On 13/06/2014 23:04, Ge Moua wrote:
The variable $SUBNET is used to denote the 3rd octet in this specific use case and the nfdump specific parameter here is to match on source traffic. Do a 'man nfdump' or use the nfsen web front-end to do the specific match you are looking for then substitute the generated parameters into a nfdump call.I'll defer to gi...@coochey.net <mailto:gi...@coochey.net> here as he is the author.
Yes - you are right, we designate offices using the third octet in this case, but the script is just a case of variable substitution. The date commands just make variables that reference yesterday when the script was run, you can modify these if you want to run weekly report.
I used the nfsen front end to build queries, the only hang-up is you may need to remove the -T option from nfdump if you want to mail your files, as the -T option inserts some non-printable characters, which mean most MUAs treat the file as a .dat attachment, rather than a normal email body.
The nfdump manual page needs referencing for more tweaking, I use the web version: http://nfdump.sourceforge.net/
I wouldn't be too afraid to experiment away until you have something working as you like it. It is just a dirty little script!
Regards, Ge Moua University of Minnesota Alumnus moua0...@umn.edu -- On 6/13/14, 1:25 PM, Scott Granados wrote:Hi, thanks for posting this to the list, this gives me somewhere to start.Could you explain the import ants of the subnet variable and then the 192.168.subnet.0/24 entry? Is this a source / destination subnet so in my case I'd have to pick a prefix and test against that?Also, in your case it looks like you're processing for one device only. How might you expand this to process a series of devices? Should you run one instance of the script per or can this be expanded to track several routers at one time?Thanks again ScottOn Jun 13, 2014, at 12:41 PM, Giles Coochey <gi...@coochey.net <mailto:gi...@coochey.net>> wrote:On 13/06/2014 17:01, Ge Moua wrote:Maybe a combo of: * cron * nfdump <by time window> * wrapped inside shell, awk, sed, perl, python, etc of choice not the exact recipe but more so for what ingredients that can be usedIncredibly, someone asked me to do this today, so without any ado, I put the following in /etc/cron.daily/reports.sh #!/bin/sh YESTERDAY=`date -d "yesterday" +"%Y/%m/%d"` DUMPFILE=`date -d "yesterday" +"%Y%m%d"` OXCODE="XXYYY" SUBNET="43" RISM="em...@example.com <mailto:em...@example.com>" mkdir -p /opt/reporting/data/$OXCODE; echo "Report for $OXCODE on $YESTERDAY" > /opt/reporting/data/$OXCODE/$DUMPFILE.txt echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt echo "The following table shows upload top users, which can include servers" >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt nfdump -M /usr/local/nfsen/profiles-data/live/asa5510/$YESTERDAY -R . -n 20 -s srcip/bytes "src net 192.168.$SUBNET.0/24" >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt echo "The following table shows download top users, which can include servers" >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt nfdump -M /usr/local/nfsen/profiles-data/live/asa5510/$YESTERDAY -R . -n 20 -s dstip/bytes "dst net 192.168.$SUBNET.0/24" >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt mailx -s "$OXCODE Report for $YESTERDAY" -r "Networks<netw...@example.comk <mailto:netw...@example.comk>>" $RISM < /opt/reporting/data/$OXCODE/$DUMPFILE.txtRegards, Ge Moua University of Minnesota Alumnus moua0...@umn.edu <mailto:moua0...@umn.edu> -- On 6/13/14, 10:55 AM, Scott Granados wrote:Hi, I'm new to NFSEN so apologize if this has been asked before.I've been asked to generate weekly or daily reports of things like TOP AS, top IP addresses or subnets, etc. It's not obvious to me in the tool how to do this and in fact doesn't seem possible natively. I did some googling and found a reference to some scripts that could be run in CRON that would generate these reports and email them but the actual pointer to the tar file containing the scripts seemed broken. Does anyone have a pointer to scripts that could be adjusted to fit this purpose or some suggestions on a starting point as to how I can automate some of the reporting?Thank you Scott ------------------------------------------------------------------------------HPCC Systems Open Source Big Data Platform from LexisNexis Risk SolutionsFind What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss------------------------------------------------------------------------------HPCC Systems Open Source Big Data Platform from LexisNexis Risk SolutionsFind What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss-- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net <http://www.coochey.net/> http://www.netsecspec.co.uk <http://www.netsecspec.co.uk/> gi...@coochey.net <mailto:gi...@coochey.net> <smime.p7s><ATT00001.c><ATT00002.c>------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
-- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
