BLOG     |     FORUM
Welcome, Guest
Username: Password: Remember me
Issues related to installation, running, bugs, and features.
  • Page:
  • 1

TOPIC: TCA not firing

TCA not firing 9 years 5 months ago #3889

I just started setting up TCAs for my installation, but they never fire. I followed the guide (trisul.org/docs/ug/alerts/tca.html) for the most part. Here's what I've got:
  • Running in fullblown_rx
  • Capturing a NIC with a full mirror of traffic
  • TCA:
    • Target: Hosts
    • Stat ID: TCP SYN Sent (I've tried TCP SYN Received as well)
    • Target Key: Port-80
    • Hi Water Mark: 2
    • Lo Water Mark: 1
    • Intervals: 1

Any thoughts?
The administrator has disabled public write access.

TCA not firing 9 years 5 months ago #3890

Hi -

There are two issues here :

1. You are trying to set a TCA for HOSTS Counter Group but use the Key "Port-80" There is no host named Port-80 therefore this doesnt fire. You can type in a specific IP for which you want to track SYN Traffic or type the special key SYS:GROUP_TOTALS which applies to all Hosts.

2. The volumes are too low you have only 2 and 1 - TCA fires only when the Hi-Water is crossed - seems like '2' is too low and all SYNs are goign to be very high from the get go. To get an idea of the amount of SYN Traffic you are getting Click on Dashboard > Security and scroll about halfway down on the left side. You can then pick a reasonable threshold from the chart and apply that number to Hosts and SYS:GROUP_TOTALS and TCP SYN
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.

TCA not firing 9 years 5 months ago #3891

Originally the target key was SYS:GROUP_TOTALS an the TCA did not fire. I lowered the levels from more sane numbers to just get the TCA to fire, but it never did.
The administrator has disabled public write access.

TCA not firing 9 years 5 months ago #3892

the target key was SYS:GROUP_TOTALS an the TCA did not fire. I lowered the levels from more sane numbers to just get the TCA to fire, but it never did.

We tried it and can confirm there is a bug. We have fixed it and will upload new builds shortly !!



Thanks a lot for reporting.
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.
The following user(s) said Thank You: jwalter

TCA not firing 9 years 5 months ago #3893

Thanks Vivek
The administrator has disabled public write access.
  • Page:
  • 1
Moderators: vivek [unleash]
Time to create page: 0.034 seconds