Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » admin » How to push an alert into Trisul dispatcher from bash
Trace:
admin:add_alert_bash

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
admin:add_alert_bash [2024/04/29 13:35] veeraadmin:add_alert_bash [2024/04/29 13:57] (current) veera
Line 2: Line 2:
  
  
-On Ubuntu , the Trisul email dispatcher reads from /var/log/syslog and matches all lines using a Regex.+On Ubuntu , the Trisul dispatcher reads from /var/log/syslog and matches all lines using a Regex. 
 + 
 +It then formats and pushes to  
 +  - Email 
 +  - Microsoft Teams via WebHooks 
  
  
Line 15: Line 19:
 </code> </code>
  
 +
 +The fields are 
 +  * Alert:probe0:context0:  -- source of the alert
 +  * Timestamp tv_sec
 +  * Timestamp tv_usec
 +  * Source IP
 +  * Port
 +  * Dest IP
 +  * Port
 +  * SigID -- short name for alert
 +  * Message 
 +
 +
 +   
  
admin/add_alert_bash.1714377904.txt.gz · Last modified: 2024/04/29 13:35 by veera