• Home
• Products
  • Overview
  • Traffic Sentinel
  • sFlowTrend
  • sFlowTrend-Pro
  • sFlow-RT
  • Hyper-V Agent
  • Customer Portal
  • Purchase
• Technology
  • sFlow
  • Whitepapers
  • sFlow Toolkit
  • Developer Tools
• Purchase
  • How to Purchase
• Support
  • Overview
  • FAQs
  • Tutorials
  • Discussion
  • Downloads
• About Us
  • Overview
  • Management
  • Customers
  • Partners
  • Licensees
  • Reseller Info
  • News & Events
  • Contact

Support

• Overview
• FAQs
• Tutorials
• Discussion
• Downloads

Forwarding Traffic Sentinel Events to a Slack or Rocket.Chat Channel

How to send Traffic Sentinel events to a chat window.

Create Slack App with Incoming Webhook

The steps are:

1. Sign in to your Slack Workspace and create a new channel, "sentinel-events".
2. Visit https://api.slack.com and click to build a new app, "sentinel-event-app".
3. Activate the Incoming Webhook for the app and associate it with the new channel.
4. Test the "Hello, World" example given.
5. Now you can use the resulting Webhook URL below.

Use Slack Webhook URL with Traffic Sentinel event script

Edit global.prefs (File>Configure>Edit>Edit Files>global.prefs) and add settings:

eventScript="eventHookSlack"
eventHookURL="YOUR_WEBHOOK_URL_HERE"
eventHookServer="SENTINEL_SERVER_NAME_OR_IP_HERE"

For example, if your Traffic Sentinel server can be reached at https://traffic.mycompany.com, the settings will look something like this:

eventScript="eventHookSlack"
eventHookURL="://hooks.slack.com/services/TTXXXXX4X/BXXXXMCSH/6tGPXXXXXXXIcRVSJpapjyZR"
eventHookServer="traffic.mycompany.com"

Rocket Chat example

If your team uses Rocket.Chat instead, the steps are similar. Follow the instructions to add an Incoming Webhook and use it in global.prefs like this:

eventScript="eventHookRocketChat"
eventHookURL="ROCKET_CHAT_INCOMING_WEBHOOK_HERE"
eventHookServer="traffic.mycompany.com"

Further Customization

To modify the scripts you can find them under /usr/local/inmsf/scripts/ and copy to another name not under package control. Alternatively, you can use the general purpose eventHook script like this:

eventScript="eventHook"
eventHookURL="https://localhost/inmsf/Q/eventHook.js"

And then add a new File>REST script called eventHook.js. It will be called with the parameters of each event. This makes it easier to merge additional information before sending on to the chat channel. Here is an example:

// author: administrator
// description: forward threshold events to Slack
// date: 2/7/20
// version: 1.0
// resultFormat: txt
// inputs: timestamp,server,severity,type,name,value,agent,port,url,comment,id
// authClients: 127.0.0.1,::1

if(type=="threshold" && severity=="severe") {
   var n = Network.current();
   n.path = agent;
   var text = name + " = " + value + " : " + n.displayName() + " (" + n.zone() + " > " + n.group() + ")";
   var url = "https://" + n.serverName() + "/inmsf/Events?action=id&id=" + id;
   var msg = { attachments: [ { fallback: text, actions: [ { type:"button", text: text, url: url } ] } ] }
   var result = runcmd(["curl", "-q", "-X", "POST","-H", "Content-type:", "application/json",
     "--data", JSON.stringify(msg),
     "https://hooks.slack.com/services/TTNXXXC4X/BTMXXXCSH/6tGPGDXAsXXXXRVSJpapjyZR"
   ]);
   if(result.status != 0)
     println(JSON.stringify(result, null, 2));
}