Mike,
ITS version 5 will make this kind of thing quite straightforward,
because custom-reports can be scheduled to run quite frequently. In
the mean time, if you need to do this with ITS version 4 I think the
simplest way to do it is probably will a small script. You can build
the query URL you want using Query->Other->Interface Traffic, and
then use it with wget(1). The script can be scheduled with cron(1)
to run periodically, and it can generate an event just by writing a
file into the appropriate directory.
Below is a roughly thrown-together example that might serve as a
starting point. Hope this helps.
regards,
neil
------------------------------------------------------------------------
---- #!/bin/bash # example script to look for traffic from a given MAC address. # To have this script run every 5 minutes, make it executable using # "chmod -x", and submit a cron entry like this: # # echo "*/5 * * * * /path/to/this/script > /dev/null" | crontab "-" SEARCHMAC='000480603600'; # query the last 5 minutes using Query->Other->Interface Traffic. Filter # with filterProtocol=MAC and set the sourceAddress filter to the one # we are looking for. grep the output to see if it appeared. FOUND=`wget -q -O- "http://demo.inmon.com/its/query/Monitor? filterProtocol=MAC&sou rceAddress=$SEARCHMAC&intervals=1&intervalSize=5&resultField=time% 2CsourceAddress& resultFormat=csv&resultProtocol=MAC&action=query" | grep -c $SEARCHMAC`; echo "FOUND=$FOUND"; # post an event into the ITS event directory # POSTEVENTS="/usr/local/inmon/server/events/testForMAC.$$.up" #if [ "$FOUND" = "1" ]; then # echo "::inform:status:mac:up::::mac=$SEARCHMAC" > $POSTEVENTS; #fi On Nov 23, 2005, at 12:26 PM, Mike Zanker wrote: > Hello, > > is it possible to configure InMon to alert when it sees a specific MAC > address? > > Thanks, > > Mike.Received on Sat Nov 26 09:23:14 2005
This archive was generated by hypermail 2.1.8 : 11/26/05 PST