Alert Profiles Management


 

An alert profile is created to set the thresholds for generating alerts. The parameters to be set for creating an alert profile are;

Netflow Analyzer calculates the bandwidth utilization of the specified interfaces/ IP Groups / Interface Group every minute. If the utilization exceeds the threshold value, the time when it exceeded is noted. Subsequently when it exceeds, the corresponding times are noted. If the number of times the utilization exceeds the specified limit, in the specified time duration, an alert is generated. When an alert is generated, you can also send an email to one / more people or send an SNMP trap to a manager application.

 

The Alert Profile Management option lets you create new alert profiles and manage existing ones (Modify or Delete). The Alert Profiles page lists all existing alert profiles, along with the number of alerts generated for each profile. The application comes loaded with a preconfigured alert that can trigger an email alert when a link goes down or when there are no flows for more than 15 minutes.

 

The various columns displayed in the Alert Profiles page are described in the table below:

 

Column Description
Name The name of the alert profile when it was created. Click on the alert profile's name to see more information about the alert profile.
Description

Descriptive information entered for this alert profile to help other operators understand why it was created.

Category

The category defines, to what type of alert an alert profile belongs to. The pre-loaded and pre-configured "Link Down" alert belongs to the "Link Status" category. All other alerts created by the user fall under the "Utilization"category.

Status (Enabled/Disabled) This lists whether an alert profile is currently enabled or disabled. Click the alert icon to disable an alert profile. When this is done, alerts will no longer be generated for that alert profile. Click the Disabled alert icon to enable the alert. The Link Status alert becomes enabled only after the mail server settings have been set.
Last Hour Alerts Lists the number of alerts generated for this alert profile in the last one hour. Colors are used to represent the number of alerts generated with each severity level. Red - Critical, Orange - Major, Yellow - Warning, and White - All. Click on each color to see the list of alerts generated with that severity.
All Alerts Lists the total number of alerts generated for this alert profile. Colors are used to represent the number of alerts generated with each severity level. Red - Critical, Orange - Major, Yellow - Warning, and White - All. Click on each color to see the list of alerts generated with that severity.
Clear Click the icon to clear all alerts generated for this alert profile

 

Alerts List

The Alerts List is displayed when you click on any color against an alert profile in the Alert Profiles page, or from any link in the Generated Alerts box on the left pane. The list shows the alerts that were generated with the respective severity, along with the device that generated the alert, the time the alert was generated, and an option to view more details about the alert.

 

Click the Details link in the View column against an alert to view detailed information about the alert. The pop-up that opens up, shows the traffic graph outlining traffic values ten minutes before and after the alert was generated, along with details on top applications, sources, destinations, and conversations recorded during that time interval.


Link Down Alert

This is a preconfigured alert to send an email when the link goes down or when there are no flows for more than 15 minutes. By default this profile is disabled. This is similar to other alerts that are manually configured except that it can't be deleted. It is possible to have emails sent by this alert whenever no flows are received for over 15 minutes. It becomes activated only after the mail server settings are configured.

Operations on Alert Profiles

You can create new alert profiles, modify, or delete existing ones from the Alert Profiles page.

Creating a new Alert Profile

Important Remember to set the active timeout value on the router to 1 minute so that alerts are generated correctly. Refer the Cisco commands section for more information on router settings.

 

The steps to create an Alert Profile are:

  1. Login to the NetFlow Analyzer client and click "Alert Profile Management" under "Admin Operations" in the left panel 
  2. Click "Add" to add a new Alert Profile 
  3. Fill in the following details
    Field Description
    Alert Profile Name Enter a unique name to identify this alert profile
    Description

    Enter descriptive information for this alert profile to help other operators understand why it was created.

    Select Source By default all Interfaces / IP Groups/ Interface Group sending NetFlow exports are selected. If you want this alert profile to apply to certain interfaces/ ip groups / Interface Groups only, click the Modify Selection link. In the pop-up window, select the required devices and interfaces or select the IP Group Names and click Update to save your changes.
    Define Alert Criteria Select whether alerts need to be generated based on incoming traffic, outgoing traffic, or both. The default setting is for both(combined).
    Then select the alert criteria for which the alert has to be generated. The criteria can be based on application, protocol, DSCP or IP address. To identify the overall link utilization the "No Criteria" option has to be chosen
    Define Threshold and Action Enter the threshold conditions like utilization, volume, speed, and packet, which on exceeding the threshold limit alerts will be generated. You can also specify an action to be taken during the alert creation.

      -  Email  - An email notification with customizable subject, along with a PDF attachment, to one or more people.

      -  SNMP Trap - to send a trap to the manager application (specify the <server name>:<port>:<community>). For details on configuring trap forwarding, refer to SNMP Trap Forwarding section under Appendix

    To add more threshold values, click 'Add Row' and add values

     

    Customizing from address:


    You can customize the "From Address" from the mail server settings in Settings page.

  4. After setting the required thresholds, click 'Save

The new alert profile is created and activated. The system watches the utilization, volume, speed, and packets, and raises alarms when the specified conditions are met. 

Note Only one alert is generated for a specified time duration. For example, say for a particular interface, the threshold is set as 60% and number of times is set as 3 times and the time duration is set as 30 minutes. Now lets assume that the utilization in that interface goes above 60% and stays above it. Then in 3 minutes, the above conditions will be met and an alert will be generated. The next alert will NOT be generated after 6 minutes, but only in the 33rd minute, if the condition persists. Thus for the specified 30 minutes time duration, only one alarm is generated. This is designed to avoid a lot of repetitive mail traffic.

Modifying or Deleting Alert Profiles

Select an alert profile, and click on Modify to modify its settings. You can change all of the alert profile's settings except the profile name. However, it is possible to modify the "Link Down" alert profile's name. There is also an option to clear details of all alerts created for this profile from this page itself. Once you are done, click Save to save your changes.

 

Select an alert profile, and click on Delete to delete the profile. Once an alert profile is deleted, all alerts associated with that profile are automatically cleared. However it is not possible to delete the "Link Down" alert profile

 

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine