbidden or not stored under DocumentRoot.
Web Server Apache Apache FQDN server name not resolved Triggers an alert when the server name is not associated with a fully qualified domain name (FQDN).
Web Server Apache Apache bind to address fail Triggers an alert when an Apache server can't bind the specified listening port. This is often because it is in use by another service, due to SELinux/AppArmor policies.
Web Server Apache Apache favicon not found Triggers an alert when the web server does not have a favicon.
Web Server Apache Apache too many 404 errors Triggers an alert when there are too many 404 Not Found errors in a short period of time. This can be caused by resource scans or broken links in the web application.
Web Server Apache Apache mixing ports error Triggers an alert when there has been an Apache configuration error in virtual hosting environments.
Web Server Apache Apache PHP fatal error Triggers an alert when there are too many PHP errors.
Web Server Apache Apache too many byte range requests

Triggers an alert when there have been too many 206 Partial Content requests in a short period of time. This can be caused by massive downloads or a possible Apache Range Header DoS attack.

Web Server Apache Apache Shutdown Triggers an alert when the Apache server has been shut down.
Web Server Apache Apache Startup Triggers an alert when the Apache server has been started.
Web Server Apache Apache SSL Heartbleed Triggers an alert when the Heartbleed bug has been detected.
Web Server Apache Apache Multiple SSL heartbeat requests Triggers an alert when there has been more than one SSL heartbeat request made to the Apache Server.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US

PREVIOUS Alerts dashboard

NEXT How to?