Alarm Conditions Need Improvement

Scrutinizer is an enterprise/business class NetFlow and sFlow analysis tool. Scrutinizer provides historical trends of the company's critical network interfaces as well as the details on:

Who: The end system causing the traffic
What: The application/protocol that is being used
When: The time frame it has been occurring for
Where: The network connection that is affected

Moderators: scottr, Moderator Team

Post Reply
goofyziggy
Posts: 9
Joined: Mon Apr 28, 2008 10:54 pm

Alarm Conditions Need Improvement

Post by goofyziggy » Mon Apr 28, 2008 11:46 pm

I just upgraded our 5.5.1 installation to 6.0 hoping for some improvements in the Alarms section. :cry: I like the Scrutinizer product, Plixer is doing a good job here, but I feel the usefulness of this product is not being exploited. Alerting is important to the enterprise, and precision and granularity is key here. The alerting on Scrutinizer, IMO, needs more dedication as an essential part of the solution, a re-think, especially since it could deliver sorely-needed information in present-day network operations. Here's a short list of what, in my opinion, could go a long way in that direction:

Please Add the following to Scrutinizer Alarms:

1) The ability to select the amount of time to generate a "violation" condition(currently only looks at events matching over the last 1 minute)

2) The ability to "know" whats the bandwith of the interface on which any alarm condition rule is being applied IN COMBINATION WITH its current percentage usage.

3) The ability to add exclusions by: IP Address, hostname, subnet, or wildcard (*).

The goal with the above would be to catch the bandwith abuser on a DS3 as well as an abuser on a T1, even though they use completely different magnitues of bandwidth. For example, an abuser at company ABC might be a concern if the BWusage on a Xmbps link uses more than Yperrcent and takes longer than Z minutes, but not less than that. Oh and exlude hosts A, B and C*.

Hope that made sense. I was curious if the following ideas are being planned or thought about for future releases. Thanks.

Goofyzig
Phoenix, AZ

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests