Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Telemetry configurations can be created, viewed, modified and deleted from each Telemetry component page. There are 4 telemetry configuration pages for each component of the system - CPU, Disk, Memory, Network. Figure 1 shows the location of the telemetry configuration settings in the navigation tree.

image-20240927-055106.pngImage Added

In this document, the Telemetry CPU page will be described, but the other pages behave similarly.

...

When ‘Add' or 'Modify’ are selected as shown in Figure 12, the configuration editor form will be displayed as seen in Figure 23. Then the user can select the desired fields that control the telemetry data to be collected. The following procedure describes the available configuration settings that are available and how to configure them:

  1. Schedule Configuration: This selects the frequency at which telemetry metrics are collected from the system. A user can use the drop-down selector at the top of the form in Figure 2 3 to configure the collection frequency. The available options are Minutely, Hourly, Midnight, or Custom. If custom is selected, the user will be prompted with an additional textbox where a cron format time must be provided. An example may be as follows:

    image-20240924-042351.png

    In this example, */15 * * * * was selected which schedules collection to be performed when the system time is a multiple of 15 minutes (00:00, 00:15, 00:30, …). Other examples may be:
    0 */6 * * * defines a schedule that runs when the time is a multiple of 6 hours (00:00, 06:00, 12:00, 18:00)
    0 0 1 * * defines a schedule that runs every month at midnight (1st Jan 00:00, 1st Feb 00:00, …)

  2. Metric Configuration: Users are provided checkbox options that select the metrics to be collected. For the example shown in Figure 23, there are 4 available CPU metrics that can be configured. If multiple are selected, then multiple events will be generated; there will be an event generated for each metric selected. Additionally, CPU, Disk, and Network have an associated 'InstanceName' which refers to the interface name of the component. Note that there may be multiple instances for a given telemetry type. For example, there may be a single policy for Disks as in Figure 4 below.

    image-20240927-061432.pngImage Added


    This results in the collection of events from each of the instances of Disk - one for storage interface on the system as is seen in the following screenshot:

    image-20240927-061137.pngImage Added


    The available metrics for each telemetry type are as follows:

    1. CPU:

      • % Idle Time

      • % Privileged Time

      • % Processor Time

      • % User Time

    2. Disk:

      • % Free Space

      • Free Megabytes

      • Disk Write Bytes/sec

      • Disk Read Bytes/sec

    3. Memory:

      • Available MBytes

      • Committed Bytes

      • % Committed Bytes In Use

    4. Network:

      • Bytes Received/sec

      • Bytes Sent/sec

      • % Bytes Total/sec

      • Packets Outbound Errors

      • % Packets Received Errors

  3. Severity Configuration: A severity level may be assigned to designate events based on the level of importance for quick identification for each destination format type ie., Snare, Syslog, CEF, LEEF using the drop down lists.

    • Snare - Critical, Priority, Warning, Information, Clear

    • Syslog - Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug

    • CEF - 0 - 10, 0 is least severe and 10 is most severe

    • LEEF - 1 - 10, 1 is least severe and 10 is most severe

...

The following screenshots show an example of a Telemetry CPU Configuration and the resultant events generated.

...

For additional information about the format of Telemetry events, refer to Appendix I - Telemetry Event Format.