I have certain routers that I want to monitor. However, rather than being alarmed only certain traffic, I want to be notified when there is traffic to/from the device that is NOT SNMP(161) or Syslog(514). Is this possible and is it practical?
I am not sure how to create a signature to do this. Can anyone help?