The Problem
Let’s assume that you have a Network where local hosts generate a constant amount of traffic. How do you find if they are misbehaving? It happens that some local host starts behaving strangely, by having an abnormal amount of traffic (sent or received) with respect to their recent past: how can you spot these situations and report them with an alert.
This is why we have created the Local Traffic Rules page: users can now define custom Volume/Throughput threshold for some (or all) local hosts. You can also set thresholds on score and application protocols 9e.g. WhatsApp).
For instance, if a DNS server is available in the network, a check for that host regarding the DNS traffic could be added: alert me if the DNS traffic for a host exceeds 1 GB/day.
How Thresholds Work
The Local Traffic Rules page can be found under the Hosts menù.
Here it is possible to set up the rules you like, for every Local Host or Interface you want.
The rule is composed by:
- Target (who is monitored)
- Type (Host or Interface)
- Metric (what is monitored)
- Check Frequency (how often it is monitored)
- Threshold (the threshold not be exceeded up/own)
(In the action column instead, it is possible to edit/delete the rule)
By clicking the ‘+’ icon next to the search bar of the table, it’s possible to add a new rule
Here it is possible to :
- Set the type of rule.
- Add the Target (what we are monitoring)
- Select the monitored metric: Traffic, Score, and all the Application Protocols (e.g. DNS, HTTP, SMTP, …)
- Set the check frequency: every five minutes, every hour, or once per day
- Specify the threshold, which can be measured in volume (e.g. 1 GB), throughput (e.g. 1 Gbps), or percentage (e.g. + 20%, meaning that the current value has not to exceed by more than 20% the value of the metric during the previous check).
So now it’s time for you to monitor your Hosts and Interfaces and be sure they do not misbehave.
Enjoy this new feature, and send us your feedback