[collectd] Thresholds, Notifications configuration

lftgl table v.lftgl at googlemail.com
Thu Nov 17 08:53:57 CET 2011


Hi

i'm using collectd 4.10.1-1+squeeze2 even on my gateway.


sometimes i realize syn-flood attacks on the gateway identified by lot of
packages on the external interface and of course i collect these data by
collectd and transfer them by using the network plugin to a defined
collectd-server.

I'd like to be able to react directly on the gateway in the moment the
syn-attack starts, cause these attacks are often really short, less than a
minute

for instance, i'd like to dump packages by using tcpdump

so i have read something about collectd thresholds, notifications,
NotificationsExec and Chains + Targets.

The question is:

which configuration would be the best solution to fix the problem, for
instance:

if i define a threshold configuration, i don't want to get a notification,
but rather execute a script to dump the packages

    <Plugin "interfaces">
        <Type "if_packets">
           Instance "eth0"
           DataSource "rx"
           FailureMax 100000
        </Type>
    </Plugin>

any suggestions ?!


lftgl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.verplant.org/pipermail/collectd/attachments/20111117/5bf40803/attachment.html>


More information about the collectd mailing list