Similarly, network 192.168.2.0/24 that has exceeded a traffic threshold will have “network” as entity and “192.168.2.0/24” as entity value.Įntities are not shown when browsing ntopng alert pages as they are clear from the context and alert messages.
SNMP device interface: device added to ntopng from the SNMP pageįor example, an alert triggered for host 192.168.1.2 that has exceeded a traffic threshold will have “host” as entity and “ 192.168.1.2” as entity value. Flow Risk, Trigger alerts on the basis of detected nDPI flow risks Not Purged, Detects bugs in the flow purge logic Remote to Remote Flow, Triggers an alert.SNMP device: device added to ntopng from the SNMP page.The list of entities supported by ntopng are: The alert is sent when the ingress bytes exceed the threshold. When the Ingress Bytes delta exceeds the threshold the system detects the change. Ingress traffic is a network traffic originated from external networks and destined for a node in the host network. For this reason, such alerts are said to be engaged or past, depending on whether the triggering threshold is still met or not.Įvery alert has an entity (subject for which the alert has been generated). Ingress Traffic Alert¶ Checks for Ingress Traffic. This period of time starts then the threshold is first met and stops when the threshold is no longer met. Threshold: select the type of threshold (Volume, Throughput or. Ntopng WebUIUserScripts perform the evaluation of thresholds periodically, at predefined time intervals.Īlerts associated with a threshold have a duration, that is, they are active for a certain period of time. ntopng can trigger customizable alerts, based on a local host traffic timeseries (or all. “The total traffic originated at a network exceeds a certain threshold” Ntop instead, can do the same job using exactly one rule (burglar alarm): icmp route-ad.“Packet drops of an interface exceeds a given percentage of the total number of monitored packets” ntopng/scripts/locales/en.“The number of SYN sent by an host exceeds a certain number so it is considered a scanner”.“The traffic generated by an host falls below a certain threshold”.As soon as ntopng detects a certain threshold is crossed, it immediately triggers the corresponding alert. For example, alerts can be triggered when certain user-configurable thresholds are crossed. The status change of a switch port detected via SNMPĬertain alerts are configurable.So for example if you have two groups of hosts, say ced with ip 192.168.1.0/24 and office with ip 192.168.2.0/24, and you want to apply different configurations to. Each configuration is applied to a certain group of hosts (specified in CIDR format). Enabling and disabling a checks enables or disables the corresponding alerts. In the latest ntopng version, you have the ability to create configurations for the alerts. WebUIUserScripts are responsible for the generation of alerts. Ntopng generates alerts to report the occurrence of events and user-configurable thresholds.
0 kommentar(er)
