-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --On June 4, 2007 10:52:50 AM +0200 Mohacsi Janos <[EMAIL PROTECTED]> wrote:
| Hi Werner,
| We were thinking of similar approach. Earlier (nfsen 1.2.x) there
| was no easy pluggable interface for alerting. In nfsen 1.2 we decided
| to have a separate graphs for anomalies to see and click the interesting
| anomalies. Since nfsen-snapshot-20070312 has pluggable alerting mechanisms
| we started to implement similar approach....
| The missing element in the nfsen snapshot:
| - have mechanisms in nfsen to go to a certain graphs in the
| representation:
| + certain profile
| + certain source
| + tcp/udp/icmp/other
| + certain timeframe
| + ....
| The bookmark URL is not good enough....
|
| It would be nice to have some inteface to nfsen that plugin can use to
| access certain features of main nfsen.
That's certainly something to be discussed at June 29th for those coming
to Zürich. Anyway there will be a call to a function taking you to the
details page - basically what the URL already can do.
- Peter
|
| Best Regards,
|
|
| Janos Mohacsi
| Network Engineer, Research Associate, Head of Network Planning and Projects
| NIIF/HUNGARNET, HUNGARY
| Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
|
| On Thu, 31 May 2007, Werner Schram wrote:
|
| > Hello,
| >
| > I created a proof of concept alerting plugin to generate alerts based on
Holt
| > Winter information. My intention is creating a plugin that gives the same
| > information as the Holt Winter NfSen extension by Gabor Kiss, but without
| > patching NfSen. It does require patching the RRD files with Holt Winter
RRAs,
| > which could also be overcome by manually calculating the Holt Winter
| > information from the nfcapd files. But the Holt Winter RRAs shouldn't pose a
| > problem, and I didn't call a proof of concept for nothing :).
| >
| > The current NfSen plugin interface doesn't give an option for passing
| > information from the plugin to NfSen (it is not possible to influence the
| > content of the email sent as a result of the alert). So if you configure
| > NfSen to send an e-mail when Holt Winter finds aberrant behavior, the e-mail
| > will only tell that there is aberrant behavior, it will not tell in which
| > profile, source and type of graph (flows, packets or bytes) it is found. To
| > work arround this problem it sends debug information to the syslog, which
| > looks like this:
| >
| > May 31 15:45:21 [nfsen] holtwinter: found abberant behavior in rrd:
| > /var/lib/nfsen/profiles/live/Trillian.rrd in RRA flows_icmp
| >
| > The file includes a README file with installation instruction. I created the
| > plugin using nfsen-snapshot-20070312.
| >
| > All comments or suggestions are welcome!
| >
| > Werner
| >
|
| -------------------------------------------------------------------------
| This SF.net email is sponsored by DB2 Express
| Download DB2 Express C - the FREE version of DB2 express and take
| control of your XML. No limits. Just data. Click to get it now.
| http://sourceforge.net/powerbar/db2/
| _______________________________________________
| Nfsen-discuss mailing list
| Nfsen-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRmUS7f5AbZRALNr/AQLmHAP/UYLA0ALGaQZIiE7Ms6TAHasi5FAwaQhs
qC5lT4nLQ7An1S6kMj20RfGnn/pNBLB8/AiDxh13iyE3PaGxH77/60d/5glB9I8r
EF/GKIFv85hwuiAhS0Z8h2U506cMuMyjCpJ6ax5q3RDq9OG3Ar71od0VT99AcNyd
d0FRudIqaE8=
=n9dO
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
