Ratio Based Alert

The Ratio Based Alert triggers when the percentage of a specified message type exceeds or falls below specified percentages. For example, the Denied/(Accept+Denied) Alert Ratio can be used to trigger an alert when the number of Denied messages exceeds 90% of the Accept and Denied message count.

Request Parameters

FewerThan, MoreThan, ratio

Example

Example for Ratio Based Alert: 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:aler="AlertService">
   <soapenv:Header/>
   <soapenv:Body>
      <aler:createAlert>
         <!--Optional:-->
         <aler:authToken>admin/admin123</aler:authToken>
         <!--Optional:-->
         <aler:alertTypeName>Ratio Based Alert</aler:alertTypeName>
         <!--Optional:-->
         <aler:name>Alert8</aler:name>
         <!--Optional:-->
         <aler:desc>Ratio Based Alert - user alert</aler:desc>
         <!--Optional:-->
         <aler:priorityName>medium</aler:priorityName>
         <!--Optional:-->
         <aler:enabled>no</aler:enabled>
         <!--Optional:-->
         <aler:deviceNames>All Cisco ASA</aler:deviceNames>
         <!--Optional:-->
         <aler:usernames>admin</aler:usernames>
         <!--Optional:-->
         <aler:trapIds></aler:trapIds>
         <!--Optional:-->
         <aler:resetTime>900</aler:resetTime>
         <!--Optional:-->
         <aler:trackIndividualDevice>yes</aler:trackIndividualDevice>
         <!--Optional:-->
         <aler:alertRules>FewerThan/10//MoreThan/20//Ratio/Accept/Total</aler:alertRules>
         <!--Optional:-->
         <aler:snmpOId></aler:snmpOId>
      </aler:createAlert>
   </soapenv:Body>
</soapenv:Envelope>

The following table lists the Ratio Based Alert-specific parameters. You must include the parameters as inputs for the alertRules parameter.

Ratio Based Alert-specific rules
Parameter Description Values Required Type
FewerThan Minimum percentage of messages (by ratio specified by ratio parameter) that must be received before an alert is generated. If the number of messages drops below the FewerThan value, then an alert is generated.

The FewerThan and MoreThan parameters make up the alert range for the value specified by the ratio parameter.

Any positive integer between 1 and 100. yes string
MoreThan Maximum percentage of messages (by ratio specified by ratio parameter)) that must be received before an alert is generated. If the number of messages drops below the FewerThan value, then an alert is generated.

The FewerThan and MoreThan parameters make up the alert range for the value specified by the ratio parameter.

Any positive integer between 1 and 100. yes string
Ratio Message count ratio for the specified alert. Possible values:

- Accept or Total

- Deny or Total

- Login Success or Total

-
Login Failure orTotal


- Accept or(Accept+Denied)


- Denied or(Accept+Denied)


- Login Success or(Success+Failure)

-
Login Failure or (Success+Failure)

You must substitute %2F for each forward slash. (The F is case-sensitive.) For example: Accept%2FTotal.

yes string