I created a red action file for an adaptive response agent.
After the agent crosses the red threshold, I’d like to verify that the red action file was executed.
After an action file is executed, an output file is created in the unit directory 9.258/agent/cmd/complete.
The output file has the same name as the action file, but with a numbered file extension (for example, red-host.17).
Here's an example output file:
*** (9.258/AGENT/CMD/pending/testpart.61, line 1):
'send email [email protected] "FTP Partition" "The usage for inbound/ftp exceeded 90% of the partition size"'
For more information, see Adaptive Response Action Files Overview in PacketGuide.