Содержание

QoE Triggers & Notifications

Purpose of use

In the "Triggers and Notification" section you can configure sending periodic reports and operational alerts to Telegram or E-mail and display them in the GUI. When a trigger is activated, you will receive a message with information about the specified event and links to the corresponding reports. By default, there are 4 reports in .csv, .tsv, .xlsx, .pdf formats, but the message template can be edited.

Triggers and Notification section requires an active subscription – Standard license for GUI.

Let's make the settings using two scenarios as an example:

  1. Periodic report to track the RTT delay from a subscriber.
    The report will show subscribers whose "RTT from subscriber" value is greater than or equal to 150000 ms. It will be sent on Mondays and Thursdays in Telegram.
  2. Alert about subscribers being a part of a botnet.
    We will set up a table check once a minute every day. Notification will be sent to your email as soon as at least one infected subscriber is detected in the table.

How to create and configure triggers

  1. In the GUI, go to QoE analytics → Triggers and Notification.
  2. Click the + on the Triggers dashboard to add a trigger. This will open the configuration pop-up window.

It takes 5 steps to create a new trigger. Trigger settings are divided into blocks, you need to fill all of them.

Step 1. Schedule

Fill in the required fields:

Also in this block there is a switch to enable/disable the trigger. After the configuration is finished, make sure to enable it.

Example of filling out a block for a report to check RTT delay from a subscriber:

In this case, the check script will run on the specified days once every 24 hours - once on Monday and once on Thursday.

Example of filling out a block for notification about subscribers with cyber threats:

In this case, the verification script will run once a minute every day, i.e. it will run continuously.

Step 2: Select a data source and metrics

Select a metric and data table. Triggers only work with ready-made tables found in Netflow and Clickstream, to start customization you need to find a table that has the required metric.

Table selection hint in the video:

To create a query, click on the + under the block name.

The value "Now" in the query parameters "Period from" and "Period to" means when the trigger is started. It is summarized from the "Days of Week" and "Check Frequency" values from step 1.

For each query, you can create a filter where you can set the value of IP host, subscriber login, etc. For example, you can customize the generation of a report or notification for one specific host, if you set the filter like this:

Example of filling out a block for a report to track RTT delay from a subscriber. Here you need to select the report “Top subscribers with high RTT”, it has the required metrics for this trigger. Since you want the report to come on Mondays and Thursdays, “Period from” should be set equal to the interval between these days – “Now – 4 days”, the data for the last 4 days will be analyzed.


Example of filling out the block for notification about subscribers with cyber threats. Here you need to select the report “Top infected subscribers with botnet traffic”, it has the required metrics for this trigger. In this case, the data for the last 24 hours will be analyzed.

Step 3: Conditions

Set conditions – what should happen to the metric to run the trigger.
To create a condition, click the + below the block name.
For each condition, you need to configure the following parameters:

Example of filling out a block for a report to track RTT delay from a subscriber:

In this case, the trigger will go off if the RTT value from the subscriber is greater than or equal to 150000 ms in the table from step 2.

Example of filling out the block for alerts about subscribers with cyber threats:

In this case, the trigger will be fired if there is at least one subscriber in the table from step 2.

Step 4: Error handling

Set the trigger behavior when errors occur.
Select one of the values in the “If there is no data” and “If there is a runtime error or timeout” fields:

Example of filling out the block for report and for alerts:

In both cases, if there is no data – the trigger will not be fired and the message will not be sent; if there is an error or timeout – notification will be sent.

Step 5: Actions

Setting up an action will allow you to receive a message to E-mail or Telegram in case of triggering.
To create an action, press + under the block name.
To delete an action, press next to the action name.

Telegram

Step 1: Register your bot via https://t.me/BotFather.

  1. Start BotFather with the /start command.
  2. Type /newbot to create a new bot.
  3. Enter the name of the bot.
  4. Enter a unique username (Latin only, ending in "bot").
  5. Copy the HTTP API access token from the bot registration message, it looks like this: 5995002635:AAGdSR0udY9K9uxENaPu2HF4azmpsKQq98X
  6. Paste the copied token into the GUI settings (Administrator → GUI Configuration → Telegram Settings → Telegram bot API token).

Step 2: Get a chat ID for your personal Telegram account via https://t.me/RawDataBot

To get chat ID, user must have username in Telegram profile!
  1. Start Telegram Bot Raw with the /start command.
  2. Copy the ID, it looks like this:
    "chat": {
          "id": 222455434,
          "first_name": "Ivan",
          "last_name": "Nat",
          "username": "HardNat",
          "type": "private"
    },

Step 3: Connect Telegram to the configured trigger

Add the ID from step 2 to the Telegram action in the "Chat ID" field.

E-Mail

Creates a notification and sends it to the specified e-mail address.

  1. If the “Message” field is not filled in – click on the “Set default template” button (1) to fill the action fields with default values. If necessary, all values can be edited.
  2. If you click on the “Template parameters” button (2), it will open a menu with identifiers that can be used to compose the message.

For E-mail actions to work, you need to configure SMTP. Go to Administrator → GUI Configuration, select "SMTP Settings".

GUI Notifications

Notification can be used to test the functionality of triggers.

  1. Click on the “Set default template” button (1) to fill the action fields with default values. All values can be edited if necessary.
  2. Clicking on the “Template Options” button (2) opens a menu with identifiers that can be used to compose the message.



After creating a trigger, click “Save”. On the “Triggers” dashboard, enable the necessary triggers. If the GUI page has not been refreshed – refresh the page in the browser or click the “Refresh” button.

“Triggers and Notification” page elements description

Go to QoE Analytics → Triggers and Notification.
This will open the section as shown in the image below.

This section contains three sections:

Types of triggers:

For a detailed description of configuring a trigger, see How to create and configure triggers.