[collectd] Thresholds, Notifications configuration
lftgl table
v.lftgl at googlemail.com
Thu Nov 17 08:53:57 CET 2011
Hi
i'm using collectd 4.10.1-1+squeeze2 even on my gateway.
sometimes i realize syn-flood attacks on the gateway identified by lot of
packages on the external interface and of course i collect these data by
collectd and transfer them by using the network plugin to a defined
collectd-server.
I'd like to be able to react directly on the gateway in the moment the
syn-attack starts, cause these attacks are often really short, less than a
minute
for instance, i'd like to dump packages by using tcpdump
so i have read something about collectd thresholds, notifications,
NotificationsExec and Chains + Targets.
The question is:
which configuration would be the best solution to fix the problem, for
instance:
if i define a threshold configuration, i don't want to get a notification,
but rather execute a script to dump the packages
<Plugin "interfaces">
<Type "if_packets">
Instance "eth0"
DataSource "rx"
FailureMax 100000
</Type>
</Plugin>
any suggestions ?!
lftgl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.verplant.org/pipermail/collectd/attachments/20111117/5bf40803/attachment.html>
More information about the collectd
mailing list