Hi Ivan,
On 18.10.15 11:59, Ivan Beveridge wrote:
> Hi Peter et al,
>
> I am trying to set alerts similar to the following:
>
> packets/s > 10 minute average + 30%
> AND
> flows/s INSIDE 10 minute average + 5%
>
> The reason (probably obvious) is that I want to alert where I see a pps
> spike where there is not a corresponding significant increase in flows/s
> (like a DoS). However, it appears that the available options are
> greater-than, less-than, or outside. Depending on which of these you
> select, the + or - changes.
>
> Would it be possible to add the ability to check that (eg) the number of
> flows has not increased above a particular amount (or below a particular
> amount), etc?
This is indeed not implemented. I'll check, if an easy upgrade would be
possible.
- Peter
>
> I've had a look around and I can't find reference to this, so perhaps it
> is a feature request :)
>
> Many thanks
>
> Ivan
> P.S. There is a minor typo where "packages/s" is selectable, rather than
> "packets/s".
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
