The majority of agents in the host category have two host lists associated with them: exception and violating. In the exception host list, you can add the IP addresses of the hosts you don't want to trigger the agent (such as servers). The violating host list contains the IP addresses of the hosts that exceed the threshold set for the agent; adaptive response automatically adds hosts to this list when they are in violation. For example, for the Failed Flow Ratio agent, hosts that exceed the RatioThreshold will automatically be added to the violating host list.
The agent templates that use host lists are:
If you want a single exception host list to apply to all host agents, you can add exception hosts to the default host list that is automatically created for you: exceptionHosts. If you want different host lists for different agents, you will need to create host lists with unique names.
1. Access the command-line interface.
2. Type hl show to see the host list names.
3. To create a new host list, use the hl
new command. For example:
hl new NFPMexception
4. To add hosts to an existing host list, use the hl
add command. You can add multiple addresses or subnets by separating each with a space.
For example:
hl add exceptionHosts 192.21.18.162 192.21.18.165 192.21.18.169
5. When creating or editing the agent, make sure to specify this host list name for the ExceptionHosts parameter.
Adaptive response automatically creates a violating host list using the name supplied in the agent's ViolatingHosts parameter field. This list is named violatingHosts unless you change the name. Any hosts that exceed the agent's thresholds will be added to this host list. The maximum number of hosts in the violating hosts list is 1000; after the limit is reached, no additional hosts will be added to the list. Adaptive response automatically removes a host from the violator host list if it doesn't have activity for five minutes.
Note: All host agents have the same default violating host list name (violatingHosts). If you want to maintain unique host lists for each agent, make sure to change the name when defining the agent.
In order to apply restrictive bandwidth controls on the violating hosts, you may want to create traffic classes that are based on the violating host list names.
For example, to create Inbound and Outbound classes in the command-line interface, use commands similar to the following:
class new inbound hostviolators outside list:violatinghosts
inside list:violatinghosts
class new outbound hostviolators outside list:violatinghosts inside list:violatinghosts
In the browser interface, create an Inbound class and select the violating host list name from the Host List drop-down lists (Inside and Outside). Repeat for Outbound.
After you have created these classes, you can apply appropriate policies and/or partitions to restrict the violating hosts' bandwidth.
PacketGuide™ for PacketWise® 8.3