====== IP Top Talkers - Cisco ======

^ Author | [[ nbarberis@gestionamas.com.ar | Nicolas Barberis ]] |
^ Compatibility | Xymon 4.3.27 |
^ Requirements | BASH, snmpget, snmpwalk |
^ Download | None |
^ Last Update | 2016-12-23 |

===== Description =====
This test was developed in order to get the Top-Talkers list from a cisco device vía SNMP. Tested on a Cisco 2911 with IOS 15.3

===== Installation =====
=== Client side ===
(Client side being the Cisco router)

<code>
interface Vlan1
  !config to verify the traffic-wise top user
  ! assuming vlan1 to be the LAN side
  ip flow egress
  ! ip flow egress means "the traffic going out of this iface to the user"
 ip flow-top-talkers
  top 10
  sort-by bytes
</code>

=== Server side ===
Copy paste the script to $XYMONHOME/ext/iptop.sh Don´t forget to change the COMMUNITY variable.

Add the topt tag to the desireddevices (topt: "top 10")


===== Source =====
==== iptop.sh ====

<hidden onHidden="Show Code ⇲" onVisible="Hide Code ⇱">
<code>
#!/bin/bash
#
# Author: Nicolas Barberis(nbarberis@gestionamas.com.ar)
# Description: This script will report the ip-flow top talkers on a cisco router
#
# You need to setup ip flow on the cisco router for the MIBS to be available:
# interface Vlan1
#  !config to verify the internet top user
#  ! assuming vlan1 to be the LAN side
#  ip flow egress
# ip flow-top-talkers
#  top 10
#  sort-by bytes
#

BBHTAG=topt     # What we put in bb-hosts to trigger this test
COLUMN=$BBHTAG  # Name of the column, often same as tag in bb-hosts

COMMUNITY=public

$XYMONHOME/bin/bbhostgrep $BBHTAG | while read L
do
  set $L        # To get one line of output from bbhostgrep

  HOSTIP="$1"
  MACHINEDOTS="$2"
  MACHINE=`echo $2 | $SED -e's/\./,/g'`

  COLOR=green
  MSG="Ranking de consumo de datos de $MACHINEDOTS"

  MSG=$(echo -e "$MSG\n\n<table border=\"1\"><tr><th>Index</th><th>Source IP</th><th>Target IP</th><th>Port</th><th>KB/s</th></tr>")

for INDEX in `/usr/local/bin/snmpwalk -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3|awk '{ print $1 }'|awk -F\. '{ print $10 }'`
do

        IP_ORIG_HEX=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3.$INDEX|awk -F\: '{ print $4 }')
        IP_ORIG_OCT=$((16#${IP_ORIG_HEX:1:3}))"."$((16#${IP_ORIG_HEX:4:3}))"."$((16#${IP_ORIG_HEX:7:3}))"."$((16#${IP_ORIG_HEX:10:3}))
        IP_DEST_HEX=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.6.$INDEX|awk -F\: '{ print $4 }')
        IP_DEST_OCT=$((16#${IP_DEST_HEX:1:3}))"."$((16#${IP_DEST_HEX:4:3}))"."$((16#${IP_DEST_HEX:7:3}))"."$((16#${IP_DEST_HEX:10:3}))
        PORT=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.10.$INDEX|awk '{ print $4 }')
        BYTES=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.24.$INDEX|awk '{ print $4 }')
        KB=$((BYTES/1024))
        KBTOT+=$((KB))
        #$((0x${hexNum}))

        CCOLOR="green"
        COLOR=green
#       if [ $KBTOT > 950000000 ]
#       then
#               CCOLOR="red"
#               COLOR=red
#       elif
#               CCOLOR="green"
#               COLOR=green
#       fi

        STATUSTRANSLATED=${STATUSCODES[$STATUS]}
        #MSG=$(echo -e "$MSG\n<img src=/xymon/gifs/$CCOLOR.gif> Index: $INDEX\tIP Local: $IP_ORIG_OCT\tIP Remota: $IP_DEST_OCT\tPuerto: $PORT\tKB/s: $KB")
        MSG=$(echo -e "$MSG\n<tr><td>$INDEX</td><td>$IP_ORIG_OCT</td><td>$IP_DEST_OCT</td><td>$PORT</td><td>$KB</td></tr>")

done

  MSG=$(echo -e "$MSG\n</table>")

  $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`

  ${MSG}
  "
# uncomment to debug the message sent to xymon
#  echo $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date` " >> /tmp/ip_dbg.log
done

exit 0
</code>
</hidden>

===== Known  Bugs and Issues =====
*Make sure about your path to snmpget and snmpwalk. Adjust accordingly.

===== To Do =====
* Set the test color to go along with the if-load column

===== Credits =====

===== Changelog =====

  * **2016-12-23**
    * Initial release