We've run into a situation where a windows update server is taking up a good chunk of bandwidth communicating with clients in one of our offices. We want to know when this is happening throughout the day so we can look into it in real-time and I'm having trouble creating an alert for this. I have written alerts for node or link behavior in the past, but am by no means a guru at it!
I've tried modifying the "Top Talkers" alert, but haven't had much luck, and the Netflow Admin Guide doesn't appear to have much for creating a more advanced alert like this. The alert that I'm trying to create isn't necessarily a top talker on any link, but alert on the following conditions:
- Conversation with IP x.x.x.x
- Greater than 100pps (or 1Meg) of data transferred
- Across node RouterX (or through Interface X)
We're running NPM 10.4 & NTA 3.10.0.
Any suggestions on how this alert could be written, or am I trying to do something outside the scope of the Alerting tool?