Detailed Conversations
Moderators: scottr, Moderator Team
7 posts
• Page 1 of 1
Detailed Conversations
by tjnichol » Fri Mar 20, 2009 9:12 am
Question:
I'd like to know if there is a way to export detailed conversations into a .csv format without having to drill down into a single conversation.
Any tips on getting that kind of information simply by the netflow through a router interface?
Thanks!
I'd like to know if there is a way to export detailed conversations into a .csv format without having to drill down into a single conversation.
Any tips on getting that kind of information simply by the netflow through a router interface?
Thanks!
- tjnichol
- Posts: 5
- Joined: Fri Mar 20, 2009 9:06 am
- Location: Mooresville, NC
Re: Detailed Conversations
by tomp » Fri Mar 20, 2009 9:43 pm
I'll check with development to see if this feature will be available in v7. I'm 95% certain a detailed conversation information cannot be exported for an interface at the moment.
-
tomp - Site Admin
- Posts: 289
- Joined: Wed Jul 27, 2005 9:53 am
- Location: Sunny Sanford Maine
Re: Detailed Conversations
by tjnichol » Wed Mar 25, 2009 12:41 pm
Thank you. This will certainly be an enhanced feature should it be decided to be implemented. It would catch a level of detail that could really be used many way.
Thanks for the feedback.
Thanks for the feedback.
- tjnichol
- Posts: 5
- Joined: Fri Mar 20, 2009 9:06 am
- Location: Mooresville, NC
Re: Detailed Conversations
by tjnichol » Thu Apr 02, 2009 2:35 pm
Just to clarify -
From the status page, you can search a particular flow device and it will give you a report, based upon the searched IP, a SRC and DST report. This is a summary report.
When I click on for example the SRC report, it displays, by default the top protocols for that particular IP address. I can then select from a drop-down menu to View Conversations. This produces a report for Top Conversations for X.X.X.X.
Below it, the source and destination addresses are listed in sequential order. Of course I can drill down into each conversation and see & download a .csv file for that particular conversation between two hosts.
By default, if you click on the "download as CSV" it will only show you the 1st conversation.
I would like to be able to see all detailed conversations for all results on that page. So, for example if Top Conversations for a specified address lists 15 conversations, clicking on the CSV option would show the a large CSV file with every conversation to each of those 15 addresses.
Sorry for the long post, but getting detailed conversations for many servers proves to be monotonous. Thanks!
From the status page, you can search a particular flow device and it will give you a report, based upon the searched IP, a SRC and DST report. This is a summary report.
When I click on for example the SRC report, it displays, by default the top protocols for that particular IP address. I can then select from a drop-down menu to View Conversations. This produces a report for Top Conversations for X.X.X.X.
Below it, the source and destination addresses are listed in sequential order. Of course I can drill down into each conversation and see & download a .csv file for that particular conversation between two hosts.
By default, if you click on the "download as CSV" it will only show you the 1st conversation.
I would like to be able to see all detailed conversations for all results on that page. So, for example if Top Conversations for a specified address lists 15 conversations, clicking on the CSV option would show the a large CSV file with every conversation to each of those 15 addresses.
Sorry for the long post, but getting detailed conversations for many servers proves to be monotonous. Thanks!
- tjnichol
- Posts: 5
- Joined: Fri Mar 20, 2009 9:06 am
- Location: Mooresville, NC
Re: Detailed Conversations
by mpatters » Thu Apr 02, 2009 8:36 pm
Hello,
Regarding "By default, if you click on the "download as CSV" it will only show you the 1st conversation." I would like to investigate this personally. It could be a bug.
I want to make sure I understand what you need as I can probably get it into v7 if it isn't in v6. Can you call me?
Regarding "By default, if you click on the "download as CSV" it will only show you the 1st conversation." I would like to investigate this personally. It could be a bug.
I want to make sure I understand what you need as I can probably get it into v7 if it isn't in v6. Can you call me?
Michael Patterson
Scrutinizer Product Manager
(207)324-8805 x222
Bio: viewtopic.php?f=20&t=1296
Blogs: http://www.plixer.com/blog/author/mikeplixercom/
Twitter: http://twitter.com/netflowpm
Scrutinizer Product Manager
(207)324-8805 x222
Bio: viewtopic.php?f=20&t=1296
Blogs: http://www.plixer.com/blog/author/mikeplixercom/
Twitter: http://twitter.com/netflowpm
-
mpatters - Posts: 248
- Joined: Mon Oct 30, 2006 11:27 pm
- Location: Sanford, Maine
Re: Detailed Conversations
by tjnichol » Wed Apr 22, 2009 1:39 pm
Sorry so late in checking back with the forum. I left you a voice mail to call back.
I would love to see scrutinizer be able to produce data to create firewall rules. I can produce what I need from the router interface: show ip cache flow
SrcIf SrcIPaddress DstIPaddress Pr SrcP DstP Pkts
.
.
.
So, if I had the capability to scan an IP Network to any ; any to IP Network and produce:
SrcIP ---> DstIPaddress ---> DstP
Custom reports works great, but it only shows the source port.
I would love to see scrutinizer be able to produce data to create firewall rules. I can produce what I need from the router interface: show ip cache flow
SrcIf SrcIPaddress DstIPaddress Pr SrcP DstP Pkts
.
.
.
So, if I had the capability to scan an IP Network to any ; any to IP Network and produce:
SrcIP ---> DstIPaddress ---> DstP
Custom reports works great, but it only shows the source port.
- tjnichol
- Posts: 5
- Joined: Fri Mar 20, 2009 9:06 am
- Location: Mooresville, NC
Re: Detailed Conversations
by benp » Wed Apr 22, 2009 2:43 pm
Hello tjnichol --
Mike's out this week but I'm sure he'll be in touch when he gets back. You can also feel free to call support at extension 4 and give them the details of your feature request -- they'll pass it on to us in Development, and they can also take a look at any issues you might still be having with the product.
Thanks again for the feedback!
Mike's out this week but I'm sure he'll be in touch when he gets back. You can also feel free to call support at extension 4 and give them the details of your feature request -- they'll pass it on to us in Development, and they can also take a look at any issues you might still be having with the product.
Thanks again for the feedback!
-
benp - Posts: 114
- Joined: Fri Nov 10, 2006 1:42 pm
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests