Incidents: Difference between revisions

Incidents (view source)

221 bytes added , 8 August 2023

no edit summary

340

edits

@@ Line 150: / Line 150: @@
 (ip_flow_end)
 |This trigger checks the attributes whenever an IP flow ended.
-|total_packets, total_bytes, tcp_handshake_time, percent_retransmissions, zero_window_packets, duration
+|total_packets, total_bytes, tcp_handshake_time, percent_retransmissions, zero_window_packets, duration, l7_protocol
 |mandatory
 |-
@@ Line 171: / Line 171: @@
 |optional
 |-
-|IP: New local L7 protocol<br>
+|IP: New L7 protocol<br>
-(ip_new_local_l7_protocol)
+(ip_new_l7_protocol)
-|This trigger is checked once for each new l7 protocol used by a local IP.
+|This trigger is checked once for each new l7 protocol used by an IP.
-|since_start_time
+|since_start_time, local_ip, l7_protocol
 |optional
 |-
@@ Line 317: / Line 317: @@
 ** ''RTP: Traffic for RTP connections'': The average jitter of the RTP connection for the given timespan, using the maximum value of both directions.
 * '''l4_protocol''': The layer 4 protocol. Can be TCP, UDP or other.
+* '''l7_protocol''': The layer 7 protocol short name. Can also be a list, e.g. "HTTP, SSH, DHCP"
+* '''local_ip''': Whether the IP is local (10/8, 172.16/12, 192.168/16, 169.254/16, fe80::/10, fc00::/7)
 * '''link_speed_difference''': This is the absolute difference between the speeds of both interface of a link in Mbit/s.
 * '''mac_count''': The number of different MAC addresses for the corresponding IP address.