Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » admin » How to push an alert into Trisul dispatcher from bash
Trace: Configuring ERSPAN packet capture for Network Security Monitoring Detecting covert channels in X.509 Digital Certificates using the Trisul LUA API HA mode using Keepalived
admin:add_alert_bash

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
admin:add_alert_bash [2024/04/29 13:34] – created veeraadmin:add_alert_bash [2024/04/29 13:57] (current) veera
Line 2: Line 2:
  
  
-On Ubuntu , the Trisul email dispatcher reads from /var/log/syslog and matches all lines using a Regex.+On Ubuntu , the Trisul dispatcher reads from /var/log/syslog and matches all lines using a Regex. 
 + 
 +It then formats and pushes to  
 +  - Email 
 +  - Microsoft Teams via WebHooks 
  
  
 If you push a syslog message in the following format into syslog it will make to the automatic email alert delivery system. If you push a syslog message in the following format into syslog it will make to the automatic email alert delivery system.
  
 +
 +''"Alert:probe0:context0:0,0,0,0,0,0,IPDRDOWN,TEst ipdr stopped flushing"
 +''
  
 <code> <code>
Line 12: Line 19:
 </code> </code>
  
 +
 +The fields are 
 +  * Alert:probe0:context0:  -- source of the alert
 +  * Timestamp tv_sec
 +  * Timestamp tv_usec
 +  * Source IP
 +  * Port
 +  * Dest IP
 +  * Port
 +  * SigID -- short name for alert
 +  * Message 
 +
 +
 +   
  
admin/add_alert_bash.1714377878.txt.gz · Last modified: 2024/04/29 13:34 by veera