The variable $SUBNET is used to denote the 3rd octet in this specific
use case and the nfdump specific parameter here is to match on source
traffic. Do a 'man nfdump' or use the nfsen web front-end to do the
specific match you are looking for then substitute the generated
parameters into a nfdump call.
I'll defer to gi...@coochey.net <mailto:gi...@coochey.net> here as he is
the author.
Regards,
Ge Moua
University of Minnesota Alumnus
moua0...@umn.edu
--
On 6/13/14, 1:25 PM, Scott Granados wrote:
Hi, thanks for posting this to the list, this gives me somewhere to
start.
Could you explain the import ants of the subnet variable and then the
192.168.subnet.0/24 entry? Is this a source / destination subnet so
in my case I'd have to pick a prefix and test against that?
Also, in your case it looks like you're processing for one device
only. How might you expand this to process a series of devices?
Should you run one instance of the script per or can this be expanded
to track several routers at one time?
Thanks again
Scott
On Jun 13, 2014, at 12:41 PM, Giles Coochey <gi...@coochey.net
<mailto:gi...@coochey.net>> wrote:
On 13/06/2014 17:01, Ge Moua wrote:
Maybe a combo of:
* cron
* nfdump <by time window>
* wrapped inside shell, awk, sed, perl, python, etc of choice
not the exact recipe but more so for what ingredients that can be used
Incredibly, someone asked me to do this today, so without any ado, I put
the following in /etc/cron.daily/reports.sh
#!/bin/sh
YESTERDAY=`date -d "yesterday" +"%Y/%m/%d"`
DUMPFILE=`date -d "yesterday" +"%Y%m%d"`
OXCODE="XXYYY"
SUBNET="43"
RISM="em...@example.com <mailto:em...@example.com>"
mkdir -p /opt/reporting/data/$OXCODE;
echo "Report for $OXCODE on $YESTERDAY" >
/opt/reporting/data/$OXCODE/$DUMPFILE.txt
echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt
echo "The following table shows upload top users, which can include
servers" >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt
echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt
nfdump -M /usr/local/nfsen/profiles-data/live/asa5510/$YESTERDAY -R . -n
20 -s srcip/bytes "src net 192.168.$SUBNET.0/24" >>
/opt/reporting/data/$OXCODE/$DUMPFILE.txt
echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt
echo "The following table shows download top users, which can include
servers" >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt
echo >> /opt/reporting/data/$OXCODE/$DUMPFILE.txt
nfdump -M /usr/local/nfsen/profiles-data/live/asa5510/$YESTERDAY -R . -n
20 -s dstip/bytes "dst net 192.168.$SUBNET.0/24" >>
/opt/reporting/data/$OXCODE/$DUMPFILE.txt
mailx -s "$OXCODE Report for $YESTERDAY" -r "Networks
<netw...@example.comk <mailto:netw...@example.comk>>" $RISM <
/opt/reporting/data/$OXCODE/$DUMPFILE.txt
Regards,
Ge Moua
University of Minnesota Alumnus
moua0...@umn.edu <mailto:moua0...@umn.edu>
--
On 6/13/14, 10:55 AM, Scott Granados wrote:
Hi, I'm new to NFSEN so apologize if this has been asked before.
I've been asked to generate weekly or daily reports of things like
TOP AS, top IP addresses or subnets, etc. It's not obvious to me
in the tool how to do this and in fact doesn't seem possible
natively. I did some googling and found a reference to some
scripts that could be run in CRON that would generate these reports
and email them but the actual pointer to the tar file containing
the scripts seemed broken. Does anyone have a pointer to scripts
that could be adjusted to fit this purpose or some suggestions on a
starting point as to how I can automate some of the reporting?
Thank you
Scott
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk
Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk
Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net <http://www.coochey.net/>
http://www.netsecspec.co.uk <http://www.netsecspec.co.uk/>
gi...@coochey.net <mailto:gi...@coochey.net>
<smime.p7s><ATT00001.c><ATT00002.c>
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
