From Selin.Bozkurt at radore.com Thu Jul 21 08:42:15 2016 From: Selin.Bozkurt at radore.com (Selin Ece Bozkurt, Radore) Date: Thu, 21 Jul 2016 12:42:15 +0000 Subject: A question and advise request Message-ID: Hello, Given configuration is below: Service UDP/SNMP { label:XMR02-TTI-IN calc:ave-rate-bits hostname:31.210.9.186 oid:.1.3.6.1.2.1.31.1.1.1.6.5 community:RH snmpversion:2c autoack:no maxvalue:500000000 messagedn:XMR02-TTI-ATTACK-ABOVE-500Mb messageup:XMR02-TTI-ATTACK-END minvalue:100000000 messagedn:XMR02-TTI-TRAFFIC-DECREASE-UNDER-100Mb messageup:XMR02-TTI-TRAFFIC-NORMAL notify: mail:selin.bozkurt at radore.com escalate: 10 notify: mail:selin.bozkurt at radore.com } It is able to send email for bold parts ( for maxvalue conditions) However, I want to identify yet another messageup and messagedn texts for minvalue for download traffic decrease under the same service above. Since the code hasn't got if-else structure , I couldn't do this. So this situation may lead complexity. Is there any way to do such a thing? ( It will send a separate mail for maxvalue and yet another separate mail for minvalue) Very thanks, Sayg?lar?mla, Selin Ece Bozkurt A? Operasyon Merkezi Uzman Yrd. Network Operations Center Asst. Specialist RADORE Metrocity AVM Levent, ?stanbul - T?RK?YE T: 0212 344 04 04 http://www.radore.com [Radore] RADORE VER? MERKEZ? H?ZMETLER? A.?. From scott at hiemstra.us Thu Jul 21 14:01:02 2016 From: scott at hiemstra.us (scott at hiemstra.us) Date: Thu, 21 Jul 2016 14:01:02 -0400 Subject: A question and advise request In-Reply-To: References: Message-ID: Selin, I'm not sure if what you specifically asked is possible, the author or someone else may chime in and say otherwise. This doesn't meet your goal exactly but it should at least let you get your point across in the notification. This will cause your notification to say either "XMR02-TTI-TRAFFIC SNMP TEST less than min" OR "XMR02-TTI-TRAFFIC SNMP TEST more than max" depending on what failed. Service UDP/SNMP { label:XMR02-TTI-IN calc:ave-rate-bits hostname:31.210.9.186 oid:.1.3.6.1.2.1.31.1.1.1.6.5 community:RH snmpversion:2c autoack:no maxvalue:500000000 minvalue:100000000 messagedn:XMR02-TTI-TRAFFIC %r messageup:XMR02-TTI-TRAFFIC-NORMAL notify: mail:selin.bozkurt at radore.com escalate: 10 notify: mail:selin.bozkurt at radore.com } Let me know if it helps, Scott On 2016-07-21 08:42, Selin Ece Bozkurt, Radore wrote: > Hello, > > > Given configuration is below: > > Service UDP/SNMP { > label:XMR02-TTI-IN > calc:ave-rate-bits > hostname:31.210.9.186 > oid:.1.3.6.1.2.1.31.1.1.1.6.5 > community:RH > snmpversion:2c > autoack:no > maxvalue:500000000 > messagedn:XMR02-TTI-ATTACK-ABOVE-500Mb > messageup:XMR02-TTI-ATTACK-END > minvalue:100000000 > messagedn:XMR02-TTI-TRAFFIC-DECREASE-UNDER-100Mb > messageup:XMR02-TTI-TRAFFIC-NORMAL > > notify: mail:selin.bozkurt at radore.com > escalate: 10 notify: mail:selin.bozkurt at radore.com > } > > It is able to send email for bold parts ( for maxvalue conditions) > > However, I want to identify yet another messageup and messagedn texts > for minvalue for download traffic decrease under the same service > above. > Since the code hasn't got if-else structure , I couldn't do this. So > this situation may lead complexity. > Is there any way to do such a thing? ( It will send a separate mail > for maxvalue and yet another separate mail for minvalue) > > Very thanks, > > > Sayg?lar?mla, > Selin Ece Bozkurt > A? Operasyon Merkezi > Uzman Yrd. > > Network Operations Center > Asst. Specialist > > RADORE > Metrocity AVM Levent, ?stanbul - T?RK?YE > T: 0212 344 04 04 > http://www.radore.com > > > [Radore] > > RADORE VER? MERKEZ? H?ZMETLER? A.?. > _______________________________________________ > http://argus.tcp4me.com/ > Arguslist at tcp4me.com > http://www.tcp4me.com/mailman/listinfo/arguslist From scott at hiemstra.us Thu Jul 21 14:05:29 2016 From: scott at hiemstra.us (scott at hiemstra.us) Date: Thu, 21 Jul 2016 14:05:29 -0400 Subject: A question and advise request In-Reply-To: References: Message-ID: You could take it one step further by adding the current value to the message with something like this. messagedn:XMR02-TTI-TRAFFIC %r - Current Rate: %v Scott On 2016-07-21 14:01, scott at hiemstra.us wrote: > Selin, > > I'm not sure if what you specifically asked is possible, the author or > someone else may chime in and say otherwise. This doesn't meet your > goal exactly but it should at least let you get your point across in > the notification. This will cause your notification to say either > "XMR02-TTI-TRAFFIC SNMP TEST less than min" OR "XMR02-TTI-TRAFFIC SNMP > TEST more than max" depending on what failed. > > Service UDP/SNMP { > label:XMR02-TTI-IN > calc:ave-rate-bits > hostname:31.210.9.186 > oid:.1.3.6.1.2.1.31.1.1.1.6.5 > community:RH > snmpversion:2c > autoack:no > maxvalue:500000000 > minvalue:100000000 > messagedn:XMR02-TTI-TRAFFIC %r > messageup:XMR02-TTI-TRAFFIC-NORMAL > > notify: mail:selin.bozkurt at radore.com > escalate: 10 notify: mail:selin.bozkurt at radore.com > } > > Let me know if it helps, > Scott > > > > > On 2016-07-21 08:42, Selin Ece Bozkurt, Radore wrote: >> Hello, >> >> >> Given configuration is below: >> >> Service UDP/SNMP { >> label:XMR02-TTI-IN >> calc:ave-rate-bits >> hostname:31.210.9.186 >> oid:.1.3.6.1.2.1.31.1.1.1.6.5 >> community:RH >> snmpversion:2c >> autoack:no >> maxvalue:500000000 >> messagedn:XMR02-TTI-ATTACK-ABOVE-500Mb >> messageup:XMR02-TTI-ATTACK-END >> minvalue:100000000 >> messagedn:XMR02-TTI-TRAFFIC-DECREASE-UNDER-100Mb >> messageup:XMR02-TTI-TRAFFIC-NORMAL >> >> notify: mail:selin.bozkurt at radore.com >> escalate: 10 notify: mail:selin.bozkurt at radore.com >> } >> >> It is able to send email for bold parts ( for maxvalue conditions) >> >> However, I want to identify yet another messageup and messagedn texts >> for minvalue for download traffic decrease under the same service >> above. >> Since the code hasn't got if-else structure , I couldn't do this. So >> this situation may lead complexity. >> Is there any way to do such a thing? ( It will send a separate mail >> for maxvalue and yet another separate mail for minvalue) >> >> Very thanks, >> >> >> Sayg?lar?mla, >> Selin Ece Bozkurt >> A? Operasyon Merkezi >> Uzman Yrd. >> >> Network Operations Center >> Asst. Specialist >> >> RADORE >> Metrocity AVM Levent, ?stanbul - T?RK?YE >> T: 0212 344 04 04 >> http://www.radore.com >> >> >> [Radore] >> >> RADORE VER? MERKEZ? H?ZMETLER? A.?. >> _______________________________________________ >> http://argus.tcp4me.com/ >> Arguslist at tcp4me.com >> http://www.tcp4me.com/mailman/listinfo/arguslist > _______________________________________________ > http://argus.tcp4me.com/ > Arguslist at tcp4me.com > http://www.tcp4me.com/mailman/listinfo/arguslist From Selin.Bozkurt at radore.com Sat Jul 23 03:32:55 2016 From: Selin.Bozkurt at radore.com (Selin Ece Bozkurt, Radore) Date: Sat, 23 Jul 2016 07:32:55 +0000 Subject: A question and advise request In-Reply-To: References: Message-ID: Thanks for your reply. I applied the following command you sent. If successful or not, I will inform you. -----Original Message----- From: arguslist-bounces at tcp4me.com [mailto:arguslist-bounces at tcp4me.com] On Behalf Of scott at hiemstra.us Sent: Thursday, July 21, 2016 9:05 PM To: Discussion about Argus Subject: Re: A question and advise request You could take it one step further by adding the current value to the message with something like this. messagedn:XMR02-TTI-TRAFFIC %r - Current Rate: %v Scott On 2016-07-21 14:01, scott at hiemstra.us wrote: > Selin, > > I'm not sure if what you specifically asked is possible, the author or > someone else may chime in and say otherwise. This doesn't meet your > goal exactly but it should at least let you get your point across in > the notification. This will cause your notification to say either > "XMR02-TTI-TRAFFIC SNMP TEST less than min" OR "XMR02-TTI-TRAFFIC SNMP > TEST more than max" depending on what failed. > > Service UDP/SNMP { > label:XMR02-TTI-IN > calc:ave-rate-bits > hostname:31.210.9.186 > oid:.1.3.6.1.2.1.31.1.1.1.6.5 > community:RH > snmpversion:2c > autoack:no > maxvalue:500000000 > minvalue:100000000 > messagedn:XMR02-TTI-TRAFFIC %r > messageup:XMR02-TTI-TRAFFIC-NORMAL > > notify: mail:selin.bozkurt at radore.com > escalate: 10 notify: mail:selin.bozkurt at radore.com > } > > Let me know if it helps, > Scott > > > > > On 2016-07-21 08:42, Selin Ece Bozkurt, Radore wrote: >> Hello, >> >> >> Given configuration is below: >> >> Service UDP/SNMP { >> label:XMR02-TTI-IN >> calc:ave-rate-bits >> hostname:31.210.9.186 >> oid:.1.3.6.1.2.1.31.1.1.1.6.5 >> community:RH >> snmpversion:2c >> autoack:no >> maxvalue:500000000 >> messagedn:XMR02-TTI-ATTACK-ABOVE-500Mb >> messageup:XMR02-TTI-ATTACK-END >> minvalue:100000000 >> messagedn:XMR02-TTI-TRAFFIC-DECREASE-UNDER-100Mb >> messageup:XMR02-TTI-TRAFFIC-NORMAL >> >> notify: mail:selin.bozkurt at radore.com >> escalate: 10 notify: mail:selin.bozkurt at radore.com >> } >> >> It is able to send email for bold parts ( for maxvalue conditions) >> >> However, I want to identify yet another messageup and messagedn texts >> for minvalue for download traffic decrease under the same service >> above. >> Since the code hasn't got if-else structure , I couldn't do this. So >> this situation may lead complexity. >> Is there any way to do such a thing? ( It will send a separate mail >> for maxvalue and yet another separate mail for minvalue) >> >> Very thanks, >> >> >> Sayg?lar?mla, >> Selin Ece Bozkurt >> A? Operasyon Merkezi >> Uzman Yrd. >> >> Network Operations Center >> Asst. Specialist >> >> RADORE >> Metrocity AVM Levent, ?stanbul - T?RK?YE >> T: 0212 344 04 04 >> http://www.radore.com >> >> >> [Radore] >> >> RADORE VER? MERKEZ? H?ZMETLER? A.?. >> _______________________________________________ >> http://argus.tcp4me.com/ >> Arguslist at tcp4me.com >> http://www.tcp4me.com/mailman/listinfo/arguslist > _______________________________________________ > http://argus.tcp4me.com/ > Arguslist at tcp4me.com > http://www.tcp4me.com/mailman/listinfo/arguslist _______________________________________________ http://argus.tcp4me.com/ Arguslist at tcp4me.com http://www.tcp4me.com/mailman/listinfo/arguslist