-
Version2.4.50 Installation MethodSecurity Onion ISO image Descriptionconfiguration Installation TypeStandalone Locationon-prem with Internet access Hardware SpecsMeets minimum requirements CPU4 RAM16 Storage for /1TB Storage for /nsm2TB Network Traffic Collectionspan port Network Traffic SpeedsLess than 1Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsNo, there are no additional clues DetailThis is my home installation of Security Onion, so my traffic throughput is not huge, but in Influx DB it shows I have an alarm for "Low Traffic Volume on Monitor Interface". I can't find out where to configure what should be the alarm threshold (nor what it currently is). Everything else is working fine (seeing +EPS, getting alerts in SOC, ...). On Grid it is showing about .4Mbps on the monitor interface which must be below some threshold configured somewhere. Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
I answered my own question. Click on the bell icon on the left side menu, select Alerts. On the page that opens, find 'Low Traffic Volume on Monitor Interface', click the gear icon to the far right for this alert, select Edit, then change the value then change the following line: Hope this helps someone else. |
Beta Was this translation helpful? Give feedback.
I answered my own question.
Click on the bell icon on the left side menu, select Alerts. On the page that opens, find 'Low Traffic Volume on Monitor Interface', click the gear icon to the far right for this alert, select Edit, then change the value then change the following line:
crit = (r) => r["bytes_recv"] < 5.0to the value you want, in my case I changed it as follows
crit = (r) => r["bytes_recv"] < 0.5Hope this helps someone else.