Set capture rate maximum and minimum thresholds for interfaces
Article ID: 275984
Updated On: 11-27-2023
Products
Issue/Introduction
When there is no new traffic being sent to an interface or an interface is not capturing, an administrator will want to know. There is a System Health test that can be enabled with minimums and maximums. An administrator can be notified by email or syslog that a system health tests has failed.
The capture rate threshold is set from the command line as root. The Help pages are good but could use examples.
Environment
Release 8.2.X
Resolution
This is from the Help pages -
Test Configuration - Capture Thresholds
This test allows you to set thresholds that trigger notifications and is disabled by default. The test configuration has the following json syntax:
{"agg0": {"max_bps": 0, "min_bps": 0}, "eth1": {"min_bps": 0}, "default": {"max_bps": 0, "min_bps": 0}} where:
- agg0 is the aggregate of all capture interfaces
- ethN is a specific interface
- default sets the thresholds for all interfaces that aren't overridden by specific ethN settings. The default 'min_bps' and 'max_bps' will be used for any interface value that isn't specified. For example, if 'eth1' only specifies a 'min_bps' value, then the 'max_bps' value will come from the default 'max_bps' value. Likewise, if an interface isn't listed in the configuration, then both the 'max_bps' and 'min_bps' for that interface will come from the default values. A value of '0' for max_bps or min_bps disables the test for that interface.
|
Action |
Command |
Output |
|---|---|---|
| Show the configuration | # scm system_health show_test_config capture_thresholds |
{"agg0": {"max_bps": 0, "min_bps": 0}, "eth1": {"min_bps": 0}, "default": {"max_bps": 0, "min_bps": 0}} |
| Set the configuration | # scm system_health set_test_config
capture_thresholds '{"agg0": {"max_bps": 0, "min_bps": 0},
"eth1": {"max_bps": 0, "min_bps": 0}, "default": {"max_bps": 0,
"min_bps": 0}}' |
Set configuration for capture_thresholds |
A few examples -
You will need to login as root to the command line of the sensor. To show what the current thresholds are:
scm system_health show_test_config capture_thresholds
The command to set a minimum capture rate threshold test of 50Mb/s (50 megabits per second) with a maximum of 3.5Gb/s (3500 megabits per second) capture rate maximum on eth5 is:
scm system_health set_test_config capture_thresholds '{"eth5": {"max_bps": 3500000000, "min_bps": 50000000}}'
The scm system_health show_test_config capture_thresholds command returns:
{"eth5": {"max_bps": 3500000000, "min_bps": 50000000}}
To set the default threshold for each interface at a maximum of 4Gb/s and a minimum of 50Mb/s, the command line would be:
scm system_health set_test_config capture_thresholds '{"default": {"max_bps": 4000000000, "min_bps": 50000000 }}'
The scm system_health show_test_config capture_thresholds command returns:
{"default": {"max_bps": 4000000000, "min_bps": 50000000}}
To set the maximum capture rate of 4Gb/s and the minimum of 200Mb/s for the aggregate of all interfaces:
scm system_health set_test_config capture_thresholds '{"agg0": {"max_bps": 4000000000, "min_bps": 200000000 }}'
The scm system_health show_test_config capture_thresholds command returns:
{"agg0": {"max_bps": 4000000000, "min_bps": 200000000}}
All thresholds need to be set in the same command. To combine the aggregate, eth5, and default maximums and minimums, the command is:
scm system_health set_test_config capture_thresholds '{"agg0": {"max_bps": 4000000000, "min_bps": 200000000}, "eth5": {"max_bps": 3500000000, "min_bps": 50000000}, "default": {"max_bps": 4000000000, "min_bps": 50000000 }}'
The scm system_health show_test_config capture_thresholds command returns:
{"agg0": {"max_bps": 4000000000, "min_bps": 200000000}, "eth5": {"max_bps": 3500000000, "min_bps": 50000000}, "default": {"max_bps": 4000000000, "min_bps": 50000000}}
-> NOTE: These examples were tested for syntax. You will need to test the syntax for your needs on your own systems for your site specific needs.
Feedback
