1 2 Previous Next 17 Replies Latest reply on May 22, 2012 3:58 PM by sroering

    Web Reporter - Bandwidth by Subnet?

    ittech

      I see that it's possible to do a bandwidth report by IP, but could I do a comparison of different subnets?

       

      TIA!

        • 1. Re: Web Reporter - Bandwidth by Subnet?
          sroering

          The answer is "sort of".

           

          The Add/Edit dialog for IP Filters has options for adding IP Ranges, but not subnets.  Switch the radio button from "Search database" to "Add manually" and you will have the option to add IP ranges.

          1 of 1 people found this helpful
          • 2. Re: Web Reporter - Bandwidth by Subnet?
            ittech

            The range is helpful thank you

             

            Is there a way I can get a total for a subnet to compare against others?

            • 3. Re: Web Reporter - Bandwidth by Subnet?
              sroering

              Well, not really.. but you gave me a better idea that would solve the problem.

               

              use the user-defined columns with a customer rule-set.

               

              1) Make sure you are saving detail data on your log source processing options.

              2) Create a custom rule set that maps IP addresses into Subnets (Administration > Setup > Log Sources > Custom Rule Sets

              Replace 10\.10\.1\..* with 10.10.1.0/24

              Replace 10\.10\.2\..* with 10.10.2.0/24

               

              01_ruleset.bmp

               

              3) Enable user-defined columns and add your ruleset

                 a) Edit your log source and go to the user-defined colums tab

                 b) Enable "Popluate this column"

                 c) From the Log record drop down, select "client domain or ip address"

                 d) Check the box to "apply this ruleset", and select your ruleset you created in step 2.

               

              02_log_source.bmp

               

              4) Import log data

              5) Create an advanced report with a query on the detail data set that has the user-defined column and bytes

               

              03_query.bmp

               

              6) On the layout tab of the query, check the box for "Combine similar data in the results"

              7) On the column properties tab of the query, you can set the name for "user defined 1" on the report and set the sort order based on bytes.

               

              04_query.bmp

               

              05_query.bmp

              • 4. Re: Web Reporter - Bandwidth by Subnet?
                ittech

                I ended up with one column with a bunch of data and 19 others with none

                chart_1335982778348_0_0.png

                Thanks!

                • 5. Re: Web Reporter - Bandwidth by Subnet?
                  sroering

                  Given that there appears to be about 600Gb, I would assume that every ip is getting mapped into the same subnet....

                   

                  Go back and modify

                   

                  the rule-set.  If you haven't already done so, it looks like you will need to use our IPV6 format on the "replace" side...  Sorry, I didn't actually test this when I made the screenshots. Regardless if the IP is IPV4 or IPV6, Web Reporter converts IP addresses into IPV6 strings to be stored in the database. Apparently the rule set is getting the converted string instead of the original.

                   

                  Again, this isn't tested, but this should be closer to what you need for the rule-set.

                   

                  replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:01[0-9]{2} with 10.10.1.0/24

                  replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:02[0-9]{2} with 10.10.2.0/24

                   

                   

                  5 blocks of 4-zeros

                  1 block of 4-f's

                  last 8 characters are for the IPV4 address in hex form.

                   

                  Good news is that your subnets for the reports can be mapped back to IPV4 by the ruleset.

                  • 6. Re: Web Reporter - Bandwidth by Subnet?
                    sroering

                    And another thing you can do is set the magnitude for bytes on the column properties of the query. Then you can display bytes in Mb or Gb, etc.

                    • 7. Re: Web Reporter - Bandwidth by Subnet?
                      ittech

                      We're almost there!

                       

                      I'm not an expert with this kind of stuff, but it looks like your in your replace formula

                       

                      replace 0000\:0000\:0000\:0000\:0000\:ffff\:0a0a\:01[0-9]{2} with 10.10.1.0/24

                       

                      the [0-9]{2} doesn't account for address that don't end in a number.

                       

                      For example, 10.10.1.30 = 0000:0000:0000:0000:0000:ffff:0a0a:011e therefore any addresses the end in a letter match the default $0

                       

                       

                      Also, just for reference, what language or  scheme is being used in the replace field?

                      • 8. Re: Web Reporter - Bandwidth by Subnet?
                        ittech

                        Figured it out by playing around!

                         

                        Change [0-9]{2} to [a-f0-9]{2}

                         

                        Running the reoprt now to see if it holds up.

                        • 9. Re: Web Reporter - Bandwidth by Subnet?
                          sroering

                          That's great.  BTW, the pattern matching is is using java regex. There's lots of tutorials on the net if you look around. I'm not a regex wizzard, but I can do the basics.

                           

                          Hostly, I think this is a better solution to running IP address filters. I would also expect the performance to be a little better too.

                          1 2 Previous Next