New notification features

Posted by Andree Toonk - May 26, 2009 - - 2 Comments
The last few weeks I have been working on implementing some more notification options. A number of users have asked for sending out notification email to more than just one email address, as well as being able to send notifications to pagers. The latest release of supports these features.  You can find the configuration for these new options in your setting page. In this post I will highlight a few of the new  features. Additional email address After a number of requests this feature is now available.  The additional email address will be cc’d  on all your notification emails.  This allows you to share these alarms with your colleague or noc. Pager / SMS notification This feature is also based on input I received from a number of users who would like to have notifications sent to their pager or cell phone.  Some of you have email to SMS gateways that takes an email as input and use the content of that email to sent a text message to your pager or cell phone. By adding a pager/sms email address a short messages of maximal 160 characters will be sent to this email address.  This allows you to receive alerts on you pager or cell phone as well. Conservative notification For those of you who monitor many prefixes and have dynamic networks (i.e. many new prefixes, upstreams) will receive quite a number of alerts. used to send out notifications for each suspicious update it detected. If you your filters were not accurate this could result in several hundreds of emails a week or day. In cases like this less is more. A new feature called ‘conservative mode’ will suppress recurring alarms and only notify you 3 times a day for each unique event.  This is only for recurring alarms and not for new alerts or new prefix & origin combinations. For example, if you have a new upstream and you did not add this to your upstream list, will sent out notifications for that each time it sees an update for your prefix containing this upstream. After it sent out 3 notifications for this prefix/upstream event it will ignore this for 24 hours. Another example: ASx has hijacked your prefix. They are announcing a more specific for one of your prefixes. Conservative notifications do not apply for this kind of alert, as it’s not a recurring alert. In fact it’s a complete new prefix / Origin AS combination. The conservative notification feature will make less ‘chatty’. Conservative ignore is enabled by default, you can disable it by setting your notification mode to active. In this case it will notify you for each event over and over. It’s not recommended to run in active mode and in normal circumstances you should not need to do this. I want to stress that this feature is not needed when you keep your filters up to date. Whenever you see a false alert please click the false positive link in the email so we make sure we don’t sent you notifications for this event again. New Prefix detection The last new feature implemented in the latest release is new prefix detection.  When detects a new prefix for one of your ASns it will sent you a notification (code 60). This will help you to verify if your new prefix is seen in the global routing table. Or in the case of accidental leaks you’ll be quickly notified. You will only receive one notification email per prefix & origin AS combination. You can disable this feature in the setting page, in case you do not want to monitor for new prefixes. Bug fixes The new version also contains a few minor bug fixes, regarding IPv6 prefix syntax checking, ignoring more specifics as well as some performance related improvements. Community feedback relies heavily on community feedback. All of the above features are based on input received from users. If you have a feature request, idea for improvement or found a bug, please let me know.  Together we can continue to improve this project!


Leave a Reply

Your email address will not be published. Required fields are marked *