Filter

spurrellian · Post by **spurrellian** » Wed Jun 08, 2016 6:12 am

Hi,

One of our network guys has asked if its possible to filter on a per interface direction?

This is what he's messaged me

"netflow records contain an input and output interface, in other netflow tools I've used you can filter on a per-interface direction, can we do this in Nagios Network Analyzer?"

http://www.cisco.com/en/US/technologies ... a3db9.html
Table 6. NetFlow Version 9 Field Type Definitions

Is this possible in NA?

Post by **eloyd** » Wed Jun 08, 2016 10:19 am

You can filter on any valid tcpdump/pcap/ngrep style filter (http://www.tcpdump.org/manpages/pcap-filter.7.html). So you can make good use of the "net" directive to determine which way packets are flowing (internal network is inbound, anything else is outbound).

Edit: changed "dir" to "net", though the "dir" directive may apply as well.

bwallace · Post by **bwallace** » Wed Jun 08, 2016 2:56 pm

Well said, eloyd. OP, let us know if that gets you on track....

spurrellian · Post by **spurrellian** » Wed Jun 08, 2016 3:25 pm

Thanks

Pardon my ignorance, but how do I use that filter in nagos na?

bwallace · Post by **bwallace** » Wed Jun 08, 2016 3:38 pm

No worries, I think eloyd was talking about using those tcpdump style filters in conjunction with custom queries (from the NNA UI). This doc provides some useful examples to get started https://assets.nagios.com/downloads/nag ... alyzer.pdf

Post by **eloyd** » Wed Jun 08, 2016 3:55 pm

Yes, I was. Sorry. I was actually thinking you could take that information back to your networking person, since I thought it was them asking for it!

spurrellian · Post by **spurrellian** » Wed Jun 08, 2016 3:56 pm

Thanks,

I've had a play and got some results. Unsure if its correct so will check with him tomorrow.

Thanks for your help. I got the info from here, as listed in the manual

http://manpages.ubuntu.com/manpages/pre ... ump.1.html

interface.PNG

spurrellian · Post by **spurrellian** » Wed Jun 08, 2016 3:58 pm

eloyd wrote:Yes, I was. Sorry. I was actually thinking you could take that information back to your networking person, since I thought it was them asking for it!

No worries, I thought I would double check before I go back to him and he asks how to do that, plus I love to learn new things

bwallace · Post by **bwallace** » Wed Jun 08, 2016 4:02 pm

Cool, keep us posted as to whether or not that's what the admin/network guy was looking for....

jomann · Post by **jomann** » Fri Jun 24, 2016 10:06 am

You can also set up a "filter" using views. In the screenshot above that you gave, there is a button that says "create" up top. This creates a "view" which is essentially another source inside a source that will ONLY save anything that you have determined to be in there. It uses a regular nfdump query like the ones you run in the Query page in order to determine what is saved in that view. Once you've created it, every 5 minutes when the netflow data is reaped it will also save a copy of the filtered data in the views section. Then, you can use the dropdown to select a view to see inside a source - which will end up being a filter list of values.

Nagios Support Forum

Filter

Filter

Re: Filter

Re: Filter

Re: Filter

Re: Filter

Re: Filter

Re: Filter

Re: Filter

Re: Filter

Re: Filter