Best Practices for System Monitoring with Symantec DLP Network Prevent
System Monitoring Best Practices - Prevent
The chart below provides a summary of recommended methods that can be used to monitor the health and availability of your SymantecDLP Network Prevent system. Note that this document is supplementary to the System Maintenance and Admin guides.
Objective Best Practice
Verify availability of and connectivity to the Network Prevent Server.
Periodic pings to the Network Prevent servers from the MTA
Periodic pings to the Network Prevent servers from the Enforce server
Periodic checks to ensure that the Vontu Monitor service is running
Verify basic functionality of Prevent Server. Create a synthetic transaction that runs periodically and sends a non-violating email through Prevent. Verify that the email is received.
Verify advanced functionality of Prevent Server. Create a synthetic transaction that runs periodically and sends an email that violates a policy that blocks the message. Verify that the email does not get sent and that a bounce notification gets returned to the sender.
Capture critical system events via email alerts. Set up event alerts to notify system administrators of potential issues. Alerts can be configured to trigger under multiple conditions. In some cases, an alert should be configured solely on event because it reflects a system-wide issue. For other alerts that are Prevent-specific, you should add a condition that the relevant server is one of your Prevent servers. For instructions on setting up event alerts, refer to the Admin Guide for your version. For more information on general system maintenance and diagnosis, refer to the System Maintenance Guide.
System-wide alert conditions:
• Event summary contains Low disk space • Event summary contains License about to expire • Event summary contains Tablespace is almost full • Event summary contains not responding • Event summary contains Monitor status updater exception • Event summary contains Communication error
• Server is any of [choose all prevent servers] AND • Event summary contains No SMTP Traffic Captured • Event summary contains restarts excessively • Event description contains Failed to restart
Imported Document ID: TECH219194
Subscribing will provide email updates when this Article is updated. Login is required.