[netsa-tools-discuss] Point in Time Data in Silk

Drew Morrigan drewm at landesa.org
Wed Dec 2 12:54:27 EST 2015 

I went with FlowBAT, and have it pulling records and presenting data.  Thanks for that link, Chris.

I’m trying to download the full CSV, but the circle just spins and spins.  I looked at the temp file that it is working from and it has ballooned to 385MB, which I’d imagine is obstructing my download.

How would I clear that file, in the hopes of making the CSV more accessible?  I’ll contact their support team as well, but two heads are better than one.



Drew Morrigan | drewm at landesa.org<mailto:drewm at landesa.org>
Systems Admin / Support Specialist

Landesa
1424 Fourth Ave., Suite 300, Seattle, WA  98101
T: 206-257-6158 | F: 206-528-5881
Skype: drewm_landesa

www.landesa.org<http://www.landesa.org>

Recipient of the 2015 Hilton Humanitarian Award<http://www.landesa.org/news/landesa-awarded-the-hilton-humanitarian-prize/>

From: Joe Loiacono [mailto:jloiacon at csc.com]
Sent: Wednesday, December 2, 2015 7:57 AM
To: Drew Morrigan
Cc: netsa-tools-discuss at cert.org; netsa-tools-discuss-bounces+jloiacon=csc.com at cert.org
Subject: Re: [netsa-tools-discuss] Point in Time Data in Silk

Drew,

You might consider installing FlowViewer ( http://sourceforge.net/projects/flowviewer ). FlowViewer provides a rich web-based user interface to SiLK.

FlowViewer will allow you to easily track your usage over 5 time intervals (Last 24 Hours, Weekly, Monthly, Last 12 Months, Last Three Years) for any specified filter (in your case this would be the router interface to your ISP). The Last 24 Hours graph plots data points for each 5-minute period during the day. You will be able to pick out peak periods easily and will get a good feel for average throughput during the day. You can always zoom in using one of the component tools called FlowGrapher.

The web site has some screenshots and a comprehensive user's guide. The software install and configuration are pretty straightforward.

If you have any questions, I would be happy to help ...

Regards,

Joe Loiacono





From:        Drew Morrigan <drewm at landesa.org<mailto:drewm at landesa.org>>
To:        "netsa-tools-discuss at cert.org<mailto:netsa-tools-discuss at cert.org>" <netsa-tools-discuss at cert.org<mailto:netsa-tools-discuss at cert.org>>
Date:        12/01/2015 06:40 PM
Subject:        [netsa-tools-discuss] Point in Time Data in Silk
Sent by:        netsa-tools-discuss-bounces+jloiacon=csc.com at cert.org<mailto:netsa-tools-discuss-bounces+jloiacon=csc.com at cert.org>
________________________________



Greetings,

  I am using Silk 3.11 on Ubuntu Server 14.04.  I have it happily collecting data from our FWs and am currently fumbling around with the analysis tools.  I’ve been able to get some cool/useful information from those fumblings, but there is something I need I haven’t been able to put together easily on my own.

  Due to some changes to our environment, we will soon be making more use out of our ISP’s upload bandwidth than we have been.  We want to know how much outgoing traffic we are currently transmitting, but from a ‘snapshot’ perspective, not the total amount used.  To hopefully clarify things, here’s what I’m doing currently:

rwfilter --start-date=2015/10/28T00 --end-date=2015/11/30T18 --type=out,outweb --sensors=S2 --saddress=10.0.0.0/24 --pass=stdout | rwcount --bin-size=86400 --skip-zeroes

As I’ve come to understand things, this would give me the total data transmitted for each 24-hour period over the specified range.  I’d then drill down into those periods and determine which hours had the highest transmissions, and keep going until I reach –bin-size=1.  That would be my ‘snapshot’ upload bandwidth usage (less compression, WAN optimization, etc., of course).

This is, suffice to say, not an efficient process, especially since collectors are running at more than one office location.  How else could I be going about this?


Drew Morrigan | drewm at landesa.org<mailto:drewm at landesa.org>
Systems Admin / Support Specialist
Landesa

1424 Fourth Ave., Suite 300, Seattle, WA  98101

T: 206-257-6158 | F: 206-528-5881

Skype: drewm_landesa



www.landesa.org<http://www.landesa.org>

Recipient of the 2015 Hilton Humanitarian Award<http://www.landesa.org/news/landesa-awarded-the-hilton-humanitarian-prize/>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the netsa-tools-discuss mailing list