I'm getting an alarm from a NetFlow sensor that says "1 hour interval average of 776 kbit/s (otherUDP) us unusually high for this hour of the week."
First, this message popped up several hours ago and show no sign of going away. How do I clear it?
Second, I cannot find a way to filter down and find who is generating the large amount of UDP traffic. Top Protocol doesn't break the IP addresses and Top Talkers or Top Conversations don't include the protocols.
Overall, this seems pretty useless if all I get is a message that I can't do anything to investigate or resolve.
Hi there,
First of all, you can create your own Toplist to define which information you require. Did you already reviewed the default "Top Connections" toplist? This will display the Source IP, Source Port, Destination IP, Destination Port, Protocol, Bytes and the percentage of the time frame.
Best regards, Felix
Oct, 2015 - Permalink