[netsa-tools-discuss] Point in Time Data in Silk

Drew Morrigan drewm at landesa.org
Tue Dec 1 20:55:41 EST 2015


“Instantaneous peak bandwidth” is a brilliantly succinct way to say what I took a few paragraphs to illustrate.  So thank you for that phrase, if nothing else!

While Prism sounds pretty close to what I am looking for, my servers are CLI only.  Is it possible to run it in such an environment, and perhaps export the results so that they can be viewed graphically on another computer?

I’ll also poke about with the other tools you suggested.  Thank you for those, as well.



Drew Morrigan | drewm at landesa.org<mailto:drewm at landesa.org>
Systems Admin / Support Specialist

Landesa
1424 Fourth Ave., Suite 300, Seattle, WA  98101
T: 206-257-6158 | F: 206-528-5881
Skype: drewm_landesa

www.landesa.org<http://www.landesa.org>

Recipient of the 2015 Hilton Humanitarian Award<http://www.landesa.org/news/landesa-awarded-the-hilton-humanitarian-prize/>

From: Chris Inacio [mailto:inacio at cert.org]
Sent: Tuesday, December 1, 2015 5:46 PM
To: Drew Morrigan
Cc: netsa-tools-discuss at cert.org
Subject: Re: [netsa-tools-discuss] Point in Time Data in Silk

Drew,

First, let me make the disclaimer that this isn't exactly my area of expertise.

Let me point you at a script we have on our site: prism. Prism will create a database with traffic time series data and allow for plots of that information to be created from the database as time series trend lines. You can define the bin types (in web, in, http, etc.) as you like. Using the stored prism data would greatly speed your search. (At the cost of disk space, of course.  :) but you can get nice plots too.)

Http://tools.netsa.cert.org/script-prism/

Although I got the impression you don't want something like prism. (I'm willing to bet tools like flowviewer and flowbat also have very similar features.)

http://sourceforge.net/p/flowviewer/wiki/Home/
Http://flowbat.com

When I first read this, I thought you were searching for your TopTalker, but after rereading I'm second guessing and wondering if what you really want is instantaneous peak bandwidth. Those would obviously be very different things.

Maybe you can answer that and an analyst will respond with better search foo than I have.

Regards,
--
Chris Inacio
Inacio at cert.org<mailto:Inacio at cert.org>


Sent from my iPad

On Dec 1, 2015, at 6:33 PM, Drew Morrigan <drewm at landesa.org<mailto:drewm at landesa.org>> wrote:
Greetings,

  I am using Silk 3.11 on Ubuntu Server 14.04.  I have it happily collecting data from our FWs and am currently fumbling around with the analysis tools.  I’ve been able to get some cool/useful information from those fumblings, but there is something I need I haven’t been able to put together easily on my own.

  Due to some changes to our environment, we will soon be making more use out of our ISP’s upload bandwidth than we have been.  We want to know how much outgoing traffic we are currently transmitting, but from a ‘snapshot’ perspective, not the total amount used.  To hopefully clarify things, here’s what I’m doing currently:

rwfilter --start-date=2015/10/28T00 --end-date=2015/11/30T18 --type=out,outweb --sensors=S2 --saddress=10.0.0.0/24 --pass=stdout | rwcount --bin-size=86400 --skip-zeroes

As I’ve come to understand things, this would give me the total data transmitted for each 24-hour period over the specified range.  I’d then drill down into those periods and determine which hours had the highest transmissions, and keep going until I reach –bin-size=1.  That would be my ‘snapshot’ upload bandwidth usage (less compression, WAN optimization, etc., of course).

This is, suffice to say, not an efficient process, especially since collectors are running at more than one office location.  How else could I be going about this?


Drew Morrigan | drewm at landesa.org<mailto:drewm at landesa.org>
Systems Admin / Support Specialist
Landesa

1424 Fourth Ave., Suite 300, Seattle, WA  98101

T: 206-257-6158 | F: 206-528-5881

Skype: drewm_landesa


www.landesa.org<http://www.landesa.org>

Recipient of the 2015 Hilton Humanitarian Award<http://www.landesa.org/news/landesa-awarded-the-hilton-humanitarian-prize/>
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the netsa-tools-discuss mailing list