Responding to Alerts

Novell BorderManager 3.8 Alert monitors server performance, license acquisition for licensed Novell BorderManager 3.8 services, security, and Proxy Services availability.

For information on specific alerts:

The following table describes some recommended responses to the Novell BorderManager 3.8 alerts:

Alert Recommended Actions

Disk space shortage

Reduce the size and number of log files. Add more disk space, if necessary.

Memory shortage

Check server resources using monitor.nlm to determine whether a module is using excessive memory. Add more memory, if necessary. Depending on the bus type, some NetWare servers do not register all the memory present unless a REGISTER MEMORY statement exists in the startup.ncf file. More information about REGISTER MEMORY is located in the NetWare 5 online documentation at the following path:

Reference > Utilities Reference (under the General Reference heading) > Utilities > REGISTER MEMORY

ECB shortage

Check server resources using monitor.nlm to determine which NLM uses the most event control blocks (ECBs). Increase the maximum packet receive buffers on the server if server memory allows.

License error

Verify the current licenses installed for the server and check for license conflicts or expired trial licenses. Install additional licenses, if necessary.

Loading or unloading a security-sensitive NLM

This alert is primarily informational. Verify that the server console is secure and all remote sessions are authorized. Reload or unload the NLM, if necessary.

Oversized ping packet

Use a packet sniffer to capture packets and determine the source IP address.

Configure a TCP/IP packet forwarding filter to block pings originating from that source.

SYN packet flooding

Use a packet sniffer to capture packets and determine the source IP address.

Configure a TCP/IP packet forwarding filter to block TCP packets originating from that source.

Oversized UDP packet

Use a packet sniffer to capture packets and determine the source IP address.

Configure a TCP/IP packet forwarding filter to block UDP packets originating from that source.

Cache hierarchy parent (ICP parent) down

Ping the parent server to check if there is a routing problem. Verify that the parent server for the cache hierarchy is down and bring the server back up.

Note that if the cache hierarchy has multiple parents configured, proxy servers lower in the hierarchy will use the other parent servers while this server is down.

SOCKS server down

Ping the SOCKS server to check if there is a routing problem. Verify that the SOCKS server is down and bring the server back up.

POP3 or SMTP server down

Ping the Post Office Protocol 3 (POP3) or SMTP server to check if there is a routing problem. Verify that the POP3 server or internal mail server is down. You might not be able to resolve this problem if the POP3 server is administered by someone who is outside your organization.


Server Performance Alerts

Server performance alerts notify you of potential problems with server parameters or operations that can cause Novell BorderManager 3.8 services to underperform or fail.

The server performance alerts are as follows:


License Acquisition Alerts

A license alert indicates that a Novell BorderManager 3.8 service was unable to acquire the license it needs to operate.

Novell BorderManager 3.8 Alert monitors license acquisition for the following:


Security Alerts

Security alerts notify you of possible security breaches. The causes of these alerts should be investigated further because your server might be the target of a denial-of-service attack.

Denial-of-service attacks commonly plague servers connected to the Internet and are initiated by someone without authorized access to servers. A denial-of-service condition can be caused by a bombardment of packets sent to a server in order to consume significant memory or CPU processing time. After these server resources have been allocated to handle the packets, connection requests made by legitimate users cannot be processed effectively.

As with computer viruses, new denial-of-service attacks are launched on the Internet community without warning. Many of the known denial-of-service attacks are documented on various Web sites.

The Novell BorderManager 3.8 security alerts include the following:

Many other documented denial-of-service attacks can be detected by Novell BorderManager 3.8 Alert, although attacks are not identified by name.


Proxy Alerts

Proxy alerts generally indicate that a proxy server has not been configured correctly or is down.

The proxy alerts are as follows: