Pending events

The “Pending Events” page is like a dashboard. It shows the currently active or “pending” events. New events appear in the list immediately after they occur and disappear when they no longer apply. The page is automatically refreshed when new events occur.

1
2
3
4
5
6
Pending events screenshot

About the screenshot above

The row numbers below correspond to the hot spot numbers on the image.

  1. The small, colored icons at the beginning of each line indicate the event type.
  2. Trap and Syslog messages usually come in bursts. To prevent overflow of log files, these message types are recorded in separate log files that cover 30 minutes. You can use the Details link to zoom-in.
  3. Users with at least Operator rights can “Ack” events. This indicates that the user is aware that the event has taken place and takes responsibility for the follow-up. “Ack” clicks are logged!
  4. The colored icons in the top-right corner of the screen indicate the number of pending events and their type. They are visible on every Quantellium page.
  5. The number of visible columns can be customized. Click Administration | Customizing lists.
  6. The blue filter icon can be used (top right) to hide / show less important event messages. The priority or severity of an event is determined by the ranking of the device (DR) that caused the event. Devices with a high ranking are Firewalls, Routers, Swicthes, Servers, etc. Devices with low rank are user PCs or printers etc.

Managing events

Messages can be acknowledged or blocked by type, origin or content by adding filter rules. For more information click here.

Polling versus Interrupting

Quantellium determines the status of stateful events by periodically polling the device. How often a device is polled is determined by a device’s “Polling interval” setting. The initiative for the query lies with Quantellium.

In contrast, traps and Syslog messages are sent on the initiative of the devices themselves. They cause Quantellium interrupts. The number of interrupts is practicaly unlimited and could cause processing problems. To prevent such potential problems, Quantellium has built-in overload protection for Trap and Syslog interrupts.

These messages are also treated in a slightly different way. Pending and Trap messages are grouped in separate log files per 30 minutes and can be viewed on separate pages. A link to these pages is included on the “Pending events” page.