Greg,
With the current version of Traffic Server, generating a trap based on a
threshold for frame rate being crossed for the top destination IP is not
directly supported. It would be possible to determine the top destination,
the frame rate to it, the protocol, and the top IP sources using a script.
The script could do this by a sequence of pipelined queries or a different
apporach would be to directly process the incoming sFlow samples.
To generate an snmp trap, an event could be written into the Traffic Server
event directory.
However, with the next release of Traffic Server (early 2006), this type of
analysis would be directly supported with with a report (that includes
pipelined queries and the ability to generate an event) that would be run
every 5 minutes.
I hope this helps,
Sonia Panchen
InMon Corp
> -----Original Message-----
> From: owner-traffic-management@inmon.com
> [mailto:owner-traffic-management@inmon.com] On Behalf Of Greg Conroy
> Sent: Thursday, October 06, 2005 5:47 AM
> To: traffic-management@inmon.com
> Subject: [traffic-management] SNMP traps for Top Destination
> threshhold for Packets per sec?
>
> Hello,
>
>
>
> We have the source of the SLFOW packets at the edge of our
> network and use the Top Destinations by Frames (latest) to
> determine DOS attacks. Is there any way to have an SNMP trap
> sent out based on a threshhold for the top destination ip? I
> know I can set a threshhold for the Switch port, but that
> would only show the largest DOS attacks and not by individual
> ip address. If it were possible I would like the trap to
> give source IP, Destination IP, frames per second, and
> protocol. Any ideas if this can be done in traffic server?
> Possibly outside of traffic server by gathering the
> information from traffic server? Sending the SFLOWS to
> another server to do it with a different app? Thanks in advance.
>
> Greg Conroy
> Network Engineer
> www.interland.com
Received on Thu Oct 13 04:24:03 2005
This archive was generated by hypermail 2.1.8 : 10/13/05 PDT