Alert Profiles Management
An alert profile is created to set the thresholds for
generating alerts. The parameters to be set for creating an alert
profile are;
- Interfaces/ IP Groups / Interface Group - The list
of interfaces/ IP Groups / Interface Group whose bandwidth utilization
must be watched
- Traffic pattern - The traffic to be watched - In
Traffic, Out Traffic or a Combination of both
- Application / Port(s) - You can watch the traffic
through all the applications or from a particular application.
Similarly, through a single port or a range of ports
- Threshold Settings - It has 3 settings namely %
utilization, no. of times, and duration.
- % Utilization - When the utilization exceeds
this limit, it is noted
- No. of time - The number of times the
utilization can be allowed to exceed the threshold before an alert is
raised
- Duration - The time period within which, if the
threshold is exceeded the specified number of times - an alert is
created(generated)
Netflow Analyzer calculates the bandwidth utilization of the
specified interfaces/ IP Groups / Interface Group every minute. If the
utilization exceeds the threshold value, the time when it exceeded is
noted. Subsequently when it exceeds, the corresponding times are noted.
If the number of times the utilization exceeds the specified limit, in
the specified time duration, an alert is generated. When an alert is
generated, you can also send an email to one / more people or send an
SNMP trap to a manager application.
The Alert Profile Management option lets you
create new alert profiles and manage existing ones (Modify or Delete). The Alert
Profiles page lists all existing alert profiles, along with the number
of alerts generated for each profile. The application comes loaded with
a preconfigured alert that can trigger an email alert when a link goes
down or when there are no flows for more than 15 minutes.
The various columns displayed in the Alert Profiles page are
described in the table below:
Column |
Description |
Name |
The name of the alert profile when it was created.
Click on the alert profile's name to see more information about the
alert profile. |
Description |
Descriptive information entered for this alert profile
to help other operators understand why it was created.
|
Category |
The category defines, to what type of alert an alert
profile belongs to. The pre-loaded and pre-configured "Link Down" alert
belongs to the "Link Status" category. All other alerts created by the
user fall under the "Utilization"category.
|
Status (Enabled/Disabled) |
This lists whether an alert profile is currently
enabled or disabled. Click the icon to disable an alert profile. When
this is done, alerts will no longer be generated for that alert
profile. Click the icon to enable the alert. The
Link Status alert becomes enabled only after the mail server settings
have been set. |
Last Hour Alerts |
Lists the number of alerts generated for this alert
profile in the last one hour. Colors are used to represent the number
of alerts generated with each severity level. Red - Critical, Orange -
Major, Yellow - Warning, and White - All. Click on each color to see
the list of alerts generated with that severity. |
All Alerts |
Lists the total number of alerts generated for this
alert profile. Colors are used to represent the number of alerts
generated with each severity level. Red - Critical, Orange - Major,
Yellow - Warning, and White - All. Click on each color to see the list
of alerts generated with that severity. |
Clear |
Click the icon to clear all alerts generated for this
alert profile |
Alerts List
The Alerts List is displayed when you click on any color
against an alert profile in the Alert Profiles page, or from any link
in the Generated Alerts box on the left pane. The
list shows the alerts that were generated with the respective severity,
along with the device that generated the alert, the time the alert was
generated, and an option to view more details about the alert.
Click the Details link in the View column
against an alert to view detailed information about the alert. The
pop-up that opens up, shows the traffic graph outlining
traffic values ten minutes before and after the alert was generated,
along with details on top
applications, sources,
destinations, and conversations
recorded during that time interval.
Link Down Alert
This is a preconfigured alert to send an email when the link
goes down or when there are no flows for more than 15 minutes. By
default this profile is disabled. This is similar to other alerts that
are manually configured except that it can't be deleted. It is possible
to have emails sent by this alert whenever no flows are received for
over 15 minutes. It becomes activated only after the mail server
settings are configured.
Operations on Alert Profiles
You can create new alert profiles, modify, or delete existing
ones from the Alert Profiles page.
Creating a new Alert Profile
 |
Remember to set the active timeout value
on the router to 1 minute so that alerts are
generated correctly. Refer the Cisco commands
section for more information on router settings. |
The steps to create an Alert Profile are:
- Login to the NetFlow Analyzer client and click "Alert
Profile Management" under "Admin Operations" in the left
panel
- Click "Add" to add a new Alert Profile
- Fill in the following details
Field |
Description |
Alert Profile Name |
Enter a unique name to identify this alert profile |
Description |
Enter descriptive information for this alert profile
to help other operators understand why it was created.
|
Select Source |
By default all Interfaces / IP Groups/ Interface
Group sending NetFlow exports are selected. If you want this alert
profile to apply to certain interfaces/ ip groups / Interface Groups
only, click the Modify Selection link. In the
pop-up window, select the required devices and interfaces or select the
IP Group Names and click Update to save your changes. |
Define Alert Criteria |
Select whether alerts need to be generated based on
incoming traffic, outgoing traffic, or both. The default setting is for
both(combined). |
Then select the application / port for which the
alert has to be generated. This criteria can be very general - Any
application traffic can be profiled - or it can be highly specific -
Generate the alert only when a specific application, protocol, and/or
port is used. To identify the overall link utilization the "No
Criteria" option has to be chosen |
Define Threshold and Action |
Enter the threshold conditions (threshold
utilization, no. of times it can exceed and the time duration)
exceeding which the alert will be generated. You can also specify an
action to be taken during the alert creation.
- Email - to send a notification
to one or more people.
- SNMP Trap - to send a trap to the
manager application (specify the <server
name>:<port>:<community>). For details on configuring
trap forwarding, refer to SNMP Trap Forwarding
section under Appendix
To add more threshold values, click 'Add Row' and
add values
|
Business Hour Alerts
|
This option enables
alerting only during the configured time range of a day.
Alerts will not be generated outside this time range.
|
Customizing from address:
You can customize the "From Address" from the mail server
settings in Settings page.
- After setting the required thresholds, click 'Save'
The new alert profile is created and activated. The system
watches the utilization and raises alarms when the specified conditions
are met.
 |
Only one alert is generated for a specified time
duration. For example, say for a particular interface, the threshold is
set as 60% and number of times is set as 3 times and the time duration
is set as 30 minutes. Now lets assume that the utilization in that
interface goes above 60% and stays above it. Then in 3 minutes, the
above conditions will be met and an alert will be generated. The next
alert will NOT be generated after 6 minutes, but only in the 33rd
minute, if the condition persists. Thus for the specified 30 minutes
time duration, only one alarm is generated. This is designed to avoid a
lot of repetitive mail traffic. |
Modifying or Deleting Alert Profiles
Select an alert profile, and click on Modify
to modify its settings. You can change all of the alert
profile's settings except the profile name. However, it is possible
to modify the "Link Down" alert profile's name. There is also an option
to clear details of all alerts created for this profile from this page
itself. Once you are done, click Save to save your
changes.
Select an alert profile, and click on Delete
to delete the profile. Once an alert profile is deleted, all alerts
associated with that profile are automatically cleared. However it is
not possible to delete the "Link Down" alert profile
|