NetFlow users can view and NetFlow administrator can add, edit or delete alarms.
To configure NetFlow alarms, go to > Settings > NetFlow Settings > Alarms.
To add a new alarm in NetFlow Analyzer:
- Click Add
- Set Alarm information (name, description, level, scope, object and optionally mail-to recipients)
- Scope determines on which nodes an alarm will be applied: any or specific exporter, interface, subnet, Subnet Set or Traffic Pattern.
- Object determines what type of traffic will be matched against the alarm threshold criteria: total, interface, subnet, protocol, host, AS, conversation etc.
- Recipients list (optional) determines to whom will an email be sent if the alarm triggers. Only users with emails associated to their user account can be recipients.
- Set Alarm threshold.
Threshold can be in flows, packets or bits. It is possible to combine more threshold criteria by using AND, OR and NOT logical operands. - Click Save
Figure above shows an example of an Alarm. This alarms triggers if any host in the network has more than 6 kbps of Facebook traffic in 5 minutes. Facebook traffic is identified via Facebook Traffic Pattern. On alarm trigger an email will be sent to Winter Jon and Goldberg Dany.