Hello Experts,
I am trying to implement anomaly detection using prtg. What I am trying to do is I have two sensors one is for bandwidth and the other one is for users(fetching user count using WMI sensor) Now I want to compare these two sensor's values like if the the user count is 20 and the last value in the bandwidth sensor is 150Mbps then the alert is not generated but if the user count is 5 and the last value in the bandwidth sensor is 50Mbps then a alert is generated. The alert depends upon the number of users and bandwidth.
Thanks.
Article Comments
Hello Thomas,
I appreciate the idea you gave, but is there is any possible plug-in or sensor that is dedicated for bandwidth anomaly detection....???
Regards Frank
Aug, 2015 - Permalink
I'm afraid there are no such 'plugins'. We do have the Unusual Detection in PRTG that tries to detect unusually low or high values on single sensors compared to the past values at the same time of day (week of day). You could look into using a Sensor Factory Sensor here. Simply calculate a 'factor' of your two values by dividing:
bandwidth / users
and then set Error/Warning limits if that factor reaches / exceeds a certain value.
Aug, 2015 - Permalink
Hello Torsten,
I am trying to configure the sensor factory sensor using this format :
- 1:Sample Channel(1000,0)
- 2:Response Time[ms] Channel(1001,1)
In sample 1 should I enter the id of my first sensor that is bandwidth sensor Channel(7685,0) What will be the value instead of 0...??? same I want to know for the the second channel...???
Aug, 2015 - Permalink
Hi frank Albert
I think I may have an idea how to achieve that. But only If you don't use the MAPview, because some sensor would be red.
Create a "user sessions" on the server (I assume you use terminalservers). Change the sensor in the notification tab to NOT send any notifications. Limit the sensor to upper limit 5 users. If 6 users are logged on it goes to red. Then create a bandwith sensor and give a upper limit 50mbps, as well "change dependency to use the "user sessions" as depended on. As long as not 6 or more users are logged on. It will measure the bandwith and if its more than 50mbit, the bandwith sensor goes to red (create a notification!) If more as 6 users are logged on, the "user session" sensor goes to red and the bandwith sensor will pause automatically (because the user session is red)
Do the same with another "user session" sensor but say it is red as long as fewer then 20users are logged on. (its red then) and create a dependency "bandwith sensor". As soon as you got more than 20 users, the bandwith sensor goes up, measures the bandwith. If its more than 150Mbps it will go to red, and trigger a notification.
It's quite a biiiiig hack, but maybe someone other has a better idea..
regards Thomas
Aug, 2015 - Permalink