Real-time alert for PowerSupplyOff
I am trying to set-up real-time alert when power supply goes down, on All-In-One AE appliance.
Initially, I tried to do that on manager module, but found no possibility through the ArcSight console. Then, as manager and logger are both on the AIO appliance, I found info in logger documentation, bout system inernal events, and a way to create real-time alert. One of system internal events that the logger is looking for is loose of power.
So, there is built-in filter for System Alert - Power Supply Failure (CEF), which I used to create alert. Giving a value 1 for number of events, and 1 sec for thrshold parameter, I wanted to receive email notification for each created event.
For now, everything seems to be ok, but when enabling alert, I noticed that notification messages are sent (or at least received in my mail folder) each 10 minutes. So, looking in messages, I can see that event is created each minute, and then 10 messages are received all together, after 10 minutes delay. Seems like there is no messages sent when original event is created, just like logger engine is collecting events, and then send a bunch of messages after 10 minute delay.
Moreover, when I monitored for new internal events, particulary for PowerSupplyOff events, on logger search page, then, within 10 minutes range, there are no new events displayed (I refreshed search every 30 seconds) and then after 10 minutes, all 10 generated events are displayed. And then again...
All in all, instead of getting notification message at once, when power supply is off (AIO appliance has to power supplies, and I can test everything by disconnecting one), the first messages is received after some minutes, in worst case after 10 minutes.
Any configuration parameter that defines the time how logger engine is processing system internal events, and send notifications? Anyone found similar issue?