Hey everyone,
I understand that changes were introduced in 7.4 to allow aggregate tracking of MAC addresses and I'm seeing many deviation events listing asset ids being flagged for exceeding the number of MAC addresses. However, 90% of these events show a MAC address count of "1". Manual verification for many of these actually show no MAC address so I'm a little confused. In the asset profiler settings, I'm still using the default of 10 MACs and can't seem to figure this out. It is worth noting that in addition to log data, i am importing VA data as well. Any ideas are greatly appreciated!
SAMPLE NOTIFICATION
May 25 10:38:51 127.0.0.1 [AssetProfilerLogTimer] com.q1labs.assetprofile.updateresolution.UpdateResolutionManager: [WARN] [NOT:0000004000][REDACTED/- -] [-/- -]Vortex Asset Ids (cont'd): [ASSET ID:1069553, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1069653, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1069674, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1069906, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1069955, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1070013, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1070197, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1070614, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1070975, REASON:Too many MAC Addresses, COUNT:1], [ASSET ID:1072211, REASON:Too many MAC Addresses, COUNT:1]
------------------------------
Paul
------------------------------