[netsa-tools-discuss] Point in Time Data in Silk

Joe Loiacono jloiacon at csc.com
Wed Dec 2 10:56:36 EST 2015 

Drew,

You might consider installing FlowViewer ( 
http://sourceforge.net/projects/flowviewer ). FlowViewer provides a rich 
web-based user interface to SiLK.

FlowViewer will allow you to easily track your usage over 5 time intervals 
(Last 24 Hours, Weekly, Monthly, Last 12 Months, Last Three Years) for any 
specified filter (in your case this would be the router interface to your 
ISP). The Last 24 Hours graph plots data points for each 5-minute period 
during the day. You will be able to pick out peak periods easily and will 
get a good feel for average throughput during the day. You can always zoom 
in using one of the component tools called FlowGrapher.

The web site has some screenshots and a comprehensive user's guide. The 
software install and configuration are pretty straightforward.

If you have any questions, I would be happy to help ...

Regards,

Joe Loiacono





From:   Drew Morrigan <drewm at landesa.org>
To:     "netsa-tools-discuss at cert.org" <netsa-tools-discuss at cert.org>
Date:   12/01/2015 06:40 PM
Subject:        [netsa-tools-discuss] Point in Time Data in Silk
Sent by:        netsa-tools-discuss-bounces+jloiacon=csc.com at cert.org



Greetings,
 
  I am using Silk 3.11 on Ubuntu Server 14.04.  I have it happily 
collecting data from our FWs and am currently fumbling around with the 
analysis tools.  I’ve been able to get some cool/useful information from 
those fumblings, but there is something I need I haven’t been able to put 
together easily on my own.
 
  Due to some changes to our environment, we will soon be making more use 
out of our ISP’s upload bandwidth than we have been.  We want to know how 
much outgoing traffic we are currently transmitting, but from a ‘snapshot’ 
perspective, not the total amount used.  To hopefully clarify things, 
here’s what I’m doing currently:
 
rwfilter --start-date=2015/10/28T00 --end-date=2015/11/30T18 
--type=out,outweb --sensors=S2 --saddress=10.0.0.0/24 --pass=stdout | 
rwcount --bin-size=86400 --skip-zeroes
 
As I’ve come to understand things, this would give me the total data 
transmitted for each 24-hour period over the specified range.  I’d then 
drill down into those periods and determine which hours had the highest 
transmissions, and keep going until I reach –bin-size=1.  That would be my 
‘snapshot’ upload bandwidth usage (less compression, WAN optimization, 
etc., of course).
 
This is, suffice to say, not an efficient process, especially since 
collectors are running at more than one office location.  How else could I 
be going about this?


Drew Morrigan | drewm at landesa.org
Systems Admin / Support Specialist

Landesa
1424 Fourth Ave., Suite 300, Seattle, WA  98101
T: 206-257-6158 | F: 206-528-5881
Skype: drewm_landesa

www.landesa.org

Recipient of the 2015 Hilton Humanitarian Award


-------------- next part --------------
HTML attachment scrubbed and removed

More information about the netsa-tools-discuss mailing list