Page 1 of 1
Help setting up an alert
Posted: Thu Oct 08, 2015 9:51 am
by lucas.shelton
I've created a bunch of views that are basically subnets of different types of users. I am trying to set up an alert that is tied to a view, that triggers on X amount of flows. Associating it with a view is simple I can do that. What I can't figure out is why the amount of flows never exceeds 1 when I create the alert. The specific view I am querying has 5 /22's in it, and when I click on the source then filter by view I see tons of flows, but in the alerting only 1 flow shows up.
Re: Help setting up an alert
Posted: Thu Oct 08, 2015 5:08 pm
by ssax
What do you have defined for the warning and critical threshold? Can you send us a screenshot of your step 2 page of the alert setup?
Thank you
Re: Help setting up an alert
Posted: Fri Oct 09, 2015 8:08 am
by lucas.shelton
See attached.
Re: Help setting up an alert
Posted: Fri Oct 09, 2015 10:37 am
by lucas.shelton
Also if I'm using a view in my alert, why do I still need to specify IP information on the next page? I've already specified the IP information in my view. Either way I can't get it to alert on flow count no matter what I try. It only ever says there is 1 flow for that whole subnet I'm trying to alert on. Weird.
Re: Help setting up an alert
Posted: Fri Oct 09, 2015 10:47 am
by lucas.shelton
See attached, it has three screenshots. The first screenshot is from Sources->Click on Source then display the view. It shows thousands of flows. The second screen shot is from the "Alerting" page and shows that check having zero flows. The third screen shot shows the "Edit" of that particular check, showing that it is using that View.
Re: Help setting up an alert
Posted: Fri Oct 09, 2015 2:08 pm
by lmiltchev
We have an internal bug report already filed to our system (Task ID 6371), which is related to the issue that you are having.
Re: Help setting up an alert
Posted: Mon Oct 12, 2015 11:20 am
by lucas.shelton
lmiltchev wrote:We have an internal bug report already filed to our system (Task ID 6371), which is related to the issue that you are having.
How long will it take to get fixed? This was the one feature that we really needed Nagios NA for.
Re: Help setting up an alert
Posted: Mon Oct 12, 2015 4:39 pm
by tmcdonald
Unfortunately it's somewhat out of our hands once it is in the Dev task list. I can ask for an ETA, but aside from adding a +1 (or asking nicely) we don't have much sway over what gets fixed or when.
Re: Help setting up an alert
Posted: Tue Oct 13, 2015 11:25 am
by lucas.shelton
I've just figured out that this problem persists regardless of what you analyze traffic for. It's not accurate for Packets, Bytes, or Bytes/Second. I've tried it with everything.
Re: Help setting up an alert
Posted: Tue Oct 13, 2015 4:44 pm
by hsmith
I've added this to the bug report. Thank you for the information.