LMS 4.2 and traffic monitor

Hello
is there any way to monitor traffic type passing through the WAN links on routers using LMS 4.2 ?

any idea ?
Sent from Cisco Technical Support iPhone App

Similar Messages

  • EA4500 and Traffic Monitoring / Logging

    Hi all,
    I'm thinking of switching to another ISP which is faster and cheaper than who I'm currently with.
    Only problem is they have data caps.
    Does anybody know of a way to log inbound/outbound traffic usage with this router so that I can make sure I'm not going to hit monthly limits?
    Thank you.

    It’s actually an option that you can enable on this router. You can enable the log on this router to allow you to monitor traffic between the local network and the Internet. If you are using the classic firmware, you can enable it by accessing the router page > Administration > Log. If you are using the smart wifi firmware, this link will give you the instructions:Enabling the Logs feature using your Linksys Smart Wi-Fi Account.

  • Can an Ironport work in both WCCPv2 and L4 Traffic monitoring modes at the same time?

    Hello Ciscoers,
    We have an ironport installed and we use WCCPv2 to redirect the traffic. And as it occurs, I have a need to forward the traffic for another network, that uses another path to the Internet.
    So I was thinking using the L4 Traffic Monitoring.
    To the best of your knowledge, is there a way to have the appliance use both WCCPv2 and L4 Traffic monitoring at the same time? From the configuration, it's one or the other.
    Thanks,
    J.

    Ok. I'll try.
    As a matter of fact, I plan to use policy-based routing to forward all the "interesting" traffic to the appliance.
    For your TCP-Resets not seen, do you allow ingress on the span session?
    J.

  • LMS 2.1 and nGenius Real-Time Monitor 1.4

    Dear NetPros,
    Is the LMS 2.1 and the nGenius Real-Time Monitor 1.4 can be installed on the same system?
    Regards,
    Steve

    Yes, but not recommended. Keeping them on separate servers will be more beneficial.

  • L4 Traffic Monitor question

    In the IronPort web security appliance documentation, it indicates that the L4 traffic monitor ports (T1 and/or T2) should be connected to either a network tap or switch span.
    I'm a little confused as to how this is supposed to be set up.
    Does it mean that you take 2 ports on a switch, one on the same subnet/vlan as the P1 interface (data) on the IronPort, and the other that is on the subnet/vlan as the firwall (outbound Internet traffic) and create 2 monitor sessions (spans)? If so, where are these sessions pointed to?
    Isn't the IronPort supposed to be doing the tapping/inspection?
    The whole external tap thing has me confused.

    Colin,
    One way to think of it is that the WSA has 2 inspection engines that don't actually talk to one another...
         1. the web proxy, where you're using WCCP to send specific traffic to
         2. the L4TM engine that you send a spanned port to to catch all of the other weird stuff.
    The web proxy does all of the user tracking/policy stuff, etc. Watching a specific set of ports.
    The L4TM is intended for malware that might be running on your net... sort of like the Botnet Traffic filter that's available on ASA.
    That said, you'll use 1 port for P1 on whatever vlan, redirection to that happens via WCCP or explicit proxy. 
    For the L4TM tap you can use 1 or 2 ports on the swtich, or none if you use an external tap.  In the Network/Interfaces page, you set whether you want L4TM to use simplex or Duplex.  If you use Duplex, just do a span session off the port the firewall is plugged into to the port that you connect T1 into...
    If you use Simplex, you do 2 span sessions off of the port the firewall is connected to... ingress traffic on the port (eg. out of the firewall) to the port T1 is connected to, egress traffic on the port (eg. going to the firewall) spanned to the port T2 is hooked up to. 
    If you use an external tap, put it inline between the firewall and the switch, set the WSA for duplex and connect the "monitor" port to T1...
    Hope that helps!
    Ken

  • Agent Desktop Recording and Silent Monitoring with IP Communicator.

    Reading through the forums I have seen several posts which make me think this should work, but I can't seem to get silent monitoring or recording using the agent desktop to work when the agent is connected through IP communicator.   Currently I have help desk agents using extension mobility to log into 7962s that are connected to thier desktops running agent desktop connecting to UCCX 7.01.  Silent monitoring and recording work fine with thier hard phones. When I install IP communicator on the PC and log into it using EM, the agent desktop takes control of the IPC just fine and will distribute calls to it, but my recordings are blank and silent monitoring from an supervisor station fails to initialize.  Is there something I am missing in the configuration that is special when using IPC instead of a hard phone?  Thanks in advance.

    Couple of things I've learned about the CIPC and monitoring/recording:
    No named devices.  Use the SEP + Mac Address of the local Ethernet interface.
    Ensure the Ethernet interface can be put into permiscuous mode.
    Ensure you are NOT using a shared line appearance for the IPCC Extension.
    If you are using CAD to do the monitoring/recording, launch the CIPC before you launch CAD
    If you are using SPAN, ensure the CIPC RTP traffic will traverse the network where the SPAN interface is located.
    If you are calling phone-to-phone, know that the CIPC will attempt to negoitiate G.722.  UCCX cannot monitor/record G.722.  Set the region or call to the PSTN where you can guarantee a G.711 or G.729 call.

  • Need help in generating L4 Traffic monitor logs

    Hi,
    As a part of my project I need to study different types of logs produced by Cisco IronPort. I could generate some access and authentication logs however not sure about generating the L4 Traffic Monitor logs. Can anyone point me to right documentation that will help me generate those logs?
    Thanks,
    Harshad Kashikar

    Harshad,
    L4 Traffic Monitoring needs to be configured within the IronPort - first question is do you have a SPAN/TAP port set up on your switch to capture L4 traffic?
    Second, I only use this feature to capture information on malware/spyware - I have seen P2P, IRC, and 'phone-home' traffic amongst other things.  Do you have an infected host you can monitor?
    BF

  • L4 traffic monitor - blocking traffic ?

    Hello
    How does L4 traffic monitor is blocking traffic if T1/T2 ports are "tap/sniffed ports" ?
    For SPAN we might have "ingress vlan feature" which would allow us to send TCP RST (like IPS does),
    but for hardware TAP we do not have such a feature.
    So - maybe L4 traffic monitor can not block any traffic, just make a decision what to block and execution is on WebProxy and P1/2 ports ?
    Thanks

    Michael,
    Yes, the reset is sent via P1
    Ken
    Sent from Cisco Technical Support iPad App

  • Traffic monitoring for Coherence 3.1

    The objective of our small project is to monitor the traffic on our coherence clusters. We also were trying to put the cache traffic as a object in the same cache name. The problem we encountered was during performance tests something happened to the coherence clusters and there appears to be some kind of lock not being released for others which made all the weblogic cluster go down. Weblogic went down with "too many open files". We have thread dumps which I can send if you guys need it nevertheless I have attached a part which I suspect is the reason.
    Heres the Code that was trying to do the monitoring. The doPut Servlet method does the put , after the put it calls a method RegisterTraffic which has a small logic to increment the count & put back into the cache. It has a Lock for the particular "Traffic" key.
    * The Servlets doPut method - Handles the Cache Put Requests
    * @param HttpServletRequest request, HttpServletResponse response
    * @return void
    * @throws CacheException
    public void doPut(HttpServletRequest request, HttpServletResponse response) throws
    ServletException, IOException {
         ServletOutputStream out = response.getOutputStream();
         String value = "";
         try {
              String id = request.getPathInfo();
              String expires = request.getHeader("Expires");
              String contentType = request.getContentType();
              String app_name = request.getHeader("App-Name");
              int contentLength = request.getContentLength();
              if (contentLength > 0) {
                   byte valueArray[] = new byte[contentLength];
                   ServletInputStream in = request.getInputStream();
                   int bytesRead = 0;
                   int offset = 0;
                   while (bytesRead > -1) {
                        bytesRead =
                             in.read(valueArray, offset, valueArray.length - offset);
                        offset += bytesRead;
                        if (offset == contentLength) {
                        break;
                   DataObject myValue = new DataObject();
                   myValue.setByte(valueArray);
                   myValue.setExpirationTime((Long.parseLong(expires))*1000);
                   Cache_Manager.put(id, myValue);
                   response.setContentType("application/octet-stream");
                   value = "ID "+id+" Stored";
                   out.write(value.getBytes());
                   out.flush();
                   RegisterTraffic(app_name,"PUT");
         } catch (Exception ex) {
              response.setContentType("application/octet-stream");
              value = "CACHE_ERROR:"+ErrorCode.INTERNAL_PROBLEM_CODE+":"+"doPut:"+ErrorCode.INTERNAL_PROBLEM_MSG;
              response.setContentLength(value.length());
              out.write(value.getBytes());
              throw new ServletException(value+"\n"+ex.getMessage());
    * The Servlets Traffic Monitor method - Handles the Traffic monitoring
    * @param appname, get or put or clear
    * @return void
    * @throws CacheException
    public void RegisterTraffic(String appName, String action) {
         String trafficKey = "Traffic";
         try {
              HashMap hmTotal = new HashMap();
              HashMap hmToday = new HashMap();
              Object obj = null;
              HIDataObject dObj = null;
              String today = (new java.util.Date().toString()).substring(0,3);
              //String today = "SAT";
              Long totalTrafficCount = new Long(1);
              Long todayTrafficCount = new Long(1);
              long totalCnt = 0;
              long todayCnt = 0;
              // Lock the Object.
              Cache_Manager.lock(trafficKey,-1);
              try{
                   dObj = (HIDataObject)Cache_Manager.get(trafficKey);
              } catch(java.lang.NullPointerException nex) {
                   // If this Exception then we are doing it for the first time.
                   // Ignore this exception
              } catch(Exception exe) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
              if (dObj != null) {
                   hmTotal = dObj.getTotalTrafficHashMap();
                   hmToday = dObj.getTodayTrafficHashMap();
              // HashMap.get will throw error for the first time , so initialize to 1.
              try{
                   totalTrafficCount = (Long)hmTotal.get(appName+"-"+action);
              } catch(java.lang.NullPointerException nex) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
              try{
                   todayTrafficCount = (Long)hmToday.get(today+"-"+appName+"-"+action);
              } catch(java.lang.NullPointerException nex) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
              try{
                   totalCnt = totalTrafficCount.longValue();
                   todayCnt = todayTrafficCount.longValue();
              } catch (Exception e) {
              // Increase the counn here
              totalCnt++;todayCnt++;
              hmTotal.put(appName+"-"+action,new Long(totalCnt));
              hmToday.put(today+"-"+appName+"-"+action,new Long(todayCnt));
              try{
                   HIDataObject myValue = new HIDataObject();
                   myValue.setTotalTrafficHashMap(hmTotal);
                   myValue.setTodayTrafficHashMap(hmToday);
                   myValue.setExpirationTime(86400000);
                   Cache_Manager.put(trafficKey, myValue);
              } catch (Exception exe){
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
         } catch (Exception ex) {
              CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+ex.getMessage());
         } finally {
              Cache_Manager.unlock(trafficKey);
    Weblogic Thread Dumps
    "TcpRingListener" id=76 idx=0x96 tid=19164 prio=6 alive, in native, daemon
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0xc5f4238[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "DistributedCache" id=78 idx=0x98 tid=19165 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)[optimized]
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)[optimized]
    ^-- Lock released while waiting: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "ListenThread.Default" id=79 idx=0x9a tid=19166 prio=5 alive, in native
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0x1729efc8[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at weblogic/socket/WeblogicServerSocket.accept()Ljava/net/Socket;(WeblogicServerSocket.java:26)
    at weblogic/t3/srvr/ListenThread.accept()Ljava/net/Socket;(ListenThread.java:735)
    at weblogic/t3/srvr/ListenThread.run()V(ListenThread.java:301)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    Blocked lock chains
    ===================
    Chain 2:
    "ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'" id=53 idx=0x70 tid=18903 waiting for java/lang/String@0x102fb4d8 held by:
    "ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'" id=52 idx=0x6e tid=18902 in chain 1
    Coherence Thread Dumps
    "PacketPublisher" id=21 idx=0x32 tid=20248 prio=6 alive, in native, waiting, daemon
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
    ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$PacketPublisher$Queue@0xcb36648[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "Cluster" id=22 idx=0x34 tid=20249 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
    ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "PO Async Executor" id=27 idx=0x36 tid=20436 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: java/lang/Object@0xa7573d8[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at jrockit/vm/Locks.wait(Ljava/lang/Object;J)V(Unknown Source)
    at java/lang/Object.wait()V(Native Method)
    at com/wily/EDU/oswego/cs/dl/util/concurrent/BoundedLinkedQueue.take()Ljava/lang/Object;(BoundedLinkedQueue.java:225)
    ^-- Lock released while waiting: java/lang/Object@0xa7573d8[fat lock]
    at com/wily/EDU/oswego/cs/dl/util/concurrent/QueuedExecutor$RunLoop.run()V(QueuedExecutor.java:82)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "TcpRingListener" id=24 idx=0x38 tid=20252 prio=6 alive, in native, daemon
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0xd441530[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)

    Hi user638596.
    Frankly, there is not enough information to go by. The code you pointed to is definitely not "bullet proof". First, after the lock has been acquired, it only catches Exceptions, so any Errors (e.g. OutOfMemoryError) would "leak" a lock. In general, the locking-protected code should look like (in pseudo-code):
    lock();
    try
      operations();
    finally
      unlock();
      }However, without seeing the log files and entire thread dump, it's impossible to figure out a real reason. I'd suggest you to submit those to our support at Oracle Metalink.
    Regards,
    Gene

  • [Request] NTM - Network Traffic Monitor

    Hi to everyone:
    Could anyone package this?: NTM - Network Traffic Monitor
    NTM is a monitor of the network and internet traffic for GNU/Linux. Some characteristics:
        * Choice of the interface to monitoring.
        * Period to monitoring: Day, Week, Month, Year or Custom Days. With autoupdate.
        * Threshold: Autodisconnection if a limit is reached (by NetworkManager).
        * Traffic Monitoring: Inbound, outbount and total traffic; Show the traffic speed.
        * Time Monitoring: Total time of connections in the period.
        * Time Slot Monitoring: Number of sessions used.
        * Reports: Show of average values and daily traffic of a configurable period.
        * Online checking with NetworkManager or by "Ping Mode".
        * The traffic is attributed to the day when the session began.
        * Not need root privilege.
        * Not invasive, use a system try icon.
    NTM is useful for the people that have a internet plan with a limit, and moreover the exceed traffic is expensive.
    NTM is write in python and is a open source software, the license is the GNU GPL v2.
    A lot of thanks.

    #Maintairner: Brieuc Roblin <brieuc.roblin at gmail dot com>
    pkgname='ntm'
    pkgver='1.2.2'
    pkgrel='1'
    pkgdesc="Monitor of the network and internet traffic"
    arch=('i686' 'x86_64')
    license=('GPL')
    depends=('pywebkitgtk' 'lsb-release' 'networkmanager')
    makedepends=('dpkg')
    url=('http://netramon.sourceforge.net/eng/index.html')
    source=('http://freefr.dl.sourceforge.net/project/netramon/NTM/ntm-1.x/ntm-1.2.2.deb')
    md5sums=('ec438b8c952ac866ffdaa57538d189b7')
    build() {
    cd "$srcdir"
    # Extracting deb
    msg2 "Extracting .deb ..."
    dpkg-deb -x ntm-*.deb deb
    cd "deb"
    # Installing
    msg2 "Installing..."
    cp -r . "$pkgdir"/
    I can't really test the program as I'm not using NetworkManager.
    Last edited by PyrO_70 (2010-08-20 19:18:24)

  • Cisco WSA : no data found in L4 traffic monitor summary

    Hello !
    Does L4 traffic monitor only display rogue traffic ? Because, I made a packet capture on the T1 interface and i saw that there was a lot of traffic but in the overview, no data was found in the field "L4 Traffic Monitor Summary". Is it normal ? There is a screenshot in enclosed files.
    Thank you,
    Stephane Walker

    UDP ports will not be blocked.
    The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
    I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
    Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
    I'll check this out when I'm in the office and will get back to you.
    -Vance

  • UDP traffic analyzed in L4 traffic monitor?

    Dear all,
    I just wonder if anyone knows whether UDP traffic is analyzed by the WSA's L4 traffic monitor?
    It just tells "all ports" in the settings and reports also only reflect port numbers but no details like
    which protocol (tcp/udp).
    Anyone?
    Best,
    Hascha

    UDP ports will not be blocked.
    The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
    I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
    Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
    I'll check this out when I'm in the office and will get back to you.
    -Vance

  • Traffic monitoring

    I have a Cisco 4507 and would like to start monitoring traffic analysis and must admit Im a beginer so any information would be gratefully received

    Hello,
    you can use netflow traffic monitoring and analyzis. More information about netflow you can read on the cisco pages http://www.cisco.com/go/netflow or in the documentation of our software on the: http://www.caligare.com/netflow/download.php (section appendix 1). If you have more questions regarding netflow let me know...
    Jan
    Caligare Co.
    http://www.caligare.com

  • 24 Hr Network Traffic Monitoring

    Hi Markus,
    I got this 24-hour Network traffic monitoring output using the program you gave me ;)
    I run every hour this > ./network-traffic.sh -c 1
    It will give me 1 line output like this,
    Monitoring eth0 every 3 seconds. (RXbyte total = 1 Gb TXbytes total = 2 Gb)
    RXbytes = 58 Kb TXbytes = 51 Kband I call this program every hour via cron, to produce and output like this:
    27-Oct-2010 00:00:07    RXbytes = 10 Kb TXbytes = 9 Kb
    27-Oct-2010 01:00:07    RXbytes = 11 Kb TXbytes = 9 Kb
    27-Oct-2010 02:00:07    RXbytes = 7 Kb TXbytes = 6 Kb
    27-Oct-2010 03:00:07    RXbytes = 48 Kb TXbytes = 42 Kb
    27-Oct-2010 04:00:07    RXbytes = 448 b TXbytes = 0 b
    27-Oct-2010 05:00:08    RXbytes = 128 b TXbytes = 0 b
    27-Oct-2010 06:00:07    RXbytes = 128 b TXbytes = 0 b
    27-Oct-2010 07:00:08    RXbytes = 256 b TXbytes = 0 b
    27-Oct-2010 08:00:08    RXbytes = 14 Kb TXbytes = 24 Kb
    27-Oct-2010 09:00:07    RXbytes = 11 Kb TXbytes = 10 Kb
    27-Oct-2010 10:00:08    RXbytes = 11 Kb TXbytes = 10 Kb
    27-Oct-2010 11:00:07    RXbytes = 48 Kb TXbytes = 85 Kb
    27-Oct-2010 12:00:08    RXbytes = 9 Kb TXbytes = 8 Kb
    27-Oct-2010 13:00:07    RXbytes = 13 Kb TXbytes = 28 Kb
    27-Oct-2010 14:00:08    RXbytes = 53 Kb TXbytes = 46 Kb
    27-Oct-2010 15:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
    27-Oct-2010 16:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
    27-Oct-2010 17:00:08    RXbytes = 40 Kb TXbytes = 94 Kb
    27-Oct-2010 18:00:07    RXbytes = 13 Kb TXbytes = 30 Kb
    27-Oct-2010 19:00:08    RXbytes = 6 Kb TXbytes = 9 Kb
    27-Oct-2010 20:00:08    RXbytes = 12 Kb TXbytes = 12 Kb
    27-Oct-2010 21:00:08    RXbytes = 15 Kb TXbytes = 40 Kb
    27-Oct-2010 22:00:07    RXbytes = 9 Kb TXbytes = 11 Kb
    27-Oct-2010 23:00:07    RXbytes = 11 Kb TXbytes = 9 KbIs this output data gathering style valid?
    I want to give this report to my boss using spreadsheets, but I want to put comments like :
    1. at what hour is the network busiest?
    2. at what hour is the network the not-busiest?
    How do I sort this output from busiest (descending order)?
    Thanks a lot,
    Ms K

    Hi again markie,
    This is my actual source code of eth0stat.sh:
    # File: eth0stat.sh
    # Purpose: Gather network traffic increase between readings
    # Command: . ./eth0stat.sh
    ifcmd='/sbin/ifconfig eth0'
    timestamp=$(date "+%D %T")
    logfile=/u01/Monitor/eth0stat.txt
    old_rxbytes=$RXBYTES
    old_txbytes=$TXBYTES
    get_rxbytes() {
       $ifcmd | grep "RX bytes" | cut -d: -f2 | awk '{ print $1 }'
    get_txbytes() {
       $ifcmd | grep "TX bytes" | cut -d: -f3 | awk '{ print $1 }'
    RXBYTES=$(get_rxbytes); export RXBYTES
    TXBYTES=$(get_txbytes); export TXBYTES
    if [ $old_rxbytes > 0 ]; then
       diff_rxbytes=$(($RXBYTES - $old_rxbytes))
    else
       diff_rxbytes=0
    fi
    if [ $old_txbytes > 0 ]; then
       diff_txbytes=$(($TXBYTES - $old_txbytes))
    else
       diff_txbytes=0
    fi
    echo "$timestamp,RXbytes:$diff_rxbytes,TXbytes:$diff_txbytes" >> $logfileI created the new program you gave me (eth0stat.sh) and called it from cron every our, but I got this result:
    11/01/10 15:00:07,RXbytes:0,TXbytes:0
    11/01/10 16:00:07,RXbytes:0,TXbytes:0
    11/01/10 17:00:07,RXbytes:0,TXbytes:0
    11/01/10 18:00:07,RXbytes:0,TXbytes:0
    11/01/10 19:00:07,RXbytes:0,TXbytes:0
    11/01/10 20:00:07,RXbytes:0,TXbytes:0
    11/01/10 21:00:07,RXbytes:0,TXbytes:0
    11/01/10 22:00:08,RXbytes:0,TXbytes:0
    11/01/10 23:00:07,RXbytes:0,TXbytes:0
    11/02/10 00:00:07,RXbytes:0,TXbytes:0
    11/02/10 01:00:08,RXbytes:0,TXbytes:0
    11/02/10 02:00:08,RXbytes:0,TXbytes:0
    11/02/10 03:00:07,RXbytes:0,TXbytes:0
    11/02/10 04:00:07,RXbytes:0,TXbytes:0
    11/02/10 05:00:07,RXbytes:0,TXbytes:0
    11/02/10 06:00:08,RXbytes:0,TXbytes:0
    11/02/10 07:00:08,RXbytes:0,TXbytes:0
    11/02/10 08:00:07,RXbytes:0,TXbytes:0
    11/02/10 09:00:08,RXbytes:0,TXbytes:0
    11/02/10 10:00:08,RXbytes:0,TXbytes:0The output has all 0 bytes :( . Is there something I missed out?
    I compared it to the other one I got:
    1-Nov-2010 15:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 16:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 17:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 18:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 19:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 20:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 21:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 22:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 23:00:07     RXbytes = 11 Kb TXbytes = 9 Kb
    2-Nov-2010 00:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 01:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 02:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 03:00:07     RXbytes = 7 Kb TXbytes = 6 Kb
    2-Nov-2010 04:00:07     RXbytes = 256 b TXbytes = 0 b
    2-Nov-2010 05:00:07     RXbytes = 320 b TXbytes = 0 b
    2-Nov-2010 06:00:08     RXbytes = 0 b TXbytes = 0 b
    2-Nov-2010 07:00:08     RXbytes = 466 b TXbytes = 0 b
    2-Nov-2010 08:00:07     RXbytes = 1 Mb TXbytes = 19 Mb
    2-Nov-2010 09:00:08     RXbytes = 1 Mb TXbytes = 22 Mb
    2-Nov-2010 10:00:08     RXbytes = 12 Kb TXbytes = 91 KbThe is seem to be movement starting at 8am Nov 2, 2010.
    Please help me debug the eth0stat.sh.
    Thanks again so much

  • What is difference between BP monitor and supplier monitor?

    hi friends
    what is difference between BP monitor and Supplier Monitor
    what is tcode for BPmonitor
    Regards
    Vinny

    Hi Vinny,
    Please refer to the following links. These seems useful:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f051efda-bc58-2910-3785-e60d1f798c96
    The specified item was not found.
    New Business Process Monitoring functionalities in SAP Solution Manager – ALE / IDoc Monitoring
    Regards,
    Saumya

Maybe you are looking for

  • PHP,MYSQL,ORACLE,APACHE issue?

    Hello All, In my oracle 10gr2 server that is build on rhel4, we have web based portal, now that web based portal connects to oracle and mysql, my problem is that, the developer told me that i have to install php4, apache2 with support of OCI8, i have

  • Issue in my first JDBC pgm

    Hi All, This is my first JDBC Pgm... I got the driver mysql driver and placed the same in the lib of the jdk... when i compile teh java file without the Statement and Resultset it compiles fine.. but when i compile tis file, import java.sql.Connectio

  • Missing Required System Fonts or CMap Files

    Somehow an entire "Adobe" folder got moved to my trash accidentally. I'm now getting an error when I try to open Adobe InDesign CS5 saying "missing required system fonts or CMap files" and it shuts down on me. I'm ASSUMING it's because that folder is

  • RSA3 no possible

    My using standard 2LIS extractor to load the PO Item data into BW. I have peformed the Setup Table, and loaded the data into BW. Created the InfoPack to pull in Delta, everything seem to be OK. Now, for some reason, I need to test and see some PO Ite

  • Problems with IE and Spry menu

    I have created a horizontal spry menu using DW CS3 for Mac. When viewed with IE for the PC, a couple of the drop down menus fly up completely unattached to the menu bar and the menu bar is reversed left to right. Does anyone have a solution to this p