Our development team has been working hard and we are pleased to announce the release of Plixer Tools 8.0.0. What’s Plixer Tools you ask? We’ve combined Denika, Logalot, WebNM, and Flowalyzer into a single installer to provide better integration with Scrutinizer.
PaulFor a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
Are you getting a lot of syslogs and want to filter what you are being alerted on?
Logalot, a Centralized Log Management application, has policy management features that allow you to filter on the incoming logs and alert based on the type, the number, or content of the logs.
For this blog post, I will be focusing on the triggers for sending alerts based on the number of incoming logs.
It was a cold day in March, colder than usual for this time of year. The phone rang and it was Jon telling me that his router wasn’t performing well and was having issues. They all have an issue in this city. Some are big and some are small, but they all have issues. As for Jon, his issue was big and that’s why he called me… I’m Jimmy D, the Cisco NetFlow Detective.
His story was the same old song; everyday around a specific time, his network would slow down and the CPU on is his router would peg at 90%. He needed to know why, and fast. His company was getting ready to release a hot new piece of software and they needed the bandwidth to support it.
He had taken the first step; he was already monitoring his bandwidth with Scrutinizer. But Jon needed more. He needed to know what times his CPU utilization was high and what traffic patterns occurred during that time. If this was a perfect world, he would also be alerted when it happened.
“Let’s go get a cup of coffee.” I said.
“Jon, we can trend your CPU utilization via SNMP with Denika. We can also set up alarms and alerts in both Scrutinizer and Denika. We can also capture syslogs from the router with Logalot. All this information can be tied together to give us a better picture and possibly point out a pattern.”
“Awesome, that’s what I was looking for! Can you help me?” he replied.
“Sure Jon, I’m the NetFlow detective, that’s what I do.”
Later that day, we took some time to set up both products. I explained how the process worked and what we were looking for. I let him know that although we can store this data forever, We were specifically interested in the next 24 hours. I was positive that our culprit would strike again.
He let me know that he would call me the next day.
“Jimmy, I just got an alert!” said Jon.
“Lets look at what it said.” I asked.
It was 5:01 p.m. and I wasn’t surprised. Nasty things, like rats and bad packets, show up quickly. After a few minutes of searching, I could see a pattern and it wasn’t pretty.
“I believe that I found your issues Jon.”
I looked at the time of the CPU spikes in Denika’s SNMP reports. We then looked at the Layer 3 traffic reports within Scrutinizer. I compared the timeframes and quickly saw the traffic matched.
“We now know it is a user. So now let’s find out who it is. To do so, we can drill down through the IP addresses in Scrutinizer and find out what IP is causing the traffic. Here you go Jon, are you ready to see who is hogging your bandwidth and causing the high CPU utilization?”
In one click, I quickly resolved the top talkers and saw that it was jenny.abcorp.com.
“Oh no, that’s my girlfriend!” said Jon, “Can we tell who she was talking to?”
We quickly changed to the conversations destination and could see that she was uploading 6 gigs of information to cbacorp.com at 5 p.m. every day. Jon knew the rest of the story because it was a common one. Geek programmer meets cute Russian model who thinks he is Superman, but soon finds out that he had been taken by a pretty face. She was uploading the latest builds of their hot new software to the competitors. She was a spy.
“Thank you Jimmy, you saved our company.” said Jon.
“Don’t sweat it kid. My job is to shed some light in a dark world…”
Most of these names and happenings in this story are true. Some have been changed to protect the innocent.
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
Join the NetFlow Developments group on LinkedIn.
One of our customers called wanting to know if he could send customized e-mail notifications to the network administrators in charge of different groups of devices within Scrutinizer.
Here’s the situation:
The customer has about five different groups broken down by region like North America, Asia Pac, Europe, and so forth. These regions are managed by different teams of administrators in those areas.
When a problem arises on a device in Scrutinizer, he wants e-mails sent to the response team in charge of that area and of that device. He didn’t want the team to be bombarded with redundant e-mails of the problem.
The solution is to install the Logalot add-on to the Scrutinizer server and configure its notification engine to intelligently route notifications any way you want.
Logalot is a policy-based log manager that can listen for syslogs coming from Scrutinizer when an alarm is triggered. We can create a Logalot policy for each device in a group that would send an e-mail to the person or group responsible for the device that has triggered the alarm. We can even color code each device policy the same way for each group for easy identification and management on the Logalot Bulletin Board and policy manager. Logalot is also flexible enough so that you can configure it to send notifications every 5 minutes, or only once until it’s resolved.
Logalot can do much more than just process Scrutinizer notifications. It can receive syslogs, SMTP, and SNMP Trap messages from any device as well as monitor Windows Event logs.
For more tips about setting up e-mail notifications see this post about sending alerts from alarms generated by Scrutinizer. And go here for more tips about Scrutinizer, including a sneak peek of Scrutinizer version 7, and Scrutinizer class map reporting.
Steve
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
Does your curiosity ever extend to how Plixer International began? When the company was formed, why it was named Plixer, where the idea of the company was born?
Well, if so, then read on……
Read more »
JFlow is a IP traffic flow sampler technology used by Juniper manufactured routers and switches. JFlow is considered a flow sampler technology much like Sflow, and when enabled on an interface; it allows packets in the input stream to be sampled. As the packets flow through an input stream the router/switch will look at each one, but only records new packets and discards any packets it has already seen.
JFlow is just one of three flow technologies available; among the 3 include Cisco’s Netflow and HP’s Sflow technologies. Each having their own strengths; Netflow records all packets while SFlow will only sample incoming traffic based on the packet ratio defined in the router configuration.
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
One question that has been asked repeatedly by customers is, “Can I send email notifications from alarms generated by Scrutinizer?”
And the answer is a resounding, “Yes, you can!”.
However, it does require another of our products, which can be installed right over Scrutinizer. This add-on product is Logalot, our Centralized Log Management application. There is a free version of Logalot is available, which may be sufficient for your immediate needs. Installation and configuration takes a mere matter of minutes and is further simplified with the assistance of one of our Presales Support Engineers.
Read more »
