Hello Patrick, Go to NFSEN web gui , there should be ALERTS tab, click on it and add alert and then set conditions.
Tuesday, March 25, 2014, 8:24:36 PM, you wrote: > That’s basically my question! J > > How can I do it in nfsen? I have no experience and not sure how to do it. > > Any help would be appreciated. > > Thank you. > > Pat. > > The information in this message, including in all attachments, is > confidential or privileged. In the event you have received this > message in error and are not the intended recipient, you are hereby > advised that any use, copying or reproduction of this document is > strictly forbidden. Please notify immediately the sender of this > error and destroy this message, including its attachments, as the case may be. > L'information apparaissant dans ce message électronique et dans les > documents qui y sont joints est de nature confidentielle ou > privilégiée. Si ce message vous est parvenu par erreur et que vous > n'en êtes pas le destinataire visé, vous êtes par les présentes > avisé que toute utilisation, copie ou distribution de ce message est > strictement interdite. Vous êtes donc prié d’en informer > immédiatement l’expéditeur et de détruire ce message, ainsi que les > documents qui y sont joints, le cas échéant. > De : Chris Roose [mailto:ch...@transientaudio.net] > Envoyé : 25 mars 2014 15:20 > À : Patrick Lessard > Cc : nfsen-discuss@lists.sourceforge.net > Objet : Re: [Nfsen-discuss] Defining alert if exceeds x number of flows > > Pat, > Have you tried doing this in NfSen? It's pretty easy to set an > email alert for this condition using the GUI. > Thanks, > Chris > On 3/25/2014 2:43 PM, Patrick Lessard wrote: > Hello all, > > I’m testing nfsen along with nfdump and it works fine. > > Now I would like to get an alert when a certain amount of flows > pointing to the same destination IP address is exceeded. > > I tried: > > /usr/local/nfdump/bin/nfdump -M > /usr/local/nfsen-1.3.6p1/profiles-data/live/RouterA -T -R > 2014/03/25/nfcapd.201403250000:2014/03/25/nfcapd.201403250040 -n 5 -s > dstip/flows > Top 5 Dst IP Addr ordered by flows: > Date first seen Duration Proto Dst IP Addr > Flows(%) Packets(%) Bytes(%) pps bps bpp > 2014-03-25 00:01:40.684 2583.240 any a.b.c.d1 16640( 7.1) > 16706( 3.1) 1.0 M( 1.7) 6 3104 60 > 2014-03-25 00:02:35.664 2528.104 any a.b.c.d2 11183( > 4.8) 15210( 2.8) 905478( 1.5) 6 2865 59 > 2014-03-25 00:01:40.664 2581.600 any a.b.c.d3 7532( 3.2) > 10521( 2.0) 624571( 1.1) 4 1935 59 > 2014-03-25 00:01:40.664 2583.212 any a.b.c.d4 5325( 2.3) > 7153( 1.3) 364414( 0.6) 2 1128 50 > 2014-03-25 00:02:36.056 2527.592 any a.b.c.d5 3372( 1.4) > 3384( 0.6) 210376( 0.4) 1 665 62 > > Summary: total flows: 235183, total bytes: 58.5 M, total packets: > 536871, avg bps: 120690, avg pps: 138, avg bpp: 108 > Time window: 2014-03-24 23:40:20 - 2014-03-25 00:44:57 > Total flows processed: 235183, Blocks skipped: 0, Bytes read: 14111476 > Sys: 0.044s flows/second: 5227218.2 Wall: 0.044s flows/second: 5298585.1 > > > Or like this: > > /nfdump -M /usr/local/nfsen-1.3.6p1/profiles-data/live/RouterA -T > -R 2014/03/25/nfcapd.201403250000:2014/03/25/nfcapd.201403250040 -o > "fmt:%fl %da" -a -A dstip | sort –g > > 2081 a.b.c.d1 > 2545 a.b.c.d2 > 2724 a.b.c.d3 > 3208 a.b.c.d4 > 3372 a.b.c.d5 > 5325 a.b.c.d6 > 7532 a.b.c.d7 > 11183 a.b.c.d8 > 16640 a.b.c.d9 > > I would like to get an alert (email) when the number of flows exceed 5000 for > example. > > Is there a way to do it in nfsen by defining an alert? > > Thank you. > > Pat. > -- Best regards, Ozga Rafal mailto:go...@mtm-info.pl ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
