good morning guys from germany,
i need to create an alert rule for our firewall systems.
we’re using a internal ipls network by our provider. with librenms i get the traffic informations by a port of the router. this port is configured to 1gbit speed but our WAN speed is 8 mbit/s.
so now i want to create an alert rule when the traffic over time X is by 7mbit/s.
how can i configure that?
regards
I believe it would be something like this:
If your interface speed is 1000, then:
macros.port_usage_perc >= 0.7 AND macros.port_up = 1 AND macros.port = 1
and if your port has a description it could look like:
macros.port_usage_perc >= 0.7 AND macros.port_up = 1 AND macros.port = 1 AND ports.ifAlias LIKE 'thisismyportdesciption%'
Then you might want to MAP it to a firewall or firewall group in the alert.
You should be able to control time, by changing the delay e.g if you have 5 minute polling time, then 6m you would be sure would cover 2 polls (10 mins), so it would only alert if >=7Mbps over 10 mins e.g
Max: 1
Delay: 6m
Interval: 5m
I got an error when i try to configure with “0.7” or “0,7” values.
any thoughts?
Ahh yes looks like validation stops you from doing this,
In that case you need a workaround, you could try changing your interface Speed on Librenms to 100, and put the port usage to 7 . Or if you know the SQL query you can alert with that.
To change interface speed to go device -> edit -> port settings -> change the port from 1Gbps “1000000000” to 100Mbps “100000000”
I have created a rule to alert if traffic is over 150Mbps (you need two rules one for in one for out):
SELECT * FROM devices,ports WHERE (devices.device_id = ? AND devices.device_id = ports.device_id) AND (ports.ifOperStatus = "up" && ports.ifAdminStatus = "up" && (ports.deleted = 0 && ports.ignore = 0 && ports.disabled = 0)) = 1 AND ports.ifOutOctets_rate > 19660800
Calculator for reference: http://www.endmemo.com/sconvert/b_smbps.php
EDIT: I just realized you said “over time” not sure if this will do what you want, I’m just trying to help.
EDIT2: Just to clarify this is the key piece here:
ports.ifOutOctets_rate > 19660800
hey eric,
when i try to import your sql statement i got a parsing error, is there any failure in the statement?
Import from SQL tries to re-map it to the builder.
Instead, click the advanced tab at the top, turn “Override SQL” On and paste the query in.
You will need to go back to “Main” tab after and fill in the Title, and put something random into the builder alert, which won’t be effective, but again more of a validation issue.
Will work though 
Thank you Chas,
now it’s working.
how can i filter these alert for only a few ports? for example only for the port(s) with name “internet”?
you will need something like ports.ifAlias like internet in the sql statement
If these are port descriptions.
