52
edits
Incidents: Difference between revisions
Jump to navigation
Jump to search
m
→Available triggers: add geolocation triggers
| Line 144: | Line 144: | ||
(ip_flow_start) | (ip_flow_start) | ||
|This trigger checks the attributes whenever an IP flow starts. | |This trigger checks the attributes whenever an IP flow starts. | ||
|new_connections | |new_connections, geolocation | ||
|mandatory | |mandatory | ||
|- | |- | ||
| Line 289: | Line 289: | ||
** Server Failure: DNS responds server failure. | ** Server Failure: DNS responds server failure. | ||
* '''frames_lost''', '''frames_repeated''', '''frames_wrong_sequence''': Whether Profinet frames have been seen with problems in sequence. For loss the count of lost frames is calculated. | * '''frames_lost''', '''frames_repeated''', '''frames_wrong_sequence''': Whether Profinet frames have been seen with problems in sequence. For loss the count of lost frames is calculated. | ||
* '''geolocation''': checks if a country is part of the connection | |||
** '''Direction''': The direction of traffic | |||
*** ''from'': Traffic is coming ''from the'' specified country | |||
*** ''to'': Traffic is going ''to'' the specified country | |||
*** ''any:'' The specified country is on either side of the connection, or on neither side if the inequality is selected. | |||
* '''gps_sync_status''': 0 means that the GPS clock in not synchronized, 1 means that the GPS clock is synchronized. | * '''gps_sync_status''': 0 means that the GPS clock in not synchronized, 1 means that the GPS clock is synchronized. | ||
* '''handshake_time''': The TCP handshake time between the first SYN packet and the ACK packet for the SYN/ACK packet of the server. | * '''handshake_time''': The TCP handshake time between the first SYN packet and the ACK packet for the SYN/ACK packet of the server. | ||