System health cards for McAfee DLP Prevent

The McAfee DLP Prevent system health cards display information about appliance type, system health, email and web statistics, and the evidence queue.

System health cards display McAfee DLP Prevent appliances as Prevent Server, and each functioning appliance is shown as Active. An appliance can be one of the following types, depending on whether it is standalone or part of a cluster:

  • Prevent Server Standalone
  • Prevent Server Cluster Master
  • Prevent Server Cluster Scanner

Status is displayed in green, amber, or red depending on whether warning and critical threshold values are exceeded, or there is an error. More information is provided in the Alerts and Details panes.

McAfee DLP Prevent statistics

In addition to standard system health information about each appliance or cluster of appliances, McAfee DLP Prevent provides the following information:

  • Evidence Queue — Shows the number of evidence files waiting to be copied to evidence storage. If the total combined size of the items in the queue exceeds a threshold, an alert is issued. If the evidence server is unavailable because, for example, it can't be contacted, the evidence is queued until the server becomes available again.

    The evidence queue has between 20–200 GB storage available, Depending on the platform. If it becomes full, no further incidents are created, any further traffic is refused, and a failure response is issued. For SMTP traffic, this is a temporary failure response. For ICAP traffic, the response is a server failure error.

  • Emails (per minute) — Shows the number of messages that were delivered, were permanently or temporarily rejected, or could not be analyzed.
    • A message might be temporarily rejected if, for example, the Smart Host is unavailable.
    • A message might be permanently rejected if, for example, the recipient address is incorrect or the message has been blocked by the Smart Host.
  • Web Requests (per minute) — Shows the number of web requests that McAfee DLP Prevent received, and the number it could not analyze.

See the information about McAfee DLP Prevent error messages to find out what happens if a message or web request is blocked. Apart from the evidence queue counter, the counters are not cumulative.

McAfee DLP Prevent alerts

If a system health status appears in amber or red, more information is provided in the Alerts and Details panes. McAfee DLP Prevent also provides alert information in the following circumstances.

  • The evidence queue exceeded the default threshold.
  • McAfee DLP Prevent could not enforce a policy.
  • The virtual IP address that you assigned is not on the same subnet or network as the McAfee DLP Prevent appliance.
  • McAfee ePO could not contact the McAfee DLP Prevent appliance (for example, if the power supply was interrupted).

    An alert is not generated if the appliance was shut down manually.