547
edits
Incidents: Difference between revisions
→Interface burst incident
| Line 428: | Line 428: | ||
Some incidents cannot be configured via rules and you can choose to get those incidents also via email by enabling the settings at the lower part of the settings page. | Some incidents cannot be configured via rules and you can choose to get those incidents also via email by enabling the settings at the lower part of the settings page. | ||
== Interface burst incident == | == Other settings == | ||
=== Interface burst incident === | |||
[[File:Incidents others.png|thumb|600x600px|Other incidents]] | [[File:Incidents others.png|thumb|600x600px|Other incidents]] | ||
Burst incidents with milli-second resolution can be generated when the interface throughput exceeds a configurable threshold. The incident contains a graph of traffic for that interface with some data points before and after the threshold has been exceeded depending on the measurement interval. A PCAP link for capturing from the packet ring buffer is shown. For further investigation of that incident, the button "Use as global time range" can be used to set the global range to the start and end of the incident graph (at least 5 seconds) so that all modules of the Allegro Network Multimeter show that time span. The incident generation can be configured as follows: | Burst incidents with milli-second resolution can be generated when the interface throughput exceeds a configurable threshold. The incident contains a graph of traffic for that interface with some data points before and after the threshold has been exceeded depending on the measurement interval. A PCAP link for capturing from the packet ring buffer is shown. For further investigation of that incident, the button "Use as global time range" can be used to set the global range to the start and end of the incident graph (at least 5 seconds) so that all modules of the Allegro Network Multimeter show that time span. | ||
The incident generation can be configured in the "Other settings" tab as follows: | |||
* '''Report "throughput threshold exceeded" with severity''': report an incident with the selected severity level if the throughput of any network interface exceeded. | * '''Report "throughput threshold exceeded" with severity''': report an incident with the selected severity level if the throughput of any network interface exceeded. | ||
* '''Throughput threshold (Mbit/s)''': The threshold is configured in Mbit/s. | * '''Throughput threshold (Mbit/s)''': The threshold is configured in Mbit/s. | ||
* '''How long throughput must be above threshold to generate incident (in milliseconds)''': The throughput must exceed the threshold for this duration in order to generate the incident. If set to zero (default) the incident is generated immediately after the threshold has been exceeded. | * '''How long throughput must be above threshold to generate incident (in milliseconds)''': The throughput must exceed the threshold for this duration in order to generate the incident. If set to zero (default) the incident is generated immediately after the threshold has been exceeded. | ||
* '''Throughput cool-down period between two incidents in milliseconds''': Defines the time after an incident where no new incident is generated even if the threshold is exceeded. If this period is passed, throughput incidents could be generated again. | * '''Throughput cool-down period between two incidents in milliseconds''': Defines the time after an incident where no new incident is generated even if the threshold is exceeded. If this period is passed, throughput incidents could be generated again. | ||
=== Generic incident settings === | |||
This section allows to modify generic settings regarding the incident feature: | |||
* '''Maximum number of stored incidents''': This value defines how many incidents are stored before old incidents are removed. Increasing this value also increased the amount of memory reserved for this feature. The corresponding value for the active setting is shown below, changing the configuration value requires a restart of the packet processing to take affect. | |||
== Occured incidents == | == Occured incidents == | ||