Which the paramiter.

event interface name Gi3/2/1 parameter receive_rate_bps  entry-op ge entry-val  100 ?

  entry-val-is-increment  Entry value is increment

  exit-comb               Exit combination operator for exit condition tests

  exit-op                 Exit comparison operator

  exit-time               Time before event monitoring is reenabled

  exit-val                Exit counter value for interface event

  exit-val-is-increment   Exit value is increment

  maxrun                  Maximum runtime of applet

  poll-interval           Interval between consecutive polls in seconds

You have an older IOS.  You want:

event interface name FastEthernet1/0 parameter receive_rate_bps entry-op ge entry-val 80000000 entry-val-is-increment false poll-interval 10

Thanks for this. 

You wouldn't happen to know of a way to do the same detection with a specific IP address's traffic on an interface would you?

It depends.  If your device supports Flexible Netflow you could define define a flow record/monitor to look at traffic from one particular host and collect the total bytes.  If that exceeds a threshold, you could fire your event.  From the EEM side, that would look like:

event nf event1 field counter bytes long entry-op ge entry-val 8000000 entry-type update monitor MYMON

Wow, thanks for the fast reply!

Yes, my machines apparently do support flexible netflow, but I'm way above my head here.  Basically my PhD advisor has tasked me with implementing his last research paper via our 2811's and I've had to come a long way just to get them up and running.  I'll start trying to decipher that command, but no promises <)

Hi Joe,

Can I ask for a clarification?  All I need is one notification every time "receive_rate_bps" exceeds 4500000 (4,5Mbps) continuously for 180 seconds. What would be the correct command?

I've been trying out different parameters but can't seem to get it right:

event interface name Gig 0/1 parameter receive_rate_bps entry-op ge entry-val 4500000 entry-type increment poll-interval 180

Your help is much appreciated.

Thank you.

Chris.

event manager applet bps

event tag 1 interface name FastEthernet0 parameter receive_rate_bps entry-op lt entry-val 4500000 entry-type value poll-interval 180

Modify FastEthernet0 for your lan port and change receive_rate_bps by transmit_rate_bps if you need.

This won't do what you want.  What this definition will do is poll receive_rate_bps every 180 seconds.  If the value at that time is less than 4.5 Mbps (or greater than or equal in the original request) then it will trigger.

This is a tricky one because this ED uses polling, so you're essentially sampling.  If the rx bps dropped to 1 Mbps just before the applet polls, then jumps back to 4.5, it would still trigger; and that's not what I believe is desired.

If you set the load-interval on the interface to be 180, that would help, but your applet would still be sampling on the polling interval.  Running it every second might be too much overhead.

What might work better is to look at ifHCInOctets (1.3.6.1.2.1.31.1.1.1.6.INDEX) for the given ifIndex.  If the increment value exceeds what 4.5 Mbps would be (sustained), then trigger the applet:

event snmp oid 1.3.6.1.2.1.31.1.1.1.6.INDEX get-type exact entry-op ge entry-val 810000000 entry-type increment poll-interval 180

Sorry, is receive_rate_bps the value of "sh int f0 | i rate"?

Yes, it is.