Home
Contents

NetResident - Network Content Monitoring Tool
Prev Page Next Page
 
Introduction
Overview
System Requirements
What Network Content NetResident Can Analyze
What’s New in NetResident 3.0
NetResident Architecture
Deploying the Application
Before You Begin: Network Visibility
Step 1: Deploying the NetResident Service and Console
Step 2: Deploying NetResident Agents
Ensuring Connectivity Between the System Components
Tips and Tricks
Setting Up the Database
Step 1: Creating a New Database and Configuration File
Step 2: Selecting an SQL Server
Step 3: Selecting a Database Location and Name
Step 4: Setting Database Access Token
Step 5: Summary
Working with NetResident
Events
Connections
Alerts
About
Understanding the Difference Between the Display and Capture Filters
Remote Connections
Aliases
Workspaces
Adding Exceptions to NetResident Agents
Manual SQL Server Installation
Analyzing Imported Capture Files
Frequently Asked Questions
Sales and Support

Alerts

Alerts allows you to create and modify alerts (i.e., notifications that are displayed by the application when a network event meets the conditions specified in the alert). For example, you can make NetResident notify you when a certain text is found in an event.

nr_img25

Alerts

· New – creates a new alert.
· Modify – modifies an existing alert.
· Delete deletes an existing alert.

Existing alerts can be turned on and off using the checkbox next to the alert name. When you create a new alert or modify an existing one, the follow dialog is displayed:

10

Enter a unique Name for the alert and check the Enabled box to make the alert active. The Filter frame allows you to select the protocols that the alert applies to and to specify the text to search for. For example, if you want to be alerted when the word “specifications” is found in an FTP file transfer, check the FTP box and enter “specifications” in the text field. The text you search for should consists of an unstructured natural language or “plain English” query. In a natural language search request, words such as AND and OR are disregarded. Use quotation marks to indicate a phrase, + (plus) to indicate a word that must be present, and - (minus) to indicate a word that must not be present. If you check the Stemming box, your search will include other grammatical forms of the words in your search request. For example, with stemming enabled, a search for “apply” would also find “applies.” This option has no effect for non-English searches. If you check the Phonic box, your search will find words that sound similar to the words in your request, like “Smith” and “Smythe.” This option has no effect for non-English searches.

When the text specified in the alert is found in an event, the corresponding record is added to the log window (located below the alert list). Additionally, the user can be notified by a number of configurable Actions:

· Beep – the computer beeps.
· Play file – the specified WAV file is played back.
· Send e-mail – sends an e-mail to the specified e-mail address. You MUST configure NetResident to use your SMTP server prior to sending e-mail. Use the E-mail Setup button to enter your SMTP server settings.
· Show message – displays the specified message as a system tray notification balloon.
· Set a priority – changes the event’s priority to the specified value.
· Add a comment – adds the specified comment to the event.
· Pronounce message – makes Windows speak the specified text using the text-to-speech engine. By default, Windows only comes with English computer voices, so Windows may not be able to pronounce messages correctly if the text is entered in a language other than English.
· Write to syslog – sends the message to the specified IP address using the syslog protocol.
· Send SNMP trap – sends the message to the specified IP address using the SNMP protocol. The MIB file containing OID descriptions is available upon request.
· Launch application – launches the specified application (additional command line parameters are supported).

Multiple actions can be configured for a single alert.

Note that alerts are updated once a minute, so once a matching event has occurred, it may take up to a minute before the corresponding action(s) are performed. Also, note that when you add a new alert, the entire database is searched, so the alert may be triggered even if the related events took place in the past.