Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 8084 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reporting issue on source and destination

EricMartinson

Hello all,


I've been searching everywhere for this, maybe someone here has more insight than I'm able to find.

I have a UTM 9, version 9.315-2. I noticed from the executive report that I have a bandwidth hog that I wanted to dig deeper into. Problem is, I can't see any more information on what external IP (we have ~30) that source is hitting, no matter what I've tried. I even tried digging into the logs to see if I could just trace all of the external IPs and do the math from there. But none of the logs have that source IP in them. It has to be somewhere but for the life of me I can't find it.

Anyone have insight into this? The apps behind the firewall are not setup for logging properly (yet) so I'm at a dead end there too. Any help there would be most appreciated.


Thanks,

Eric



This thread was automatically locked due to age.
Parents
  • 0

    Does this, with appropriate modifications, get you closer?

    Command line:

    psql reporting -U reporting -c "SELECT srcip, dstip, l4_dport, cast(SUM(raw_in_pktlen) AS bigint) AS total_raw_in_pktlen, cast(SUM(raw_out_pktlen) AS bigint) AS total_raw_out_pkt_len, cast(SUM(raw_in_pktlen + raw_out_pktlen) AS bigint) AS combined_total_pktlen FROM accounting WHERE logday::date = '2015-11-18' AND srcip = '192.0.2.101' GROUP BY srcip, dstip, l4_dport ORDER BY combined_total_pktlen"
Reply
  • 0

    Does this, with appropriate modifications, get you closer?

    Command line:

    psql reporting -U reporting -c "SELECT srcip, dstip, l4_dport, cast(SUM(raw_in_pktlen) AS bigint) AS total_raw_in_pktlen, cast(SUM(raw_out_pktlen) AS bigint) AS total_raw_out_pkt_len, cast(SUM(raw_in_pktlen + raw_out_pktlen) AS bigint) AS combined_total_pktlen FROM accounting WHERE logday::date = '2015-11-18' AND srcip = '192.0.2.101' GROUP BY srcip, dstip, l4_dport ORDER BY combined_total_pktlen"
Children
No Data
Unfiltered HTML