Our previous blog was about various alerts in NetFlow Analyzer. In this blog we will discuss the alerting mechanism in NetFlow Analyzer.
Network Administrators managing any corporate network would very well know the average bandwidth utilization of their critical server. A web server hosted on a network is often a target for attackers especially when there is heavy traffic from various offenders, the bandwidth utilization of web server will surpass acceptable threshold levels. The Administrator needs an alert when this anomaly occurs on the network. This is where NetFlow Analyzer Alerting mechanism comes in handy.
In the earlier versions, the IP grouping feature of NetFlow Analyzer was used in which the network Administrator could group IP Addresses/Network or an IP range and monitor traffic. It was possible to create an alert profile based on these IP groups. Knowing that 40 to 50 % is the average bandwidth utilization(for example), he could create an alert in such a way that when the bandwidth utilization by an IP group exceeds 60 % for 5 times within 60 minutes will get an alert. NetFlow Analyzer calculates the bandwidth utilization of the specified IP Group every minute. If the utilization exceeds the threshold value, the time when it exceeded is noted. Subsequently when it exceeds, the corresponding timings are noted. If the number of times the utilization exceeds the specified limit, in the specified time duration, an alert is generated.
With the combination of Alert Profile and IP group, network Administrator will be able to keep track of hosts targeting the web server and thus helping them to take necessary action.
NetFlow Analyzer version 9 with enhanced per IP address based alert allows Administrators to directly create an Alert profile in such a way that if the traffic utilization for an IP address/IP range/IP Network on interface or IP group exceeds specified value, NetFlow Analyzer sends an alert with the PDF report.
So, it is not mandatory to create an IP group and associating them with Alert Profile to monitor per IP address traffic utilization. It is possible to create an alert profile directly to get traffic alerts on an individual IP address basis .
In the above mentioned, network Administrators can create an Alert profile in such a way that utilization of Web Server IP address utilization goes above 60 % on the WAN interface. NetFlow Analyzer will send an alert with the PDF report showing Top 10 Application, Source, Destination etc.
Using Alerting mechanism in NetFlow Analyzer, the administrator can be aware of what is happening in their network. This feature facilitates enhanced network visibility which is very important for a network administrator.
Thanks and Regards
Praveen Kumar
Download | Interactive Demo | Product overview video | Twitter | Customers|Bandwidth Monitoring | Network Security | CBQoSMonitoring |
lan traffic analysis | network traffic analyzer | traffic analyzer | network traffic monitor | network analysis tools | network performance analysis
Hey Brother,
can you tell us ,if i have 1 Pool /24 (range 10.1.1.1 to 10.1.1.253 ) and I defined it into IP Group and Alert profile but i faced one problem in this ,When DDos has observed in this pool ,it cannot email us specific destination IP or alert . it shows Whole ip pool alert just .I Need Only One DDOS affected IP ….
Kindly giude us .. We have 3 IP pools ..can i defined in IP group on Single IP Monitroning ??????????