9.4. Flow Tracker Alerts
Trisul provides a powerful way to generate an alert when certain types of flow activity occurs. Also see Flow Trackers for instructions on using Flow Trackers which is a pre-requisite to creating Flow Tracker Alerts (this section).
The alerts
- show up on the Web Interface alert tracker (top right)
- can be sent in near real time (1-5 sec) via email or Text Message (SMS)
9.4.1 Applications
You can use flow tracking alerts to be notified when a number of things happen. Some typical examples are
- when anyone uploads anything over 10MB from your network
- when anyone establishes a long lived session more than 1 hour out of your network
- when anyone downloads anything over 1G into your network
9.4.2 Configuring
Select Alerts → Flow Tracking → Configure
or you can create Flow Tracker Tracker Alerts per probe.
Login as admin user to create Flow Tracker Alerts.
Select Context : default → profile0 → Flow Tracker Alerts
- Click on Create a new Flow Tracker Alert
| FieldName | Description |
|---|---|
| Name | A unique name for the alert |
| Flow Tracker | Which tracker, see section on Flow Trackers |
| Threshold Volume | Data or time threshold. Examples as 600KB, 10MB or just 600 |
| Alert Message | Message shown as part of the alert |
9.4.3 Viewing generated alerts
There are couple of ways to see flow alerts that fired.
Select Alerts → Flow Tracking
Select Dashboards → Alerts
9.4.4 Sending alerts by email
You can set up email alert delivery for flow trackers as described in the section Alerts via Email