Solutions

I'm using the Adaptive Response High Bandwidth Host Agent. What's the difference between host action files and command scheduling?

Solutions ID:    KB4514
Version:    1.0
Status:    Published
Published date:    08/01/2011
 

Problem Description

I'm using Adaptive Response, and I'm confused with Host Action files and Command Scheduling.  What's the difference between these two features? 

Resolution

There are two main components to Adaptive Response: agents and action files.

1. AR Agents – The agent, when enabled, will monitor based on the agent selected and the parameters that are set. The parameters allow you to control the agent triggering thresholds. There are two thresholds: Red and Green.  The "RedThreshold" triggers when a maximum threshold is met and the "GreenThreshold" triggers when a parameter goes back down to a normal state, which is the minimum threshold that the user sets. Once both are set in the High Bandwidth Host Agent, a Host that violates the percentage of bandwidth will automatically trigger the RedThreshold in the agent, and get put into the Violating Host list. When the percentage of bandwidth goes down, the GreenThreshold will trigger and if there is an action file associated with it (see Action Files below), another correction action will be enabled per the user's needs such as flushing the Violating Host list.

Adaptive response automatically creates a violating host list using the name supplied in the agent's ViolatingHosts parameter field. Any hosts that exceed the agent's thresholds will be added to this host list. Adaptive response automatically removes a host from the violator host list if it doesn't have activity for five minutes.

2. Action Files – Action files are triggered when an agent goes to either a Red Threshold, or goes from a Red Threshold back to a Green Threshold. They are command files that are associated with a specific agent and can be configured to take corrective action. They also can be used to flush IP addresses in Violating Host lists, though it is not necessary as the AR Agent itself performs that function if there is no activity from that host for five minutes.

3. Command Scheduling – There is a third way of using Adaptive Response Agents: by using the command scheduling tool. This tool allows you to run CLI commands or action files based on the time of the day. Command scheduling is independent of Adaptive Response though they can be used together. For example, in the High Bandwidth Host Agent, hosts are automatically put into the Violating hosts list. You have two ways of flushing those IP addresses.  You can put in a Green Action file to automatically flush when the PacketShaper reaches a certain bandwidth, or you can do it by command scheduling.

The benefit of using command scheduling is that you can schedule a specific time to flush those violating hosts. All you would need to do is open the command scheduling tool, and put in two commands

  • command to remove the Violating Host list: hl rm violatinghosts
  • command to add back in the Violating Host List: hl new violatinghosts

Command scheduling detailed instructions:

https://bto.bluecoat.com/packetguide/current/nav/tasks/administrative/create-schedule.htm


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question