There are cases where you need to keep a close watch on some host in your network and alert you when the host goes beyond certain threshold limits.
In absence of NetFlow Analyzer the administrator, need to take special care for those host and have to keep an eye through out the day on them.
This can be done easy by using NetFlow Analyzer, where you can generate alert based on volume and the NetFlow Analyzer will send you an email based on the threshold.
Let us taken a scenario which can explain this feature better. In an organization the Network admin need to keep an eye on couple of servers(as mentioned in the picture). These server should not exceed data transfer say 100MB of data.
You can trigger alert based on the IP address in NetFlow Analyzer. You can follow the steps mentioned below to create the alert and receive the message through email.
Click on Alert profiles → Add and select the a name for the alert.
Select the interface in which the server is connected.
Select the criteria (IN, OUT or combined traffic)
select IP Address under ‘Define Alert Criteria :’
Select Volume and select the email address to send the alert.
The Alert send will be show as below:
The alert send in the email will show you the top 10 host that contributed the traffic. To view all the conversation happened, navigate to Alert Profile, lats hour alerts and click on the number which will display all the conversation happened (this report will be shown for the time period you have retained the RAW data ).
Hope this feature will be helpful.
Arun Karthik Asokan
The original article/video can be found at Generating Alert if a host exceed a threshold limit.