Interpreting Syslog Messages

    When configured, OpUtils will automatically log the alerts from IP Address Manager, Switch Port Mapper and Rogue Detection tools to your Syslog Server. Every alert that gets logged into your Syslog Server will follow a specific format:

    OpUtils-<Tool Name>-<Alert Title>: <Alert Description>

    where,

    <Tool Name> refers to the OpUtils tool that generated this alert. This can be IPAM for IP Address Manager, SPM for Switch Port Mapper, and ROGUE for Rogue Detection tool.

    <Alert Title> tells you what the problem is or why this alert has been generated. The details of various alerts generated by OpUtils are explained in the table below.

    <Alert Description> will give the details of the alert

    Alert Title Purpose

    IP Address Manager Tool

     FORWARD-LOOKUP-FAILED 

    When a forward lookup to an IP fails

     REVERSE-LOOKUP-FAILED

    When a reverse lookup to an IP fails

     LOW-IP-UTILIZATION

    When the % of USED IP in a subnet is below the configured level

     HIGH-IP-UTILIZATION

    When the % of USED IP in a subnet is above the configured level

     MAC-MOVED

    When the IP address of a device gets changed

     IP-STATE-CHANGED

    When the state of an IP address gets changed to Available or Used

    Switch Port Mapper Tool

    STATE-CHANGED

    When the state of a Switch Port gets changed to Available or Used

    PORT-DISABLED

    When a switch port is administratively disabled

    MAC-DETECTED

    When a new MAC address is detected on a switch port

    MAC-DELETED

    When a device is removed from a port

    MAC-CHANGED

    When a devices is moved to a different switch port

    MULTIMAC-DETECTED

    When more than one MAC address is detected on a switch port

    VIRTUALIP-DETECTED

    When virtual IP is detected for a device that is connected to a switch port

    LOW-PORT-UTL

    When the USED port is lower than the configured level

    HIGH-PORT-UTL

    When the USED port is higher than the configured level

    SWITCH-DOWN

    When the switch is not accessible - could be powered off or not accessible via SNMP

    Rogue Detection Tool

    NEW-SYSTEM-DETECTED

    When a new device is detected on the network

      ARP-SPOOFING-DETECTED  

    When multiple IP's gets associated to the same IP

    GUEST-VALIDITY-EXPIRED

    When the guest validity of a device gets expired.