Customize query and report output.

[wallis]

Hi
I would see ToS value, is there any way how to add this column?

When i looking for specific host traffic in specific QoS class, then i use:
ip src xxx.xxx.xxx.xxx and tos xxx
but i have no idea how to list, if is there traffic from this host in another class.

thx for help

[jdalrymple]

This should be as simple as adding an 'or' statement:

Code: Select all

(src xxx.xxx.xxx.xxx and tos xxx) or (xxx.xxx.xxx.xxx and tos yyy)

Am I understanding your question, or is something missing?

[wallis]

It will be my English .....

Communication with the destination address 172.16.X.X must be in class with tos = 72
verified through the filter

dst ip 172.16.x.x and 72 tos

then filter

dst ip 172.16.x.x and not tos 72

should be empty, but is not.

[wallis]

via SSH

nfdump -R nfcapd.201503230700:nfcapd.201503231000 -o extended -c2 'dst ip 172.16.xx.xx and not tos 72'

output:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows
2015-03-23 06:59:57.156 0.468 TCP 172.16.zz.zz:52322 -> 172.16.xx.xx:xx .AP... 104 44 10599 94 181179 240 1
2015-03-23 06:59:57.156 0.468 TCP 172.16.zz.zz:52322 -> 172.16.xx.xx:xx .AP... 104 44 10599 94 181179 240 1

this indicates an error in the configuration of QoS, but TOS value is not displayed in the html output.

[ssax]

There is no current functionality to add what you are requesting, I talked with the dev team and they asked me to create a feature request for that since it's something that should be in there, I will create it now.

Edit:

Code: Select all

NEW TASK ID 5273 created - Nagios Network Analyzer Feature Request: Allow users to hide/show all columns NNA uses for queries/reports (some missing such as TOS)

OP, are we ok to mark this thread as resolved and lock the topic?

[wallis]

mark and close

thx