cancel
Showing results for 
Search instead for 
Did you mean: 
ittech
Level 13

Web Reporter - Bandwidth by Subnet?

Jump to solution

I see that it's possible to do a bandwidth report by IP, but could I do a comparison of different subnets?

TIA!

0 Kudos
1 Solution

Accepted Solutions
ittech
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

What I've ended up doing is creating a teble report on bandwidth by ip and export it to excel.

Then, I manually add up each IP and create a seperate table of subnets and bandwidth within excel.

This is a little more time consuming, but I have more faith in these numbers being correct.

0 Kudos
17 Replies
sroering
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

The answer is "sort of".

The Add/Edit dialog for IP Filters has options for adding IP Ranges, but not subnets.  Switch the radio button from "Search database" to "Add manually" and you will have the option to add IP ranges.

0 Kudos
ittech
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

The range is helpful thank you

Is there a way I can get a total for a subnet to compare against others?

0 Kudos
sroering
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

Well, not really.. but you gave me a better idea that would solve the problem.

use the user-defined columns with a customer rule-set.

1) Make sure you are saving detail data on your log source processing options.

2) Create a custom rule set that maps IP addresses into Subnets (Administration > Setup > Log Sources > Custom Rule Sets

Replace 10\.10\.1\..* with 10.10.1.0/24

Replace 10\.10\.2\..* with 10.10.2.0/24

01_ruleset.bmp

3) Enable user-defined columns and add your ruleset

   a) Edit your log source and go to the user-defined colums tab

   b) Enable "Popluate this column"

   c) From the Log record drop down, select "client domain or ip address"

   d) Check the box to "apply this ruleset", and select your ruleset you created in step 2.

02_log_source.bmp

4) Import log data

5) Create an advanced report with a query on the detail data set that has the user-defined column and bytes

03_query.bmp

6) On the layout tab of the query, check the box for "Combine similar data in the results"

7) On the column properties tab of the query, you can set the name for "user defined 1" on the report and set the sort order based on bytes.

04_query.bmp

05_query.bmp

0 Kudos
ittech
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

I ended up with one column with a bunch of data and 19 others with none

chart_1335982778348_0_0.png

Thanks!

0 Kudos
sroering
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

Given that there appears to be about 600Gb, I would assume that every ip is getting mapped into the same subnet....

Go back and modify

the rule-set.  If you haven't already done so, it looks like you will need to use our IPV6 format on the "replace" side...  Sorry, I didn't actually test this when I made the screenshots. Regardless if the IP is IPV4 or IPV6, Web Reporter converts IP addresses into IPV6 strings to be stored in the database. Apparently the rule set is getting the converted string instead of the original.

Again, this isn't tested, but this should be closer to what you need for the rule-set.

replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:01[0-9]{2} with 10.10.1.0/24

replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:02[0-9]{2} with 10.10.2.0/24

5 blocks of 4-zeros

1 block of 4-f's

last 8 characters are for the IPV4 address in hex form.

Good news is that your subnets for the reports can be mapped back to IPV4 by the ruleset.

0 Kudos
sroering
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

And another thing you can do is set the magnitude for bytes on the column properties of the query. Then you can display bytes in Mb or Gb, etc.

0 Kudos
ittech
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

We're almost there!

I'm not an expert with this kind of stuff, but it looks like your in your replace formula

replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:01[0-9]{2} with 10.10.1.0/24

the [0-9]{2} doesn't account for address that don't end in a number.

For example, 10.10.1.30 = 0000:0000:0000:0000:0000:ffff:0a0a:011e therefore any addresses the end in a letter match the default $0

Also, just for reference, what language or  scheme is being used in the replace field?

0 Kudos
ittech
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

Figured it out by playing around!

Change [0-9]{2} to [a-f0-9]{2}

Running the reoprt now to see if it holds up.

0 Kudos
sroering
Level 13

Re: Web Reporter - Bandwidth by Subnet?

Jump to solution

That's great.  BTW, the pattern matching is is using java regex. There's lots of tutorials on the net if you look around. I'm not a regex wizzard, but I can do the basics.

Hostly, I think this is a better solution to running IP address filters. I would also expect the performance to be a little better too.

0 Kudos