In the following example, every ten seconds the CLEAR-Flow agent will request the counter1 statistics from the hardware.
After it receives the counter value, it will evaluate the CLEAR-Flow rule. If the value of counter1 is greater than 1,000,000 packets, the CLEAR-Flow agent will send a trap message to the SNMP (Simple Network Management Protocol) master, and change the ACL (Access Control List) acl_rule1 to block traffic (acl_rule1 is modified to a deny rule).
Since there is no period configured for the snmptrap statement, the message is sent only once.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB
entry acl_rule1 {
if {
destination-address 192.168.16.0/24;
destination-port 2049;
protocol tcp;
} then {
count counter1;
}
}
entry cflow_count_rule_example {
if { count counter1 > 1000000 ;
period 10 ;
}
Then {
snmptrap 123 "Traffic on acl_rule1 exceeds threshold";
deny acl_rule1;
}
}