Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== IP Top Talkers - Cisco ====== ^ Author | [[ nbarberis@gestionamas.com.ar | Nicolas Barberis ]] | ^ Compatibility | Xymon 4.3.27 | ^ Requirements | BASH, snmpget, snmpwalk | ^ Download | None | ^ Last Update | 2016-12-23 | ===== Description ===== This test was developed in order to get the Top-Talkers list from a cisco device vía SNMP. Tested on a Cisco 2911 with IOS 15.3 ===== Installation ===== === Client side === (Client side being the Cisco router) <code> interface Vlan1 !config to verify the traffic-wise top user ! assuming vlan1 to be the LAN side ip flow egress ! ip flow egress means "the traffic going out of this iface to the user" ip flow-top-talkers top 10 sort-by bytes </code> === Server side === Copy paste the script to $XYMONHOME/ext/iptop.sh Don´t forget to change the COMMUNITY variable. Add the topt tag to the desireddevices (topt: "top 10") ===== Source ===== ==== iptop.sh ==== <hidden onHidden="Show Code ⇲" onVisible="Hide Code ⇱"> <code> #!/bin/bash # # Author: Nicolas Barberis(nbarberis@gestionamas.com.ar) # Description: This script will report the ip-flow top talkers on a cisco router # # You need to setup ip flow on the cisco router for the MIBS to be available: # interface Vlan1 # !config to verify the internet top user # ! assuming vlan1 to be the LAN side # ip flow egress # ip flow-top-talkers # top 10 # sort-by bytes # BBHTAG=topt # What we put in bb-hosts to trigger this test COLUMN=$BBHTAG # Name of the column, often same as tag in bb-hosts COMMUNITY=public $XYMONHOME/bin/bbhostgrep $BBHTAG | while read L do set $L # To get one line of output from bbhostgrep HOSTIP="$1" MACHINEDOTS="$2" MACHINE=`echo $2 | $SED -e's/\./,/g'` COLOR=green MSG="Ranking de consumo de datos de $MACHINEDOTS" MSG=$(echo -e "$MSG\n\n<table border=\"1\"><tr><th>Index</th><th>Source IP</th><th>Target IP</th><th>Port</th><th>KB/s</th></tr>") for INDEX in `/usr/local/bin/snmpwalk -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3|awk '{ print $1 }'|awk -F\. '{ print $10 }'` do IP_ORIG_HEX=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3.$INDEX|awk -F\: '{ print $4 }') IP_ORIG_OCT=$((16#${IP_ORIG_HEX:1:3}))"."$((16#${IP_ORIG_HEX:4:3}))"."$((16#${IP_ORIG_HEX:7:3}))"."$((16#${IP_ORIG_HEX:10:3})) IP_DEST_HEX=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.6.$INDEX|awk -F\: '{ print $4 }') IP_DEST_OCT=$((16#${IP_DEST_HEX:1:3}))"."$((16#${IP_DEST_HEX:4:3}))"."$((16#${IP_DEST_HEX:7:3}))"."$((16#${IP_DEST_HEX:10:3})) PORT=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.10.$INDEX|awk '{ print $4 }') BYTES=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.24.$INDEX|awk '{ print $4 }') KB=$((BYTES/1024)) KBTOT+=$((KB)) #$((0x${hexNum})) CCOLOR="green" COLOR=green # if [ $KBTOT > 950000000 ] # then # CCOLOR="red" # COLOR=red # elif # CCOLOR="green" # COLOR=green # fi STATUSTRANSLATED=${STATUSCODES[$STATUS]} #MSG=$(echo -e "$MSG\n<img src=/xymon/gifs/$CCOLOR.gif> Index: $INDEX\tIP Local: $IP_ORIG_OCT\tIP Remota: $IP_DEST_OCT\tPuerto: $PORT\tKB/s: $KB") MSG=$(echo -e "$MSG\n<tr><td>$INDEX</td><td>$IP_ORIG_OCT</td><td>$IP_DEST_OCT</td><td>$PORT</td><td>$KB</td></tr>") done MSG=$(echo -e "$MSG\n</table>") $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date` ${MSG} " # uncomment to debug the message sent to xymon # echo $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date` " >> /tmp/ip_dbg.log done exit 0 </code> </hidden> ===== Known Bugs and Issues ===== *Make sure about your path to snmpget and snmpwalk. Adjust accordingly. ===== To Do ===== * Set the test color to go along with the if-load column ===== Credits ===== ===== Changelog ===== * **2016-12-23** * Initial release monitors/cisco-ip-flow.txt Last modified: 2016/12/23 13:52by nickoarg