VPN Statistics Alert

The VPN Statistics Alert triggers when recorded statistics on VPN or Radius messages match relative or absolute criteria. For example, an alert can be configured to trigger when the Number of Bytes Received per day for a specific user exceeds, say, 1 Mb per day, which is an absolute value. The alert rule could also be configured as a relative rule, for example “grows by 10%.”

Request Parameters

VPNUser, VPNGroup, VPNIP, Statistic, MatchCount, PerTimeUnit, MeasureBy, ChangeAs, ChangeValue

Example

Example of VPN Statistics Alert: 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:aler="AlertService">
   <soapenv:Header/>
   <soapenv:Body>
      <aler:createAlert>
         <!--Optional:-->
         <aler:authToken>admin/admin123</aler:authToken>
         <!--Optional:-->
         <aler:alertTypeName>VPN Statistics Alert</aler:alertTypeName>
         <!--Optional:-->
         <aler:name>Alert30</aler:name>
         <!--Optional:-->
         <aler:desc>VPN Statistics Alert - user alert</aler:desc>
         <!--Optional:-->
         <aler:priorityName>high</aler:priorityName>
         <!--Optional:-->
         <aler:enabled>no</aler:enabled>
         <!--Optional:-->
         <aler:deviceNames>All Cisco VPN 3000</aler:deviceNames>
         <!--Optional:-->
         <aler:usernames>admin</aler:usernames>
         <!--Optional:-->
         <aler:trapIds></aler:trapIds>
         <!--Optional:-->
         <aler:resetTime>900</aler:resetTime>
         <!--Optional:-->
         <aler:trackIndividualDevice>yes</aler:trackIndividualDevice>
         <!--Optional:-->
         <aler:alertRules>VPNUser/ddd//VPNGroup/dddddd//VPNIP/null//Statistic/number of connections//PerTimeUnit/minute//ChangeAs/drops by//ChangeValue/4000.0//MeasureBy/1//MatchCount/0</aler:alertRules>
         <!--Optional:-->
         <aler:snmpOId></aler:snmpOId>
      </aler:createAlert>
   </soapenv:Body>
</soapenv:Envelope>

The following table lists the VPN Statistics Alert-specific parameters. You must include the parameters as inputs for the alertRules parameter.

VPN Statistics Alert-specific rules
Parameter Description Values Required Type
VPNUser Defines the VPN user from where the connection originates.

If you specify a value for the VPNUser parameter, you must also specify a value for the VPNGroup parameter.

You can specify a value for the VPNIP parameter instead of the VPNUser and VPNGroup parameters together.

  optional string
VPNGroup Defines the VPN Group from where the connection originates.

You must specify a value for the VPNGroup parameter if you specify a value for the VPNUser parameter.

You can specify a value for the VPNIP parameter instead of the VPNUser and VPNGroup parameters together.

  optional string
VPNIP Defines the VPN IP address from where the connection originates.

You can use the VPNIP parameter as an additional filter instead of using the VPNUser and VPNGroup parameters.

Standard IP address format. For example:

10.1.2.3

optional string
Statistic Identifies the type of statistic.

Specify the PerTimeUnit parameter with the Statistic parameter.

If you specify the value as Connection Duration, the PerTimeUnit parameter is not necessary as the value defaults to seconds.

Possible values:
  • Number of Connections
  • Number of Denies
  • Bytes Sent
  • Bytes Received
  • Connection Duration
yes string
MatchCount In the Threshold field, enter the number of times a match must occur before an alert is sent. The match is determined by the combination of the fields you define for this type of alert. yes int
PerTimeUnit Rate at which the statistic type (statistic parameter) is sampled. This field is not applicable to if the value of the statistic parameter is Connection Duration. Possible values:

second, minute, hour, day, week, none.

If you specify none, statistics are measured regardless of rate.

yes string
MeasureBy Select whether to use a relative or absolute measurement to trigger the alert. 0 or 1 yes string
ChangeAs Defines the percentage of increase or decrease of the alert type (statistic parameter).

For example, to be alerted when a number of Denied Connections per second grows by 400% from the average, enter the value “grows by 400". The average is taken from the previous time period and varies depending on the type of information you view.

Possible values:
  • grows by ##%
  • drops by ##%

Where## is a positive integer. The ## value is a percentage.

For example:

grows by 400

or

drops by 200

yes string
ChangeValue Defines the absolute number of denied connections per second that an alert type (statistic parameter) must change by for an alert to be generated.

For example, to be alerted when a number of Denied Connections per second increases by 400 from the average, enter the value “increases by 400".

Possible values:
  • exceeds ##
  • falls below ##
  • equals ##
  • increase by ##
  • decrease by ##

Where ## is a positive integer. The ## value is the number of denied connections per second.

For example:

exceeds 400 or falls below 400

yes string