Differences

This shows you the differences between two versions of the page.

Link to this comparison view

monitors:cisco-ip-flow [2016/12/23 13:52] (current)
nickoarg created
Line 1: Line 1:
 +====== IP Top Talkers - Cisco ======
 +
 +^ Author | [[ nbarberis@gestionamas.com.ar | Nicolas Barberis ]] |
 +^ Compatibility | Xymon 4.3.27 |
 +^ Requirements | BASH, snmpget, snmpwalk |
 +^ Download | None |
 +^ Last Update | 2016-12-23 |
 +
 +===== Description =====
 +This test was developed in order to get the Top-Talkers list from a cisco device vía SNMP. Tested on a Cisco 2911 with IOS 15.3
 +
 +===== Installation =====
 +=== Client side ===
 +(Client side being the Cisco router)
 +
 +<​code>​
 +interface Vlan1
 +  !config to verify the traffic-wise top user
 +  ! assuming vlan1 to be the LAN side
 +  ip flow egress
 +  ! ip flow egress means "the traffic going out of this iface to the user"
 + ip flow-top-talkers
 +  top 10
 +  sort-by bytes
 +</​code>​
 +
 +=== Server side ===
 +Copy paste the script to $XYMONHOME/​ext/​iptop.sh Don´t forget to change the COMMUNITY variable.
 +
 +Add the topt tag to the desireddevices (topt: "top 10")
 +
 +
 +===== Source =====
 +==== iptop.sh ====
 +
 +<hidden onHidden="​Show Code ⇲" onVisible="​Hide Code ⇱">​
 +<​code>​
 +#!/bin/bash
 +#
 +# Author: Nicolas Barberis(nbarberis@gestionamas.com.ar)
 +# Description:​ This script will report the ip-flow top talkers on a cisco router
 +#
 +# You need to setup ip flow on the cisco router for the MIBS to be available:
 +# interface Vlan1
 +#  !config to verify the internet top user
 +#  ! assuming vlan1 to be the LAN side
 +#  ip flow egress
 +# ip flow-top-talkers
 +#  top 10
 +#  sort-by bytes
 +#
 +
 +BBHTAG=topt ​    # What we put in bb-hosts to trigger this test
 +COLUMN=$BBHTAG ​ # Name of the column, often same as tag in bb-hosts
 +
 +COMMUNITY=public
 +
 +$XYMONHOME/​bin/​bbhostgrep $BBHTAG | while read L
 +do
 +  set $L        # To get one line of output from bbhostgrep
 +
 +  HOSTIP="​$1"​
 +  MACHINEDOTS="​$2"​
 +  MACHINE=`echo $2 | $SED -e'​s/​\./,/​g'​`
 +
 +  COLOR=green
 +  MSG="​Ranking de consumo de datos de $MACHINEDOTS"​
 +
 +  MSG=$(echo -e "​$MSG\n\n<​table border=\"​1\"><​tr><​th>​Index</​th><​th>​Source IP</​th><​th>​Target IP</​th><​th>​Port</​th><​th>​KB/​s</​th></​tr>"​)
 +
 +for INDEX in `/​usr/​local/​bin/​snmpwalk -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3|awk '{ print $1 }'|awk -F\. '{ print $10 }'`
 +do
 +
 +        IP_ORIG_HEX=$(/​usr/​local/​bin/​snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3.$INDEX|awk -F\: '{ print $4 }')
 +        IP_ORIG_OCT=$((16#​${IP_ORIG_HEX:​1:​3}))"​."​$((16#​${IP_ORIG_HEX:​4:​3}))"​."​$((16#​${IP_ORIG_HEX:​7:​3}))"​."​$((16#​${IP_ORIG_HEX:​10:​3}))
 +        IP_DEST_HEX=$(/​usr/​local/​bin/​snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.6.$INDEX|awk -F\: '{ print $4 }')
 +        IP_DEST_OCT=$((16#​${IP_DEST_HEX:​1:​3}))"​."​$((16#​${IP_DEST_HEX:​4:​3}))"​."​$((16#​${IP_DEST_HEX:​7:​3}))"​."​$((16#​${IP_DEST_HEX:​10:​3}))
 +        PORT=$(/​usr/​local/​bin/​snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.10.$INDEX|awk '{ print $4 }')
 +        BYTES=$(/​usr/​local/​bin/​snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.24.$INDEX|awk '{ print $4 }')
 +        KB=$((BYTES/​1024))
 +        KBTOT+=$((KB))
 +        #​$((0x${hexNum}))
 +
 +        CCOLOR="​green"​
 +        COLOR=green
 +#       if [ $KBTOT > 950000000 ]
 +#       then
 +#               ​CCOLOR="​red"​
 +#               ​COLOR=red
 +#       elif
 +#               ​CCOLOR="​green"​
 +#               ​COLOR=green
 +#       fi
 +
 +        STATUSTRANSLATED=${STATUSCODES[$STATUS]}
 +        #MSG=$(echo -e "​$MSG\n<​img src=/​xymon/​gifs/​$CCOLOR.gif>​ Index: $INDEX\tIP Local: $IP_ORIG_OCT\tIP Remota: $IP_DEST_OCT\tPuerto:​ $PORT\tKB/​s:​ $KB")
 +        MSG=$(echo -e "​$MSG\n<​tr><​td>​$INDEX</​td><​td>​$IP_ORIG_OCT</​td><​td>​$IP_DEST_OCT</​td><​td>​$PORT</​td><​td>​$KB</​td></​tr>"​)
 +
 +done
 +
 +  MSG=$(echo -e "​$MSG\n</​table>"​)
 +
 +  $XYMON $XYMSRV "​status $MACHINE.$COLUMN $COLOR `date`
 +
 +  ${MSG}
 +  "
 +# uncomment to debug the message sent to xymon
 +#  echo $XYMON $XYMSRV "​status $MACHINE.$COLUMN $COLOR `date` " >> /​tmp/​ip_dbg.log
 +done
 +
 +exit 0
 +</​code>​
 +</​hidden>​
 +
 +===== Known  Bugs and Issues =====
 +*Make sure about your path to snmpget and snmpwalk. Adjust accordingly.
 +
 +===== To Do =====
 +* Set the test color to go along with the if-load column
 +
 +===== Credits =====
 +
 +===== Changelog =====
 +
 +  * **2016-12-23**
 +    * Initial release
  
  • monitors/cisco-ip-flow.txt
  • Last modified: 2016/12/23 13:52
  • by nickoarg