Rivalino Matias Jr. wrote: > Is ntop/utils/rrd-alarm an ongoing project ? > I don';t have time for it. If you have time you can take it over.
Luca > []s. > > -----Mensagem original----- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Luca > Deri > Enviada em: quarta-feira, 14 de fevereiro de 2007 06:04 > Para: [email protected] > Assunto: Re: [Ntop] Automated actions? Was: filter expression question > [newbie] > > > Gary, > the only way (as of today) to produce alarms is through an external tool > ntop/utils/rrd-alarm > or using tools like nagios and through the nagios rrd-plugin set > thresholds on ntop-generated rrds. > > If you're interested I would appreciate if you want to contribute in > this area of ntop development. > > Cheers, Luca > > Gary Gatten wrote: > >> To my knowledge nTop does NOT have any sort of notification engine built >> in - correct? So, if you want an automated action of some sort, such as >> an email, that would require custom code right? >> >> I noticed the SNMP plugin but have not looked at it. If the MIB is >> detailed enough, you could monitor the nTop data with an SNMP manager >> and use the SNMP manager to send events when a given threshold or policy >> is violated. >> >> One simple (I assume) automated action would be the host flags. If the >> code is already there to detect traffic on odd ports and high numbers of >> connections, then it "should" be pretty easy to launch an external >> process (email?) in addition to setting the host flag status? >> >> Gary >> >> >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> Luca Deri >> Sent: Tuesday, February 13, 2007 2:27 AM >> To: [email protected] >> Subject: Re: [Ntop] filter expression question [newbie] >> >> Gene, >> ntop accepts BPF filters (do man tcpdump) >> >> Regards, Luca >> >> Gene Anderson wrote: >> >> >>> Good day. I'm new to using ntop and have been using it to monitor some >>> site uplinks - very handy tool. I am hoping to find out if ntop can >>> >>> >> send >> >> >>> email alerts if specific traffic is detected, like say a port scan or >>> >>> >> if a >> >> >>> client is doing a massive DoS attack, etc. >>> >>> So I tried adding: >>> >>> -B "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit 10 action >>> >>> >> alarm >> >> >>> rearm 90" >>> >>> and >>> >>> --filter-expression "icmp ping-flood ICMP_ECHO any/any pktcount > 30 >>> >>> >> unit >> >> >>> 10 action alarm rearm 90" >>> >>> and neither expression works in my /etc/ntop.conf config file. I'm new >>> >>> >> to >> >> >>> using Linux and even newer still to stuff like ntop and I know enough >>> >>> >> to >> >> >>> be dangerous. So I'm not sure what I'm doing wrong. Can someone please >>> point out what I'm sure is obvious and tell me what I'm doing wrong in >>> trying to have ntop filter expressions? TIA. >>> >>> >>> Gene Anderson >>> Computer Technician, Microsoft Certified Professional >>> Pembina Hills Regional Division No.7 >>> Phone: (780) 674-8535 ext 6860 >>> email: [EMAIL PROTECTED] >>> >>> "Passwords are like bubble gum, strongest when fresh, should never be >>> used by groups and create a sticky mess when left laying around" >>> >>> -anon >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> >>> >> >> > > > -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ skype://lucaderi/ Don't be encumbered by past history. Go off and do something wonderful - Robert Noyce _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
