Monitor Top 10 Users Bandwidth usage with Network Analyser

[mejokj]

Hi Team,

We would like to monitor the top 10 users bandwidth usage with a Nagios network analyzer.

We have already tried with the below custom document, but it is not working as expected.

Understanding_And_Using_Custom_Queries_In_Network_Analyzer.pdf

Could you help us to develop a query for that.

Thanks

[ssax]

You can do it by IP address by looking in Reports > Top 5 Talkers, it will not show it per user though as that information is not likely sent in the flows.

To do the query you would aggregate by srcip. Define srcip for the aggregate by, setting the Timeframe, and leaving the Raw Query blank.

[mejokj]

Hi ssax,

Thanks for the info

+++++++++++++++++
To do the query you would aggregate by srcip. Define srcip for the aggregate by, setting the Timeframe, and leaving the Raw Query blank
+++++++++++++++++

Is the above query shows the bandwidth usage for top 10 users?

If not how can we achieve this with nagios network analyser?

Could you please advise

Thanks

[ssax]

Nagios Network Analyzer ingests Netflow/SFlow data, there is no user information stored in the flows so you will not be able to report on users.

[mejokj]

Hi Ssax,

Thanks for the advise.

Is it possible to monitor users bandwidth usage based on laptop IP?

We need to monitor the bandwidth for a user laptop IP. How can we achieve this?

Kindly provide us the steps and query.

Thanks

[mejokj]

With hostname/IP is fine for top 10 bandwidth users

[mejokj]

Hi Team,

We are using NAT in the router, so in that case how we can monitor the bandwidth of the users connected to the routers (monitor using the User's IP address) from outside the network.

Kindly help us with the query.

Also, the query is taking too long in the network analyzer? Any reason you can suggest. Attached screenshot for your reference.

System configuration as below
==========================

[root@~]# free -m
total used free shared buff/cache available
Mem: 7271 692 3058 25 3521 6311
Swap: 7563 0 7563
[root@~]#
[root@ ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 140G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 139G 0 part
├─root 253:0 0 50G 0 lvm /
├─swap 253:1 0 7.4G 0 lvm [SWAP]
└─home 253:2 0 81.6G 0 lvm /home
sr0 11:0 1 1.6G 0 rom
[root@autodiscover ~]#
[root@~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4


Thanks,

[ssax]

Use srcip,dstip for the Aggregate By and then use this for the raw query:
- Change X.X.X.X to the IP of the laptop

Code: Select all

ip X.X.X.X

[mejokj]

Hi ssax ,

Can we see the top 10 bandwidth usage IP's/hostname hitting the router in Nagios network analyzer?

See an example below we tried to make a query to filter out hostnames/IP's reaching to DST IP for port number 443

dst ip #### AND dst port 443.

but we are looking to filter with a similar type of query for the top 10 bandwidth utilizers based on IP/hostnames.

Please help us create a query for the above only shows 10 bandwidth utilizers for a specific destination IP and port 443.

Thanks

[ssax]

Try this:

Aggregate by: srcip,dstip,dstport
Query: (dst port == 443)

There isn't a way that I'm aware to limit to top 10.