Alerts on sudden interface traffic raise or drop in last 30 minutes?

Having an alert based on a sudden traffic change (raise or drop) in last 30 minutes would be very useful.

For example if we have a rapid interface flap that doesn't take the routing down won't be noticed. If we have an alert based in a traffic drop we can be aware of such problems.

On the other way around if we have an alert for traffic raise we can be aware of attack or even traffic changes.

Parents
  • Hi there, 

    NPM monitors interface bandwidth every 10 minutes, and will take an average of the usage in that time. This means that you can struggle to find the specific peaks in the usage at a smaller range. You could increase the polling rate for certain interfaces but that may incur performance issues if it was done in bulk. 

    If you don't already have it, Netflow Traffic Analyser allows you to break-down your interface utilisation by source, destination, application, port, etc... and more specifically has the ability to run traffic alerts down to a 1-minute period. With this, you can check to see if traffic goes over a certain amount, or below a certain amount in that period and then send it to the normal Orion alerts for notifications: https://documentation.solarwinds.com/en/success_center/nta/content/nta-configuring-flow-alerts.htm

    Here's a sample of Netflow data showing the level of detail for these metrics:

    If this helps answer your question please mark my answer as confirmed to help other users, thank you!

    Marlie Fancourt | SolarWinds Pre-Sales Manager

    Prosperon Networks | SolarWinds Partner since 2006

Reply
  • Hi there, 

    NPM monitors interface bandwidth every 10 minutes, and will take an average of the usage in that time. This means that you can struggle to find the specific peaks in the usage at a smaller range. You could increase the polling rate for certain interfaces but that may incur performance issues if it was done in bulk. 

    If you don't already have it, Netflow Traffic Analyser allows you to break-down your interface utilisation by source, destination, application, port, etc... and more specifically has the ability to run traffic alerts down to a 1-minute period. With this, you can check to see if traffic goes over a certain amount, or below a certain amount in that period and then send it to the normal Orion alerts for notifications: https://documentation.solarwinds.com/en/success_center/nta/content/nta-configuring-flow-alerts.htm

    Here's a sample of Netflow data showing the level of detail for these metrics:

    If this helps answer your question please mark my answer as confirmed to help other users, thank you!

    Marlie Fancourt | SolarWinds Pre-Sales Manager

    Prosperon Networks | SolarWinds Partner since 2006

Children
No Data