This guide is obsolete as this capability is included in a default installation of visual traffic. In the latest version, we use Clickhouse powered notifications instead of InfluxDB.
In this guide, you can enable attack notification in FastNetMon. This guide assumes that you configured InfluxDB properly using Visual Traffic guide. This capability is available only for FastNetMon Advanced.
It will look like:
Please open any dashboard where you need this information (we suggest using “FastNetMon Advanced Total traffic”). Then find the button with a gear symbol on top of the screen and press it.
Next, select “annotations” on the left panel and press “Add Annotation Query” button.
Name: FastNetMonAttacks Data source: InfluxDB
Query:
select title, tags, text from events where $timeFilter
Field mappings:
Text: text Tags: tags
And save all changes with “Save” button on left side.
You need to use the following mode from FastNetMon to enable this feature :
sudo fcli set main influxdb_attack_notification enable sudo fcli commit
Finally, please test integration using ban function for some test IP address (be careful, FastNetMon will block it!):
sudo fcli set blackhole 11.22.33.44