Referencing a View when setting up an Alert

[lucas.shelton]

I created a View using a limiter of a bunch of different ports we want to monitor (potentially malicious). In the View you specify which Source to associate the view with. When setting up an alert, I can reference the View just fine but it still makes me select the Source also. Why the redundancy if I've already referenced the Sources in the View I want? My goal is to alert if any number of ports have more than X amount of flows to them.

[eloyd]

My guess is because you are putting NNA through its paces and finding bugs and/or deficiencies that others haven't found yet. This would be the third that you've posted about, if I'm not mistaken, and I want to say "good job" and hope you continue to do so.

Having said that, I think you've found another issue that should be reported.

[lucas.shelton]

Also if I select a source group while setting up an alert, it doesn't give me the option to select a view. I'm wondering if I select one of my sources and reference the view that includes all sources if it will still alert on all devices referenced in that view?

[lucas.shelton]

Also when setting up the Alert and referencing a View on the first page, why even have the gray section in Step 2? This portion will actually negate the View I am referencing due to the "And" part. It needs to be able to either be bypassed when selecting a view or have an "Or" option alongside the "And." For instance, I want it to alert if port 137 or port 138 or port 139 exceed X amount of flows.

[lucas.shelton]

Also when I setup a view that references the source group and later go into edit that view, the "Source" button is marked instead of the "Sourcegroup" button. However the correct source group is still appearing in the drop down box.

[lmiltchev]

What is the Nagios Network Analyzer version that you are currently using? Can you show us a few screenshot with the errors that you are seeing?

[lucas.shelton]

See attached Word doc with screen shots. We are using 2R1.0.

[jdalrymple]

Hi lucas.shelton

I want to put in a bug report for this, however I want to know if you and are seeing this in the same way.

It's my opinion that instead of having the view dropdown when the source radio button is selected, we should actually just have a view radio button on its own, then source should just allow you to select only sources.

Make sense? Do you agree?

[lucas.shelton]

Makes sense. Also on step 2 I would like to be able to not have to put stuff in there when using a view because I've already identified what I'm looking for in a view.

[jdalrymple]

Also on step 2 I would like to be able to not have to put stuff in there when using a view because I've already identified what I'm looking for in a view.

Optional though right? Views aren't expressly intended for alerts, so possibly some people would want to still narrow down their interesting traffic more?