13.6. Configuring action on events in sFlowTrend-Pro

Select the Configure events menu item to launch the Configure events dialog. This dialog allows you to configure automatic actions when sFlowTrend-Pro raises an event.

The Edit action on event dialog allows you to add new actions by clicking on the Add action button and edit an existing action, by clicking on the edit symbol, . When you add or edit an action the Edit action on event dialog is displayed.

This dialog allows you to specify a specific action when certain event criteria are met.

To configure the event criteria, first select an event Type. You can select All, Threshold, System or Scheduled report event types. Once you have selected an event type, you can then select other criteria specific to that type. For all event types, you can select the event Severity when an action will be performed. For the Threshold event type you can select additional event criteria, specific to threshold events. Similarly, for Scheduled report events there are specific criteria that you can select.

To configure the action to be taken when event criteria are met, select an Action type. When you select the Email action, events meeting the criteria will be sent in an email to the Recipients that you specify. You can specify a number of email recipients by entering a comma separated list of email addresses. For sFlowTrend-Pro to be able to send events via email, you must first configure the email SMTP server (see Section 13.2.5, “Email”). When you select the Syslog action, events meeting the criteria will be exported to the specified syslog server using the specified UDP Port to connect to the syslog server and the specified Facility to indicate the source of the event. sFlowTrend-Pro uses the event severity as the syslog message priority severity level indicator. See http://tools.ietf.org/html/rfc3164 for more information on syslog.

If sFlowTrend-Pro generates a large number of events, this will cause a large number of actions with matching criteria to be run. This may be inconvenient: for example, if a network suddenly became very busy, and you have an email action enabled for threshold events on all interfaces, then you would receive a very large number of email messages (one per interface exceeding the threshold). To minimize this, it is recommended that you configure event actions carefully, only selecting event criteria that are important to you. sFlowTrend-Pro will also try to minimize event action storms. If more than a predefined number of actions are queued for processing (eg email messages queued to be sent), then further actions of that type will be suppressed. An additional event will be logged informing you that event action suppression has taken place. Once the pending actions are processed, then new ones will again be accepted. This suppression threshold can be configured (see server custom configuration settings event.threshold.email and event.threshold.syslog).