Notifications

Once evaluated, alerts are sent to recipients. Recipients, along with their associated endpoints, are managed from the system interface.

Endpoints and Recipients Management

Recipients are associated to one, and only one endpoint, but the same endpoint can be shared across multiple recipients.

Endpoints and recipients have a type and a set of configuration parameters which depends on the type. All the available endpoints and recipients are described in this section.

Endpoints contain common configuration which is then extended with recipients configuration. For example, the email endpoint contains the SMTP server address, whereas email recipients contain destination email addressses. This allows the creation of multiple email recipients, all sharing the same endpoint and, thus, the same SMTP server address.

An extensive example can bee seen at https://www.ntop.org/ntopng/using-ntopng-recipients-and-endpoints-for-flexible-alert-handling/.

Builtin

A builtin Alert Store DB recipient, along with its builtin Alert Store DB endpoint, is always present. This is used to deliver alerts to the internal database (SQLite or ClickHouse) and have them accessible inside the web UI. Engaged alerts are not affected by the builtin pair and are always shown. For example, the following alerts are shown under Flow Alerts because they have been delivered to the builtin recipient. The builtin recipient cannot be edited or deleted.

Builtin Recipient - Flow Alerts

Delivery Criteria

Each recipient can be configured to receive alerts on the basis of a few criteria:

  • Severity
  • Alert Category
  • Host Pool

Severity Criteria

A minimum severity is indicated when creating/editing the recipient. All alerts having the indicated (or an higher severity) will be delivered to the recipient.

Severity

Check Category

Multiple types can be indicated when creating/editing the recipient. All alerts belonging to the indicated types will be delivered to the recipient.

Alert Category

Check Entity

Multiple types can be indicated when creating/editing the recipient. All alerts belonging to the indicated entity will be delivered to the recipient.

Alert Category

Host Pool Criteria

None or multiple host pools can be configured to filter alerts which are relative to hosts, including Flow and Host alerts.

Host Pool Criteria

Active Monitoring

None or multiple alerts regarding active monitored devices can be configured.

Host Pool Criteria