The NetScope alerting function lets you know when your network behaves in a particular way that is undesirable. For example, say you have a 100 Mb link and that you generally see spikes of traffic that max out the link, but mostly the traffic is under 20 Mb. So it might be important to see if there is a sudden spike of over 70 Mb of traffic, because that is not the type of traffic that you would expect on your network. With the NetScope you can set up an alert to notify you if you get traffic of this nature. To set up an alert of this type use the following example.
1. Select the ‘Alerts’ tab from the top menu (second on the left). Here you will be presented with the alerts page, which will list the alerts that are created for your link.
2. Click ‘Edit Mode’ on the top left-hand side of the side bar (under ‘Interactive Reports’).
3. Click ‘New’ to create a new alert. This will present you with the alert editing screen. In the centre of the window you will see that you can now enter details for the alert that you want.
4. Choose what you want your ‘Alert Name’ to be, we will call ours “Maxed Out Link”.
Note: The ‘Switch on’ checkbox is checked by default, meaning that when you complete the steps the alert will go live.
5. The ‘Health Indicator’ drop-down menu gives the option of the alert type. The alert type reflects the ‘Network Health’ indicator on the top right hand section of the web interface. If all is good, the ‘Network Health’ will show a green light, if you’re alert is triggered it will change to the ‘Health Indicator’ that you have selected. We selected ‘Flashing Red’ in this example.
Next we are going to create the alert ‘Type’. For this example we want to alert on spikes in traffic, which can indicate to us that something abnormal is happening on the network that we need to know about.
6. In the ‘Type’ drop-down list, select ‘Spikes in Traffic’. The parameters below will now change to reflect the information that you need to enter for that option.
7. Choose the ‘Threshold Type’ from the drop-down list, which will either be a static ‘Value’ or a percentage of the minimum SLA, or maximum SLA. We will select for this example a ‘% of Max SLA’.
8. In our example, we are interested in traffic spikes that go over 70% of the total SLA size.
9. ‘No. Of spikes’ indicates the number of times traffic is allowed to spike at the limit you have set before it triggers the alarm.
10. ‘Within period’, if the number of spikes is more than 1, say ‘3’, then 3 spikes have to occur within the period that you set before the alarm is triggered. We have set ours to 1.
11. ‘Length of spike’ is the duration of the spike. We have set our duration to 1 minute.
12. Because traffic rarely travels at a consistent speed, even if our link is maxed out at 100 Mb it will unlikely be so continuously, this is where we use the ‘average over’ time period. If we set the time to equal ‘10 seconds’ it will average the traffic (which is in one second increments) over 10 seconds, and if that is 70% of the link, or over, it will match the condition.
13. Now we have completed the ‘Summary’ tab, click the ‘Next’ button.
Now we move onto the ‘Target’ screen, this is where we set which traffic class we want to match on. In our example we will use the entire Link on the ‘Inbound’ direction.
14. Set ‘Traffic Direction’ to ‘Inbound’ in the drop-down menu list.
15. You then need to choose ‘Traffic Selection By’ which can be either the ‘Individual’, ‘Selection of Classes’, ‘Matching Class Name Mask’, ‘Including Children’ or ‘Including Descendants’. In our case we want to match on the ‘Individual’ as we are going to match of the entire ‘Link’.
16. In ‘Class Name’ we will select ‘Link’.
Note: Using the ‘Use Detailed Selection’ will enable us to match on ‘Source Address’, ‘Destination Address’, ‘Source Port’, ‘Destination Port’ and ‘Protocol’. However, often these rules are already set up in your ‘Traffic Classes’, so you would just need to choose your traffic class name.
17. Click the ‘Next’ button.
This will take us to the ‘Schedule’ section.
18. Choose the ‘Always Active’ checkbox.
19. Click the ‘Next’ button.
Note: You can also schedule your Alerts to run during any time period if you ‘uncheck’ the ‘Always Active’ checkbox. For this example we want the alert to always be active.
The final tab ‘Action’ is where we define how the alert is reset and who is notified when the alert is triggered.
20. In the ‘Reset’ drop-down box we will select ‘After Waiting’. This will give us the ‘Reset Wait Period’ time variable.
21. We will set the time variable to 15 minutes. This means that the alert won’t keep triggering while the condition is active. You will only get one alert every 15 minutes.
22. In the ‘Notification’ section we will input the information we want to send when the alert is triggered. Name is the name of the alert (Subject of Email)
23. ‘Message’ is the body of the email text. Use this to explain the alert in more detail.
24. ‘Address’ is the email address you want to send the alert to.
25. Click ‘Save’ and the alert will go live.
Note: In order for Alerts to be able to send emails you will need to set up your SMTP (Email) settings in the ‘Configuration’ -> ‘Mail’ settings. Instructions on doing that is here:
Now we have set up an alert to trigger if our network bandwidth exceeds 70% of our link. We will now get an email to alert us that the undesirable network conditions have been met and have triggered our warning.