59
edits
Incidents: Difference between revisions
Jump to navigation
Jump to search
added the aggregation-feature to the documentation.
Tom.Wegener (talk | contribs) (added the aggregation-feature to the documentation.) |
|||
| Line 1: | Line 1: | ||
[[File:Incidents_list.png|alt=|none|thumb|800x800px|Incident page]] | [[File:Incidents_list.png|alt=|none|thumb|800x800px|Incident page]] | ||
Incidents are used to alarm the user when configured network events occur, usually for traffic based rules, but also for system-specific events. These notifications can be viewed in the web GUI and may also be delivered by email or syslog. Repeating incidents are counted as such and the time of the first and last occurrence of an incident is remembered. What makes an incident unique depends on the type of incident. | Incidents are used to alarm the user when configured network events occur, usually for traffic based rules, but also for system-specific events. These notifications can be viewed in the web GUI and may also be delivered by email or syslog. Repeating incidents are counted as such and the time of the first and last occurrence of an incident is remembered. This feature can be disabled for some incidents. What makes an incident unique depends on the type of incident. | ||
The incident feature allows to define rules which are checked on the configured trigger point, like when a connection ends, a SIP call ends, or for checks on ongoing traffic. When such a trigger hits, configurable traffic attributes will be checked and if all attributes of a rule matches, an incident is created. | The incident feature allows to define rules which are checked on the configured trigger point, like when a connection ends, a SIP call ends, or for checks on ongoing traffic. When such a trigger hits, configurable traffic attributes will be checked and if all attributes of a rule matches, an incident is created. | ||
| Line 39: | Line 39: | ||
* Virtual link group, IP and IP filter can also be used inversely by using the != comparator | * Virtual link group, IP and IP filter can also be used inversely by using the != comparator | ||
* Report channel: Incidents are always visible in the web interface, but can also be reported via multiple channels which can be configured separately in the tab "Configuration of notification channels". Up to ten channels can be selected so that the incident for this rule is reported on each channel. Also, no channel can be configured so the incident is only accessible on the web interface. | * Report channel: Incidents are always visible in the web interface, but can also be reported via multiple channels which can be configured separately in the tab "Configuration of notification channels". Up to ten channels can be selected so that the incident for this rule is reported on each channel. Also, no channel can be configured so the incident is only accessible on the web interface. | ||
* Aggregation: Incidents are aggregated by default. This means the table only shows the number of incidents of the type and the timestamps of the first and the last incident. This can be disabled for most of the incidents, so that you are able to see every indent of the incident-type. | |||
=== Available triggers === | === Available triggers === | ||