0 Replies Latest reply on Jul 14, 2014 2:51 AM by the_toilet

    trap parser overload

    the_toilet

      Hi all

       

      I know the trap parser is not great and not really something that gets a lot of attention but it is still very useful.  however, it is easily overloaded, especially when certain traps are made to spawn emails, it can totally overload a system when spamage happens...

       

      with this in mind, I need a way to make it so that we can control spams...  best way is to stop at source, but to do this, we need to proactively be able to identify bad sources...  has anyone worked out how to make the trap parser send out an email when say

       

      1. number of traps received in a minute is greater than 400

      2. the email to contain the top 1/2 sender within that minute?

       

      this would allow us to quickly zoon in on the problem node and get the issue sorted or filtered if it is unfixable during that time

       

      cheers

      dan