Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » admin » How to push an alert into Trisul dispatcher from bash
Trace: How to push an alert into Trisul dispatcher from bash
admin:add_alert_bash

How to push an alert into Trisul dispatcher from bash

On Ubuntu , the Trisul dispatcher reads from /var/log/syslog and matches all lines using a Regex.

It then formats and pushes to

  1. Email
  2. Microsoft Teams via WebHooks

If you push a syslog message in the following format into syslog it will make to the automatic email alert delivery system.

“Alert:probe0:context0:0,0,0,0,0,0,IPDRDOWN,TEst ipdr stopped flushing” 

logger -s -t trisul_flushd "Alert:probe0:context0:0,0,0,0,0,0,IPDRDOWN,TEst ipdr stopped flushing"

The fields are

  • Alert:probe0:context0: – source of the alert
  • Timestamp tv_sec
  • Timestamp tv_usec
  • Source IP
  • Port
  • Dest IP
  • Port
  • SigID – short name for alert
  • Message
admin/add_alert_bash.txt · Last modified: 2024/04/29 13:57 by veera