115
edits
Incidents: Difference between revisions
no edit summary
No edit summary |
|||
| Line 1: | Line 1: | ||
<nowiki><accesscontrol></accesscontrol></nowiki> | <nowiki><accesscontrol></accesscontrol></nowiki> | ||
[[File:Incidents list.png|thumb|600x600px]] | |||
Incidents are just to alarm the user when configured events appear, usually for traffic based rules, but also for system-specific events. | Incidents are just to alarm the user when configured events appear, usually for traffic based rules, but also for system-specific events. | ||
| Line 8: | Line 8: | ||
=== 1. Rule configuration === | === 1. Rule configuration === | ||
[[File:Incidents rules.png|thumb|600x600px|Rule configuration]] | |||
Incident rules can be defined in the "Configuration of incident rules" tab in the menu "Generic -> Incidents". All changes to the rule configuration will only take affect after saving the current configuration by clicking on the save button at the bottom of the page. | Incident rules can be defined in the "Configuration of incident rules" tab in the menu "Generic -> Incidents". All changes to the rule configuration will only take affect after saving the current configuration by clicking on the save button at the bottom of the page. | ||
| Line 17: | Line 18: | ||
==== 1.1. Add/modify a rule ==== | ==== 1.1. Add/modify a rule ==== | ||
[[File:Incidents add rule.png|thumb|600x600px|Add rule dialog]] | |||
A rule is defined by the following settings: | A rule is defined by the following settings: | ||
| Line 164: | Line 166: | ||
=== 2. Channel configuration === | === 2. Channel configuration === | ||
[[File:Incidents channels.png|thumb|600x600px|Channel configuration]] | |||
Incidents can be reported on different channels. The configuration allows to add new channels so they can be selected in the rule configuration described above. | Incidents can be reported on different channels. The configuration allows to add new channels so they can be selected in the rule configuration described above. | ||
| Line 170: | Line 173: | ||
* email: Incidents will be sent to the email address configured in the [[Global settings]]. | * email: Incidents will be sent to the email address configured in the [[Global settings]]. | ||
* syslog: Incidents will be sent to the configured syslog server via TCP on port 514. | * syslog: Incidents will be sent to the configured syslog server via TCP on port 514. | ||
[[File:Incidents add channel.png|thumb]] | |||
Each channel also uses a minimum severity settings so only incidents are reported which are of at least that severity. | Each channel also uses a minimum severity settings so only incidents are reported which are of at least that severity. | ||
| Line 176: | Line 179: | ||
=== 3. Other incidents settings === | === 3. Other incidents settings === | ||
[[File:Incidents others.png|thumb|600x600px|Other incidents]] | |||
Incidents that cannot be configured separately via rules can be configured on this page. | Incidents that cannot be configured separately via rules can be configured on this page. | ||
=== 4. Occured incident view === | === 4. Occured incident view === | ||
This page shows up to the last 1000 incidents occurred on the system. The table can be filtered for specific severity levels, as well as for specific trigger sources by selecting the trigger from the drop down menu. | This page shows up to the last 1000 incidents occurred on the system. The table can be filtered for specific severity levels, as well as for specific trigger sources by selecting the trigger from the drop down menu. | ||
[[File:Incidents list filter.png|thumb|600x600px|Filter incidents by severity or trigger]] | |||
The list can also be filtered for the subject of the incident. | The list can also be filtered for the subject of the incident. | ||
| Line 188: | Line 192: | ||
=== 5. Rule statistics === | === 5. Rule statistics === | ||
[[File:Incidents stats.png|thumb|600x600px|Statistics about rules]] | |||
This page shows graphs about how often each rule has been hit both in absolute numbers as well as relatively to how often the rule has been checked. | This page shows graphs about how often each rule has been hit both in absolute numbers as well as relatively to how often the rule has been checked. | ||
=== 6. Incident list per measurement modules === | === 6. Incident list per measurement modules === | ||
Since incidents are triggered by different measurement modules (as indicate by the prefix of the trigger name, like the mac or ip module), the list of incidents from that specific module can also be seen in the corresponding tab of the measurement module for quicker access. This per-module view only lists those incidents coming from that module, all other potential incidents are hidden and must be accessed in their corresponding module page, or in the global view in the "Generic -> Incident" menu. | Since incidents are triggered by different measurement modules (as indicate by the prefix of the trigger name, like the mac or ip module), the list of incidents from that specific module can also be seen in the corresponding tab of the measurement module for quicker access. This per-module view only lists those incidents coming from that module, all other potential incidents are hidden and must be accessed in their corresponding module page, or in the global view in the "Generic -> Incident" menu. | ||