NetXMS Support Forum

Hi,

I would like to set up an alert for monitoring inbound and outbound NIC traffic on Centos7 to detect unusual traffic patterns eg inbound DDOS or outbound someone transferring a large amount of data off a server, both will cause spikes in NIC traffic.

For my windows servers I have setup a monitor using windows performance counters: \Network Interface(vmxnet3 Ethernet Adapter _2)\Bytes Received/sec and \Network Interface(vmxnet3 Ethernet Adapter _2)\Bytes Sent/sec which seems fit for purpose and both alert when my set threshold is reached, of course the Linux server will not allow me to use a DCI with the windows performance counter option.

I have the Netxms agent running on the Linux servers and I have the option of adding netxms counters such as Net.Interface.BytesIn64(*), but this shows a cumulative total not a real-time figure, any ideas how I can achieve my goal ?  Are there any netxms counters the equivalent of the windows performance monitor counters to monitor bytes/sec ?

Many thanks, Damien

You will want to set an Average per second transformation as per https://www.netxms.org/documentation/adminguide/data-collection.html?highlight=transform#data-transformations