Hi Peter,
I'm using these versions :
- nfsen: 1.3.2 $Id: nfsen 8 2009-05-07 08:13:13Z haag $
- nfdump: Version: 1.6.1 $LastChangedDate: 2010-03-05 07:50:35 +0100
(Fri, 05 Mar 2010) $
$Id: nfdump.c 59 2010-03-05 06:50:35Z haag $
Regards,
Lionel.
Peter Haag a écrit :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What version of NfSen/nfdump are you using?
- Peter
On 4/8/10 12:33, Lionel David wrote:
Hi all,
During a day, my live traffic is oscillating between min 500Mbps (night)
and max 3Gbps (not every day). I've configured an alert which send me an
e-mail if live traffic > 3Gbps. It works well if I configure the alert
like this :
A "Conditions based on total flow summary" : "bit/s > Absolute value 3
G" --> Ok, I receive an e-mail just if the live traffic > 3G.
But I've also tested this : A "conditions based on individual Top 1
statistics" : "Bit/s of Top 1 Any IP Addresse > 3 G"
In other words, this alert should be fired just if traffic of one IP
address is > 3Gbps : Wow, the alert is always "fired", how it's possible
for an individual IP address whereas the live traffic is almost always <
3G ??!!
Is there anyhing I don't understand in the alert configuration ?
Also, if I do a "Stat TopN order by bps" on the live traffic, for a few
IP addresses I obtain traffic in bps > live traffic in bps. It's
strange, isn't it ?
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [email protected] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBS77sGP5AbZRALNr/AQI2YAP/VFoRTtNJQxGtO8ZqqpTUlwAwHndEc0fB
bvf2zTh2jDWXSIVBTJiHHzq0B1Of0HG+sLmIXGR8w/jKac1NQBeoyrkzhJMjZDOM
IgXo+oBc+xugrlL98Cde601YMpnwZV56ENzCnl+Z/GR116lKHzI2qDQCrKVGUpY4
UKdaBmqva1I=
=AR6I
-----END PGP SIGNATURE-----
--
Lionel David
Réseau Académique Parisien - CORAP
Boîte courrier 125
4 place Jussieu - 75252 PARIS Cedex 05
Tél : +33 1 44 27 73 34 / +33 6 80 01 81 77
Web: http://www.rap.prd.fr
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
