monitors:cisco-ip-flow

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

monitors:cisco-ip-flow [2016/12/23 13:52] (current)
nickoarg created
Line 1: Line 1:
 +====== IP Top Talkers - Cisco ======
 +
 +^ Author | [[ nbarberis@gestionamas.com.ar | Nicolas Barberis ]] |
 +^ Compatibility | Xymon 4.3.27 |
 +^ Requirements | BASH, snmpget, snmpwalk |
 +^ Download | None |
 +^ Last Update | 2016-12-23 |
 +
 +===== Description =====
 +This test was developed in order to get the Top-Talkers list from a cisco device vía SNMP. Tested on a Cisco 2911 with IOS 15.3
 +
 +===== Installation =====
 +=== Client side ===
 +(Client side being the Cisco router)
 +
 +<code>
 +interface Vlan1
 +  !config to verify the traffic-wise top user
 +  ! assuming vlan1 to be the LAN side
 +  ip flow egress
 +  ! ip flow egress means "the traffic going out of this iface to the user"
 + ip flow-top-talkers
 +  top 10
 +  sort-by bytes
 +</code>
 +
 +=== Server side ===
 +Copy paste the script to $XYMONHOME/ext/iptop.sh Don´t forget to change the COMMUNITY variable.
 +
 +Add the topt tag to the desireddevices (topt: "top 10")
 +
 +
 +===== Source =====
 +==== iptop.sh ====
 +
 +<hidden onHidden="Show Code ⇲" onVisible="Hide Code ⇱">
 +<code>
 +#!/bin/bash
 +#
 +# Author: Nicolas Barberis(nbarberis@gestionamas.com.ar)
 +# Description: This script will report the ip-flow top talkers on a cisco router
 +#
 +# You need to setup ip flow on the cisco router for the MIBS to be available:
 +# interface Vlan1
 +#  !config to verify the internet top user
 +#  ! assuming vlan1 to be the LAN side
 +#  ip flow egress
 +# ip flow-top-talkers
 +#  top 10
 +#  sort-by bytes
 +#
 +
 +BBHTAG=topt     # What we put in bb-hosts to trigger this test
 +COLUMN=$BBHTAG  # Name of the column, often same as tag in bb-hosts
 +
 +COMMUNITY=public
 +
 +$XYMONHOME/bin/bbhostgrep $BBHTAG | while read L
 +do
 +  set $L        # To get one line of output from bbhostgrep
 +
 +  HOSTIP="$1"
 +  MACHINEDOTS="$2"
 +  MACHINE=`echo $2 | $SED -e's/\./,/g'`
 +
 +  COLOR=green
 +  MSG="Ranking de consumo de datos de $MACHINEDOTS"
 +
 +  MSG=$(echo -e "$MSG\n\n<table border=\"1\"><tr><th>Index</th><th>Source IP</th><th>Target IP</th><th>Port</th><th>KB/s</th></tr>")
 +
 +for INDEX in `/usr/local/bin/snmpwalk -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3|awk '{ print $1 }'|awk -F\. '{ print $10 }'`
 +do
 +
 +        IP_ORIG_HEX=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.3.$INDEX|awk -F\: '{ print $4 }')
 +        IP_ORIG_OCT=$((16#${IP_ORIG_HEX:1:3}))"."$((16#${IP_ORIG_HEX:4:3}))"."$((16#${IP_ORIG_HEX:7:3}))"."$((16#${IP_ORIG_HEX:10:3}))
 +        IP_DEST_HEX=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.6.$INDEX|awk -F\: '{ print $4 }')
 +        IP_DEST_OCT=$((16#${IP_DEST_HEX:1:3}))"."$((16#${IP_DEST_HEX:4:3}))"."$((16#${IP_DEST_HEX:7:3}))"."$((16#${IP_DEST_HEX:10:3}))
 +        PORT=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.10.$INDEX|awk '{ print $4 }')
 +        BYTES=$(/usr/local/bin/snmpget -c $COMMUNITY -v2c $HOSTIP 1.3.6.1.4.1.9.9.387.1.7.8.1.24.$INDEX|awk '{ print $4 }')
 +        KB=$((BYTES/1024))
 +        KBTOT+=$((KB))
 +        #$((0x${hexNum}))
 +
 +        CCOLOR="green"
 +        COLOR=green
 +#       if [ $KBTOT > 950000000 ]
 +#       then
 +#               CCOLOR="red"
 +#               COLOR=red
 +#       elif
 +#               CCOLOR="green"
 +#               COLOR=green
 +#       fi
 +
 +        STATUSTRANSLATED=${STATUSCODES[$STATUS]}
 +        #MSG=$(echo -e "$MSG\n<img src=/xymon/gifs/$CCOLOR.gif> Index: $INDEX\tIP Local: $IP_ORIG_OCT\tIP Remota: $IP_DEST_OCT\tPuerto: $PORT\tKB/s: $KB")
 +        MSG=$(echo -e "$MSG\n<tr><td>$INDEX</td><td>$IP_ORIG_OCT</td><td>$IP_DEST_OCT</td><td>$PORT</td><td>$KB</td></tr>")
 +
 +done
 +
 +  MSG=$(echo -e "$MSG\n</table>")
 +
 +  $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`
 +
 +  ${MSG}
 +  "
 +# uncomment to debug the message sent to xymon
 +#  echo $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date` " >> /tmp/ip_dbg.log
 +done
 +
 +exit 0
 +</code>
 +</hidden>
 +
 +===== Known  Bugs and Issues =====
 +*Make sure about your path to snmpget and snmpwalk. Adjust accordingly.
 +
 +===== To Do =====
 +* Set the test color to go along with the if-load column
 +
 +===== Credits =====
 +
 +===== Changelog =====
 +
 +  * **2016-12-23**
 +    * Initial release
  
  • monitors/cisco-ip-flow.txt
  • Last modified: 2016/12/23 13:52
  • by nickoarg