Analyzer Subnetting Error.

Forum|Forum|9 years ago
November 8, 2016
1 reply
34164 views

Hello,

I am basically trying to create a report which will have the networks displayed in one column and beside that the values of who the maximum band width user is , the maximum session an so on will be there.

The network which I am working on is a /22 network for which I am editing the data set so that I get reporting based on /22 subnets ,

select ip_subnet(`srcip`) as subnet, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth, sum(coalesce(rcvdbyte, 0)) as traffic_in, sum(coalesce(sentbyte, 0)) as traffic_out, count(*) as sessions from $log where $filter and logid_to_int(logid) not in (4, 7, 14) and ( ( `srcip` <<=inet('10.22.64.0/22') OR `srcname` = '10.22.64.0/22')) group by subnet having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc

The Analyzer instead of taking the /22 subnet mask it is taking as /24 and giving me a report which obviously is not the one what I want. Would be great if someone could point out were I am going on. I have attached the output as well do have a look.

script.gif

5.4

Best answer by hzhao_FTNT

Again, maybe you need a fixed string for it. try:

select (case when `srcip` <<= inet('10.22.0.0/22') then '10.22.0.0/22' else 'Others' end) as subnet, coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, sum(coalesce(`sentbyte`, 0)+coalesce(`rcvdbyte`, 0)) as bandwidth from $log where $filter and logid_to_int(logid) not in (4, 7, 14) and `srcip` <<= inet('10.22.0.0/22') group by subnet, user_src order by bandwidth desc

hzhao_FTNT

Staff

Hi there, currently the function ip_subnet only support subnet 0/8/16/24/32, please do not use it. In your case, you can use a fixed string to make it work.

select '10.22.64.0/22' as subnet, sum(coalesce(sent........

regards,

hz

sarathd24Author

New Member

Hi hz,

Thank you so much for your reply. I really appreciate it. Yes you were right it seems that ip_subnet function doesnt support /22 subnets as of now.But let me explain what were trying here. I need to get the top 10 users per subnet and we have multiple subnets. As per your suggestions when we give 10.22.64.0 / 22 it is just displaying 10.22.64.0 and showing all information of all my subnets.

Is there any way where I can generate a report like:

For 10.22.64.0/22 - The top ten user list

for 10.22.68.0/22 - The top ten user list followed by summary of that subnet

likewise for all the /22 subnets I have. ?

'Subnet Top User by Bandwidth' is the pre configured report but it showing only /24 mask. Would be great if I could some how manipulate it to give me /22. Is there any solution for this or Am I stuck ?

hzhao_FTNT

Staff

Hi there.

I think the easiest way is create a report and insert predefined chart "Top Users by Bandwidth" couple of times, then add different subnet filter to each chart. To add a chart filter, just double click the chart in layout edit and add a filter "srcip equal to 10.22.64.0/22".

Regards,

hz

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded