[c-nsp] Top X ASN with flowscan / flow-tools anyone doing it?

Wed Oct 6 03:38:28 EDT 2004

Hi,

here is something very simple that I use to produce a weekly report of the Top ASN (global and
by router) from my netflow files

Sorry for the off topic, since this script is used on Juniper boxes here (works fine on Cisco
netflow files if you remove the scale stuff)

-------------------------------------------------
#!/usr/bin/perl

use POSIX qw(ceil floor);

# flow-stat doit etre lance avec l'option -p
my $period;
# scale dans juniper/tlh, non gere par flow-stat
my $scale = 10000;

my $topn = 50;
my $i=0;

my ($as, $flows, $octets, $packets, $asdescr, $bw);

format STDOUT_TOP =
+--------------------------------+---------+-----------+
| AS Descr                       | AS Num  | Bandwidth |
+--------------------------------+---------+-----------+
.

format STDOUT =
| @<<<<<<<<<<<<<<<<<<<<<<<<<<<<< |@>>>>>>> |@>>>>>>>>> |
$asdescr,              $as,     $bw
.

while (<>) {

  if (/^\# capture period:\s+(\d+) seconds/) {
    $period = $1;
  }

  next if /^\#/;
  last if $i++ >= $topn;

  ($as, $flows, $octets, $packets) = split;

  $asdescr = `whois -h whois.radb.net AS$as | grep descr | head -1`;
  chop $asdescr;
  $asdescr =~ s/descr:\s+//;

  $bw = &auto_scale($octets*8*$scale/$period);

#  printf "%50s\tAS$as\t%15sbps\n",$asdescr,$bw;
  write STDOUT;

}
print "+--------------------------------+---------+-----------+\n";

#----------------------------------------------------------- auto_scale ----
# this one comes from RRDTool, works great :) (converted from C to perl)
sub auto_scale {
    my ($value) = @_;

    my (@symbol) = ("a", "f", "p", "n", "u", "m", " ", "k", "M", "G", "T", "P", "E");
    my $symbcenter = 6;
    my ($sindex, $magfact, $symb_ptr);

    if ($value==0) {
        $sindex=0;
    }
    else {
        $sindex = floor(log(abs($value))/log(1024));
        $magfact = 1024**$sindex;
        $value /= $magfact;
    }
    if ($sindex <= $symbcenter && $sindex >= -$symbcenter) {
        $symb_ptr = $symbol[$sindex+$symbcenter];
    }
    else {
        $symb_ptr = "?";
    }
    return sprintf("%.2f",$value) . $symb_ptr;
}
--------------------------------------------------

this script is started like that by cron (hacky linux script):

#!/bin/sh

PATH=$PATH:/usr/local/bin

DATADIR="/n/front5-netflow"

YEAR1=`date --date '1 days ago' +"%Y"`
MONTH1=`date --date '1 days ago' +"%m"`
DAY1=`date --date '1 days ago' +"%d"`
YEAR2=`date --date '2 days ago' +"%Y"`
MONTH2=`date --date '2 days ago' +"%m"`
DAY2=`date --date '2 days ago' +"%d"`
YEAR3=`date --date '3 days ago' +"%Y"`
MONTH3=`date --date '3 days ago' +"%m"`
DAY3=`date --date '3 days ago' +"%d"`
YEAR4=`date --date '4 days ago' +"%Y"`
MONTH4=`date --date '4 days ago' +"%m"`
DAY4=`date --date '4 days ago' +"%d"`
YEAR5=`date --date '5 days ago' +"%Y"`
MONTH5=`date --date '5 days ago' +"%m"`
DAY5=`date --date '5 days ago' +"%d"`
YEAR6=`date --date '6 days ago' +"%Y"`
MONTH6=`date --date '6 days ago' +"%m"`
DAY6=`date --date '6 days ago' +"%d"`
YEAR7=`date --date '7 days ago' +"%Y"`
MONTH7=`date --date '7 days ago' +"%m"`
DAY7=`date --date '7 days ago' +"%d"`

( echo -e "Statistiques Netflow, periode du $DAY7/$MONTH7/$YEAR7 au $DAY1/$MONTH1/$YEAR1\n"

echo -e "Ces statistiques representent le traffic INGRESS uniquement\n"

# stats globales
echo "Stats for all routers"
flow-cat -p $DATADIR/8.1/*/$YEAR1/$YEAR1-$MONTH1/$YEAR1-$MONTH1-$DAY1
$DATADIR/8.1/*/$YEAR2/$YEAR2-
$MONTH2/$YEAR2-$MONTH2-$DAY2 $DATADIR/8.1/*/$YEAR3/$YEAR3-$MONTH3/$YEAR3-$MONTH3-$DAY3
$DATADIR/8.1/
*/$YEAR4/$YEAR4-$MONTH4/$YEAR4-$MONTH4-$DAY4
$DATADIR/8.1/*/$YEAR5/$YEAR5-$MONTH5/$YEAR5-$MONTH5-$DA
Y5 $DATADIR/8.1/*/$YEAR6/$YEAR6-$MONTH6/$YEAR6-$MONTH6-$DAY6
$DATADIR/8.1/*/YEAR7/$YEAR7-$MONTH7/$YE
AR7-$MONTH7-$DAY7 | flow-stat -f19 -S2 -p | head -500 | /script/as-stat2.pl

# pour chaque routeur, generer les stats
for i in bb1.tlh bb1.gre bb2.gre bb1.cou bb1.sfx; do
        echo "Stats for $i"
        flow-cat -p $DATADIR/8.1/$i/$YEAR1/$YEAR1-$MONTH1/$YEAR1-$MONTH1-$DAY1
$DATADIR/8.1/$i/$YEA
R2/$YEAR2-$MONTH2/$YEAR2-$MONTH2-$DAY2
$DATADIR/8.1/$i/$YEAR3/$YEAR3-$MONTH3/$YEAR3-$MONTH3-$DAY3 $D
ATADIR/8.1/$i/$YEAR4/$YEAR4-$MONTH4/$YEAR4-$MONTH4-$DAY4
$DATADIR/8.1/$i/$YEAR5/$YEAR5-$MONTH5/$YEAR
5-$MONTH5-$DAY5 $DATADIR/8.1/$i/$YEAR6/$YEAR6-$MONTH6/$YEAR6-$MONTH6-$DAY6
$DATADIR/8.1/$i/$YEAR7/$Y
EAR7-$MONTH7/$YEAR7-$MONTH7-$DAY7 | flow-stat -f19 -S2 -p | head -500 | /script/as-stat2.pl
done ) | mail -s "Weekly netflow statistics" bbone at net.tiscali.fr

--On samedi 2 octobre 2004 11:09 -0500 Brian Feeny <signal at shreve.net> wrote:

> I was wondering if anyone has a report or script they could share to generate Top X ASN.
> 
> I see its being done at http://flows.is-net.depaul.edu/cgi-bin/asnreport.pl
> 
> and also Dave Plonka had said that this functionality would be in CUFlow one day
> but I don't think its made it there yet (of his site for wisc he shows Top X ASN, but I think
> thats not released yet).
> 
> Brian
> 
> ---------------------------------------------
> Brian Feeny, CCIE #8036, CISSP
> Network Engineer
> ShreveNet Inc.

jeje.