115
edits
Incidents: Difference between revisions
no edit summary
No edit summary |
|||
| Line 1: | Line 1: | ||
<nowiki><accesscontrol></accesscontrol></nowiki> | <nowiki><accesscontrol></accesscontrol></nowiki> | ||
[[File:Incidents_list.png|alt=|none|thumb|800x800px|Incident page]] | [[File:Incidents_list.png|alt=|none|thumb|800x800px|Incident page]] | ||
Incidents are | Incidents are used to alarm the user when configured network events occur, usually for traffic based rules, but also for system-specific events. These notifications can be viewed in the web GUI and may also be delivered by email or syslog. Repeating incidents are counted as such and the time of the first and last occurrence of an incident is remembered. What makes an incident unique depends on the type of incident. | ||
The incident feature allows to define rules which are checked on the configured trigger point, like when a connection ends, a SIP call ends, or for checks on ongoing traffic. When such a trigger hits, configurable traffic attributes will be checked and if all attributes of a rule matches, an incident is created. | The incident feature allows to define rules which are checked on the configured trigger point, like when a connection ends, a SIP call ends, or for checks on ongoing traffic. When such a trigger hits, configurable traffic attributes will be checked and if all attributes of a rule matches, an incident is created. | ||
Occurred incidents can be seen in the web interface, and additionally reporting via email or syslog is possible too. | Occurred incidents can be seen in the web interface, and additionally reporting via email or syslog is possible too. | ||
The first occurrence of a medium or high severity incident will also trigger a status notification which is visible at the top right of the web GUI. | |||
Up to 1000 incidents will be remembered by the system and if this limit is exceeded the oldest incidents will be discarded. | |||
=== 1. Rule configuration === | === 1. Rule configuration === | ||
| Line 47: | Line 51: | ||
|- | |- | ||
|mac_new_address | |mac_new_address | ||
|This trigger is checked once when a new MAC address appears for the first time. | |This trigger is checked once when a new unicast MAC address appears for the first time. | ||
|optional | |optional | ||
|- | |- | ||
|mac_new_l7_protocol | |mac_new_l7_protocol | ||
|This trigger is checked when a MAC address uses a l7 protocol for the first time. | |This trigger is checked when a unicast MAC address uses a l7 protocol for the first time. | ||
|optional | |optional | ||
|- | |- | ||
| Line 67: | Line 71: | ||
|- | |- | ||
|ip_new_local_ip | |ip_new_local_ip | ||
|This trigger is checked once for each new | |This trigger is checked once for each new IP belonging to a private network address range. | ||
|optional | |optional | ||
|- | |- | ||
| Line 87: | Line 91: | ||
|- | |- | ||
|dns_server_not_responding | |dns_server_not_responding | ||
|This trigger is checked when a DNS server is not responding for some time. | |This trigger is checked when a DNS server is not responding for some time. A server is considered unresponsive when | ||
|optional | |optional | ||
|- | |- | ||