[netsa-tools-discuss] Point in Time Data in Silk
Drew Morrigan
drewm at landesa.org
Tue Dec 1 18:14:16 EST 2015
Greetings,
I am using Silk 3.11 on Ubuntu Server 14.04. I have it happily collecting data from our FWs and am currently fumbling around with the analysis tools. I’ve been able to get some cool/useful information from those fumblings, but there is something I need I haven’t been able to put together easily on my own.
Due to some changes to our environment, we will soon be making more use out of our ISP’s upload bandwidth than we have been. We want to know how much outgoing traffic we are currently transmitting, but from a ‘snapshot’ perspective, not the total amount used. To hopefully clarify things, here’s what I’m doing currently:
rwfilter --start-date=2015/10/28T00 --end-date=2015/11/30T18 --type=out,outweb --sensors=S2 --saddress=10.0.0.0/24 --pass=stdout | rwcount --bin-size=86400 --skip-zeroes
As I’ve come to understand things, this would give me the total data transmitted for each 24-hour period over the specified range. I’d then drill down into those periods and determine which hours had the highest transmissions, and keep going until I reach –bin-size=1. That would be my ‘snapshot’ upload bandwidth usage (less compression, WAN optimization, etc., of course).
This is, suffice to say, not an efficient process, especially since collectors are running at more than one office location. How else could I be going about this?
Drew Morrigan | drewm at landesa.org<mailto:drewm at landesa.org>
Systems Admin / Support Specialist
Landesa
1424 Fourth Ave., Suite 300, Seattle, WA 98101
T: 206-257-6158 | F: 206-528-5881
Skype: drewm_landesa
www.landesa.org<http://www.landesa.org>
Recipient of the 2015 Hilton Humanitarian Award<http://www.landesa.org/news/landesa-awarded-the-hilton-humanitarian-prize/>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the netsa-tools-discuss
mailing list