The SMS uses alert aggregation to prevent system performance problems resulting
from an excessive number of notification requests. Because a single packet can trigger
an alert,
attacks with large numbers of packets could potentially flood the alert mechanism
used to send
out notifications.
Use alert aggregation to receive alert notifications at intervals to prevent this
flooding. For example, if you set the aggregation interval to 5 minutes, the system
sends an
alert at the first filter trigger, collects subsequent alerts, and sends them out
every five
minutes.
The aggregation period that you configure when you create a
notification contact controls alert aggregation. All notification contacts require
this setting.
![]() |
CAUTIONShort aggregation periods can
significantly affect system performance. The shorter the aggregation period, the higher
the
system load. In the event of a flood attack, a short aggregation period can lead to
system
performance problems. Consistent aggregation alerts can be an indication of over configuration.
Performance tuning may be needed.
|
In addition to the user-configured aggregation period, the system also provides alert
aggregation services to protect the system from over-active filters that can lower
performance.
For email contacts, the aggregation period works in conjunction with the email threshold
setting configured for the email server.