Is there a way to change Summary Chart?

This support forum board is for support questions relating to Nagios Network Analyzer, our network traffic and bandwidth analysis solution.
Locked
jcote
Posts: 6
Joined: Wed Jan 26, 2022 12:15 pm

Is there a way to change Summary Chart?

Post by jcote »

We use the network analyzer to ingest NetFlow data from our ASR 9Ks. I have an ingress and egress flow setup, and we are wondering if there is a way to show who and how much bandwidth is being used dynamically. We would like to see the data auto-updated on the summary page that breaks out different subnets into different colors to see who the bandwidth users are and not just the total bandwidth over time. Is this possible? I understand this can be done through report analysis, but we would like to see this information live on the summary page if possible. I see options to show different parameters bytes, packets and flows that can be overlaid. However, if I could show bandwidth from sources instead of overall bandwidth use, that would be much more useful. I'm curious if this capability exists and I'm missing it or can be added.
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Is there a way to change Summary Chart?

Post by ssax »

I'm investigating this and will post an update shortly.

Thank you!
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Is there a way to change Summary Chart?

Post by ssax »

Currently, there isn't a method to aggregate by srcnet/dstnet from the web interface. I have submitted a feature-request on your behalf requesting that functionality:

Code: Select all

FR: NNA - Add functionality to aggregate by the other options such as srcnet/destnet/etc, it's currently limited to dstip|srcip|srcport|dstport:
Please keep in mind that the decision to implement the enhancement is at the discretion of our development team.

As an alternative:

Code: Select all

You can use this to show the flows received in the last 15 minutes from that source:
- Change XXXXX to the source name

nfdump -R /usr/local/nagiosna/var/XXXXX/flows -t '-900'

OR the raw flows:

nfdump -R /usr/local/nagiosna/var/XXXXX/flows -t '-900' -o raw

OR individual flow files:

nfdump -r /usr/local/nagiosna/var/XXXXX/flows/nfcapd.202111101555
nfdump -r /usr/local/nagiosna/var/XXXXX/flows/nfcapd.202111101555 -o raw

See here for more information:

https://manned.org/nfdump/31e0f625

So you could do something like this from the CLI to see the data:

Code: Select all

nfdump -R /usr/local/nagiosna/var/XXXXX/flows -t '-900' -A srcnet
nfdump -R /usr/local/nagiosna/var/XXXXX/flows -t '-900' -A srcnet,dstnet
Locked