Flow Tab
The tab specifically shows all the alerts that are related to flow data only. The user interface of this tab is similar to the Log and Trap tabs. However, you may find some options that are different from other alert-stream sections and specific to flow alerts.
The list shows all the alerts of the flows from the last poll. The section shows the brief and important details of the alerts. Click on the alert name to see the complete details of the alert. The columns descriptions are:
Column | Description |
---|---|
Alert | Displays the name of the alert. |
Source | Shows the host name/IP address of the monitor being monitored. |
Trigger Time | Shows the last time when the alert was triggered. |
User | When a user claims the alert, the username is displayed in the column. |
Alert Options
Alert options are the actions that you can perform towards the alert.
Post Comment: Click on the icon to add comments about the alert. The comment will be visible for all the alerts generated for that moflownitor. For example, if an alert of ‘Firewall Availability’ is generated from on 172.16.10.1 and user posts a comment: “SSH bad packet length. The length parameter is increased to 2^6”, on that particular alert then this comment will be visible only to that alert (unlike comment on monitor where a comment is visible on all the other alerts generated for the 172.16.10.1).
Suppress Alert: Click on the to suppress the alert. System will show you an option to define date and time. System will suppress the alert till that defined date-time. When an alert is suppressed, the system will automatically post a comment in the alert about it. This helps the user to find who and when suppressed the alerts for the flow.
Claim Alert: Click on the to claim an alert. One alert can be claimed only by one user. System will show the username of the person who is claiming the alert in ‘user’ column. System will post a comment about the activity.
Filters
By default the system do not show flow alerts in clear state. Use the filter option to see the alerts based on the filter conditions. The alerts can be filtered by:
- Filter by Source: Select the source IP/Host name from the drop down. System will show alert streams only for selected sources.
- Filter by Severity: Select the severity levels from the drop down. System will show alert streams for monitors for selected severity levels only.
- Filter by Alerts: Select the name of the alert you want to see. System will show only selected alerts.
- Filter by Time: Select the duration of the alert.
Types of Alert Stream Views
You can view the alerts in Grid view and the List view. The grid view is the default view. You can change to the list view temporarily.
Grid View
List View