Like reports, alerts are configured using FlowTraq Client, and like reports, the list of alerts is stored by FlowTraq Server. Also, FlowTraq Server is responsible for generating notifications. This means FlowTraq Client does not have to running in order for alert notifications to be generated; in other words, if you set an alert and then close FlowTraq Client, notifications will still be generated whenever the alert's condition is met.
To configure an alert, take the following steps.
Access the "Alert Editor" window. There are two ways to access it:
From within a Workspace window: click the "Alert" button on the toolbar.
From the Dashboard: right-click an empty row of an Alerts widget and select "Schedule New Alert".
On the "Description" tab, title your alert and, optionally, provide a brief description.
On the "Filter" tab, set the session filter you would like to be applied when testing for the alert condition.
![[Tip]](../common/images/admon/tip.png)
Tip If you accessed the "Alert Editor" window from a Workspace, the session filter you specified there will be carried over into Alert.
On the "Threshold" tab, set the condition on which to generate a notification by using the controls to fill in the blanks of the sentence displayed in the window:
On the first line, select the metric to measure. For instance, you can measure inbound or outbound bits, bytes, packets, or sessions for each entity.
Tip You can also measure the number of unique entities an entity associates with. For instance, if you select "unique hosts," FlowTraq will keep track of how many unique hosts are associated with each entity.
On the second line, set the entity on which to measure the the metric. You can choose from Host, Host Pair, Port, or Country.
On the third line, set the threshold, as a numeric value.
On the fourth line, select the time period.
On the final line, select the alert's severity.
Example Complete the "Threshold" tab as follows to cause alert to be raised when ever a host contacts more than one hundred unique other hosts in an hour: Trigger an alert when the number of Unique Hosts for any one Host exceeds 100 over interval One Hour.
Now go back to the "Filter" tab and set a filter of Server port is any of: 22 to alert only if a host contacts more than one hundred other unique hosts using the SSH protocol.
Click "OK" and the alert will be configured.
