Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: generating reports based on time field of network data
Top Forums Shell Programming and Scripting generating reports based on time field of network data Post 302227163 by renukaprasadb on Wednesday 20th of August 2008 05:23:00 PM
Old 08-20-2008
generating reports based on time field of network data
hi i have data extracted in the following format ranging around 300000 to 800000 records in a text file , the format is of network data .
No. Time Source Destination Protocol
1 1998-06-05 17:20:23.569905 HP_61:aa:c9 HP_61:aa:c9 LLC
2 1998-06-05 17:20:24.569709 HP_61:aa:c9 HP_61:aa:c9 LLC
3 1998-06-05 17:20:25.547310 Cisco_04:41:bc Cisco_04:41:bc LOOP
4 1998-06-05 17:20:26.068756 HP_61:aa:c9 HP_61:aa:c9 TCP
5 1998-06-05 17:20:27.068809 HP_61:aa:c9 HP_61:aa:c9 UDP
6 1998-06-05 17:20:28.069107 HP_61:aa:c9 HP_61:aa:c9 FTP
7 1998-06-05 17:20:29.068810 HP_61:aa:c9 HP_61:aa:c9 FTP
8 1998-06-05 17:20:30.069417 HP_61:aa:c9 HP_61:aa:c9 TELNET
9 1998-06-05 17:20:31.071067 HP_61:aa:c9 HP_61:aa:c9 SMTP
10 1998-06-05 17:20:32.068868 HP_61:aa:c9 HP_61:aa:c9 SMTP
11 1998-06-05 17:20:33.069603 HP_61:aa:c9 HP_61:aa:c9 TELNET
12 1998-06-05 17:20:34.070245 HP_61:aa:c9 HP_61:aa:c9 LLC
13 1998-06-05 17:20:35.069411 HP_61:aa:c9 HP_61:aa:c9 LLC
14 1998-06-05 17:20:35.547414 Cisco_04:41:bc Cisco_04:41:bc LOOP
15 1998-06-05 17:20:36.572394 HP_61:aa:c9 HP_61:aa:c9 LLC
16 1998-06-05 17:20:37.570132 HP_61:aa:c9 HP_61:aa:c9 LLC

so on ......................

i want the output in following format -- for a day --- in a fixed interval of time
i should be prompt for start date and end date , then start time and end time and duration which is HH ( hours) or MM (minutes ) or SS ( seconds) --- this is offline analysis i am making ,
what is below displayed is what i have extracted from a awk script seperately for a 10 mins duration on a certain date.... but the problem i faced is inserting columns correspondingly -- like some time in a certain duration of time there might not be any count of a certain protocol packet then that entry will not be there in that duration then i will be having trouble in using either join or paste----

so which is better ( what kind of scripting ) can any one help me to do this

also since here the missing ones are left blank -- i want to replace that with 0
since i willl be using that for further analysis ( to add or to generate graph)

ofcourse if we have fixed number of protocols with the first field then join will be easy -- but extracting that count from the initial file is what i am finding a bit tricky

could any one please help me


17:20-7:30 17:30-17:40 17:40-17:50 17:50-18:00 18:00-18:10





ARP 6 20 22 42 20 DNS
204 212 92 50 FTP
593 303 183
FTP-DATA
487 1691 131
HTTP
354 596 528 297 ICMP 2 2 2 2 2 LLC 542 456 441 489 528 LOOP 58 60 60 60 60 NTP 18 20 18 18 20 SMTP
760 1600 409 303 TCP
3333 4939 3640 2622 TELNET

55 77 36 SSL




IP




ICAP





626 6289 9939 5671 3938
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Moving files which are generating time to time

Hi all, I always getting great response from this forum, that why i am putting again.... I am working in a company which is giving ATM support.In one of my production server a lot of files are getting generated every day. I want to move these files to another name. The file name which is... (4 Replies)
Discussion started by: Renjesh
4 Replies

2. Shell Programming and Scripting

Generating formatted reports from log files

Given that I have a log file of the format: DATE ID LOG_LEVEL | EVENT 2009-07-23T14:05:11Z T-4030097550 D | MessX 2009-07-23T14:10:44Z T-4030097550 D | MessY 2009-07-23T14:34:08Z T-7298651656 D | MessX 2009-07-23T14:41:00Z T-7298651656 D | MessY 2009-07-23T15:05:10Z T-4030097550 D | MessZ... (5 Replies)
Discussion started by: daccad
5 Replies

3. Red Hat

sarg issue while generating reports for squid

I installed sarg from sarg rpm and i am facing issue while generating sarg reports and getting this time different error below sarg -l /var/log/squid/access.log SARG: Records in file: 242332, reading: 0.00% SARG: Records in file: 242332, reading: 2.06% SARG: Records in file: 242332, reading:... (0 Replies)
Discussion started by: mail4vij
0 Replies

4. Linux

Generating apache log reports

Hello all, I'm trying to find some tool on generating reports based on apache access_log files (of Common format). I found some of them (awstats, lire/logreport, weblog expert, apache logs viewer, etc..) but they generate some global and general report about the log file. Also some perl... (0 Replies)
Discussion started by: enux
0 Replies

5. Shell Programming and Scripting

extract data in a csv file based on a certain field.

I have a csv file that I need to extract some data from depending on another field after reading info from another text file. The text file would say have 592560 in it. The csv file may have some data like so Field 1 Field2 Field3 Field4 Field5 Field6 20009756 1 ... (9 Replies)
Discussion started by: GroveTuckey
9 Replies

6. Shell Programming and Scripting

Matching and Merging csv data fields based on a common field

Dear List, I have a file of csv data which has a different line per compliance check per host. I do not want any omissions from this csv data file which looks like this: date,hostname,status,color,check 02-03-2012,COMP1,FAIL,Yellow,auth_pass_change... (3 Replies)
Discussion started by: landossa
3 Replies

7. UNIX for Dummies Questions & Answers

Generating all possible combinations of values in field 1 (awk)

Input: A|1 B|2 C|3 D|4 Output: A+B|3 A+C|4 A+D|5 B+C|5 B+D|6 C+D|7 A+B+C|6 A+B+D|7 A+C+D|8 B+C+D|9 A+B+C+D|10 I only managed to get the output for pairs of $1 values (i.e. combination of length 2): (4 Replies)
Discussion started by: beca123456
4 Replies

8. UNIX for Beginners Questions & Answers

Pivoting data based on a header field

Hi Team, Could you please help me with the below scenario. I have a file which is in the below format. Zipcode,001,001f,002,002f,003,003f,004,004f,005,005f,006,006f,007,007f 0050, ,0, ,0, ,0, ,1,*,7, ,7, ,7 0060, ,0, ,0, ,7, ,0,*,7, ,0, ,0 Would need the output as below. First field... (1 Reply)
Discussion started by: saj
1 Replies

9. UNIX for Beginners Questions & Answers

Cron job scheduled is running once, but reports are generating twice

Team, Hope you all are doing fine I have one admin server which is being used dedicately to run cron jobs on hourly basis, fetching the details from Database which is in a different server.These cronjob are run on every hourly/5 minutes basis depending as per end user requirement.The script... (12 Replies)
Discussion started by: whizkidash
12 Replies

LEARN ABOUT DEBIAN

flow-tools

flow-tools(1)						      General Commands Manual						     flow-tools(1)

NAME

       flow-tools -- Tool set for working with NetFlow data.

DESCRIPTION

       Flow-tools  is  library and a collection of programs used to collect, send, process, and generate reports from NetFlow data.  The tools can
       be used together on a single server or distributed to multiple servers for large deployments.  The flow-toools library provides an API  for
       development of custom applications for NetFlow export versions 1,5,6 and the 14 currently defined version 8 subversions.  A Perl and Python
       interface have been contributed and are included in the distribution.

       Flow data is collected and stored by default in host byte order, yet the files are portable across big and little endian architectures.

       Commands that utilize the network use a localip/remoteip/port designation for communication.  "localip" is the IP address the host will use
       as  a source for sending or bind to when receiving NetFlow PDU's (ie the destination address of the exporter.  Configuring the "localip" to
       0 will force the kernel to decide what IP address to use for sending and listen on all IP addresses for receiving.  "remoteip" is the  des-
       tination  IP  address  used  for sending or the expected address of the source when receiving.  If the "remoteip" is 0 then the application
       will accept flows from any source address.  The "port" is the UDP port  number  used  for  sending  or  receiving.   When  using  multicast
       addresses the localip/remoteip/port is used to represent the source, group, and port respectively.

       Flows are exported from a router in a number of different configurable versions.  A flow is a collection of key fields and additional data.
       The flow key is {srcaddr, dstaddr, input, output, srcport, dstport, prot, ToS}.	Flow-tools supports one export version per file.

       Export versions 1, 5, 6, and 7 all maintain {nexthop, dPkts, dOctets, First, Last, flags}, ie the next-hop IP address, number  of  packets,
       number  of  octets  (bytes),  start  time,  end time, and flags such as the TCP header bits.  Version 5 adds the additional fields {src_as,
       dst_as, src_mask, dst_mask}, ie source AS, destination AS, source network mask, and destination network mask.  Version 7 which is  specific
       to  the	Catalyst  switches  adds  in addition to the version 5 fields {router_sc}, which is the Router IP address which populates the flow
       cache shortcut in the Supervisor.  Version 6 which is not officially  supported	by  Cisco  adds  in  addition  to  the	version  5  fields
       {in_encaps,  out_encaps, peer_nexthop}, ie the input and output interface encapsulation size, and the IP address of the next hop within the
       peer.  Version 1 exports do not contain a sequence number and therefore should be avoided, although it is safe to store the data as version
       1 if the additional fields are not used.

       Version	8 IOS NetFlow is a second level flow cache that reduces the data exported from the router.  There are currently 11 formats, all of
       which provide {dFlows, dOctets, dPkts, First, Last} for the key fields.

	 8.1 -	Source and Destination AS, Input and Output interface
	 8.2 -	Protocol and Port
	 8.3 -	Source Prefix and Input interface
	 8.4 -	Destination Prefix and Output interface
	 8.5 -	Source/Destination Prefix and Input/Output interface
	 8.9 -	8.1 + ToS
	 8.10 - 8.2 + ToS
	 8.11 - 8.3 + ToS
	 8.12 - 8.5 + ToS
	 8.13 - 8.2 + ToS
	 8.14 - 8.3 + ports + ToS

       Version 8 CatIOS NetFlow appears to be a less fine grained first level flow cache.

	 8.6 - Destination IP, ToS, Marked ToS,
	 8.7 - Source/Destination IP, Input/Output interface, ToS, Marked ToS,
	 8.8 - Source/Destination IP, Source/Destination Port,
	       Input/Output interface, ToS, Marked ToS,

       The following programs are included in the flow-tools distribution.

       flow-capture - Collect, compress, store, and manage disk space for exported flows from a router.

       flow-cat - Concatenate flow files.  Typically flow files will contain a small window of 5 or 15 minutes of exports.  Flow-cat can  be  used
       to append files for generating reports that span longer time periods.

       flow-fanout  -  Replicate  NetFlow  datagrams  to unicast or multicast destinations.  Flow-fanout is used to facilitate multiple collectors
       attached to a single router.

       flow-report - Generate reports for NetFlow data sets.  Reports include source/destination IP pairs, source/destination AS, and top talkers.
       Over 50 reports are currently supported.

       flow-tag  -  Tag  flows based on IP address or AS #.  Flow-tag is used to group flows by customer network.  The tags can later be used with
       flow-fanout or flow-report to generate customer based traffic reports.

       flow-filter - Filter flows based on any of the export fields.  Flow-filter is used in-line with other programs to generate reports based on
       flows matching filter expressions.

       flow-import - Import data from ASCII or cflowd format.

       flow-export - Export data to ASCII or cflowd format.

       flow-send - Send data over the network using the NetFlow protocol.

       flow-receive - Receive exports using the NetFlow protocol without storing to disk like flow-capture.

       flow-gen - Generate test data.

       flow-dscan - Simple tool for detecting some types of network scanning and Denial of Service attacks.

       flow-merge - Merge flow files in chronoligical order.

       flow-xlate - Perform translations on some flow fields.

       flow-expire -  Expire flows using the same policy of flow-capture.

       flow-header - Display meta information in flow file.

       flow-split - Split flow files into smaller files based on size, time, or tags.

AUTHOR

       Mark Fullmer maf@splintered.net

       flow-merge by Larry Lidz ellidz@eridu.uchicago.edu

       Patches and other contribitions by a list too long to mention here.

       flow-tools is avalable at
	(link to URL http://www.splintered.net/sw/flow-tools) .

       A mailing list is maintained at flow-tools@splintered.net

SEE ALSO

       flow-capture(1)	flow-cat(1)  flow-dscan(1)  flow-expire(1)  flow-export(1) flow-fanout(1) flow-filter(1) flow-nfilter(1) flow-gen(1) flow-
       header(1) flow-import(1) flow-merge(1) flow-print(1) flow-receive(1) flow-report(1)  flow-send(1)  flow-split(1)  flow-stat(1)  flow-tag(1)
       flow-xlate(1)

																     flow-tools(1)
All times are GMT -4. The time now is 09:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy