Nagios Support Forum

I was trying to create a query for a network with srcip, srcport, dstip and dstport for 30 days and it took to long to finish could be due to the number of lines. While the report has the options of defining the number of lines to display I noticed it lacks the option of getting the srcip, srcport, dstip and dstport all together as you will be asked to define your groupings only be selecting one of the four mentioned. I looked and is still looking in the knowledge base if there is anything the i could do in the report to have the four included instead of one or having the query defined with 100 lines like in the report but couldnt find any. is there a way to have the above?

Does using the limiter help return what you want? For example:

ip DST_IP_ADDR and ip SRC_IP_ADDR and DST_PORT_NUM and SRC_PORT_NUM

?

Are you asking if you can put all 4 of the options (srcip, srcport, dstip and dstport) in the Aggregate field when running a query?
If so, you can do that and all you would have to do is add then in the field separated by a comma.

this is the query that I am running that gives me the source and destination ip and port.
Can I have this done via report that would show the source and destination ip and port as well? looking at the report configuration, you can only select one of the four (srcip, dstip, srcport, dstport) in the Group by Section.

This info will not be readily available on the reports screen, but you can drill down and get more information on the flows by clicking the aggregated link. This will bring you back to an updated query section were you can add the additional fields to aggregate by.

thanks for the help. you may close this thread now.

Sounds great! I'll be closing this topic.

If you have any more questions, feel free to create another thread!

Thank you for using the Nagios Support Forums!