This guide requires completely working setup for total hostgroups.

When some hostgroup reaches specified total traffic value FastNetMon can call different actions.

To enable this feature, you have to enable ban actions this way:

sudo fcli set main enable_ban enable
sudo fcli set main enable_ban_hostgroup enable

Before enabling automatic way, you can block some hostgroup manually using following command:

sudo fcli set hostgroup_block global_total

You can list all active blocks this way:

sudo fcli show hostgroup_block

Unblock example:

sudo fcli delete hostgroup_block 9905ee8f-b5fa-4d46-b232-75f508f13fd5

To automate attack detection, please set thresholds:

sudo fcli set hostgroup global_total enable_ban enable
sudo fcli set hostgroup global_total enable_ban_incoming enable

sudo fcli set hostgroup global_total ban_for_bandwidth enable 
sudo fcli set hostgroup global_total threshold_mbps 10 

After that, please apply configuration using commit command and FastNetMon will start automatic attack detection.

When attack comes FastNetMon can run different actions:

  • BGP announce of all networks and hosts in hostgroup
  • Script callback

You can download example callback script from GitHub which just prints information about hostgroup under attack to /tmp/fastnetmon_notify_script.log

wget https://raw.githubusercontent.com/FastNetMon/fastnetmon_notify_python/main/notify_json.py

Then put it to file

sudo cp notify_json.py /usr/local/bin/notify_json.py

And set executable bit for it:

sudo chmod +x /usr/local/bin/notify_json.py

Callback script in JSON mode uses “per hostgroup” schema from formats documentation, it can be enabled this way:

sudo fcli set main notify_script_hostgroup_enabled enable
sudo fcli set main notify_script_hostgroup_path /usr/local/bin/notify_json.py
sudo fcli commit

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com