Hi,
I am trying to key alerts from aggregated interface traffic but I’m having trouble identifying the rule for this. Basically I just want an alert to occur when overall traffic on a specified port drops below a certain bitrate.
Thanks,
Drew
You probably want to make use of the utilization macros, in particular
macros.port_in_usage_perc
macros.port_out_usage_perc
not tested, but here’s a rule i just created. Alarm under 1% utilization on either In or Out, so this should alarm for anything equal or under 10Mbps on either In or Out on a Gigabit interface for example.
and you probably want to set a delay of two SNMP polls by setting a delay of 6m, as you might get false positives easily, but try 0 delay first 
Otherwise if you know what rate you want in Octets then you could just specify
ports.ifInOctets_rate or ports.ifOutOctets_rate in the alert rule, and forget macros for utilization entirely, up to you.
Thank you Chas!
1 Like