Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Top N Hosts Report (part 1)

The extended "Top-N-hosts" report, includes extra information about how long it has been since a message was received from each host as well.

Here is a sample report:
(Higher numbers in the "Age" column indicate hosts that have not been heard from in a while).

+--------------------+----------------+---------------+
| Host IP Address    | Message Count | Age (seconds) |
+--------------------+----------------+---------------+
| 192.168.1.62       | 99            | 1456         |
| 192.168.1.58       | 99            | 7            |
| 192.168.1.166      | 99            | 3            |
| 192.168.1.143      | 99            | 2            |
| 192.168.1.93       | 99            | 7            |
| 192.168.1.202      | 99            | 3            |
| 192.168.1.94       | 99            | 1            |
| 192.168.1.231      | 99            | 3            |
| 192.168.1.227      | 99            | 1440         |
| 192.168.1.179      | 98            | 2            |
| 192.168.1.195      | 98            | 6            |
| 192.168.1.114      | 98            | 6            |
| 192.168.1.125      | 98            | 2            |
| 192.168.1.251      | 98            | 8            |
| 192.168.1.170      | 98            | 1            |
| 192.168.1.212      | 98            | 12           |
| 192.168.1.61       | 97            | 11           |
| 192.168.1.71       | 97            | 5            |
| 192.168.1.40       | 96            | 3            |
| 192.168.1.247      | 96            | 18           |
...all hosts (not just top 20)

The scripts are relatively easy to set up.
You will need two new rules, configured as follows:

Rule "TopNHosts_Pt1"
+-Filters
--Input-Source = UDP, TCP, SNMP
+-Actions
--Run-Script "TopNHosts_Pt1.txt"

Rule "TopNHosts_Pt2"
+-Filters
--Input-Source = Keep-alive
+-Actions
--Run-Script "TopNHosts_Pt2.txt"

The first rule (TopNHosts_Pt1) is a generic "catch-all" rule that will collect the host statistics for the report. You can incorporate this action into your default rule (if that is serving as a catch-all).

The second rule (TopNHosts_Pt2) is triggered by a Keep-alive message and is the thing which generates and e-mails the report table. This script will also reset the counts every time a report is e-mailled. To make it work properly, you will need to configure a Keep-alive.

Both scripts are VBScript, and need full read/write permission in the RunScript action options.

To configure a keep-alive:
Setup > Inputs > Keep-alive > Enable keep-alive. Set the Frequency to a value that suits you - this will be how often the report is e-mailed, and the counts reset. (86400 for a daily report, 3600 for an hourly report).

NB. You will need to edit the Pt2 script (TopNHosts_Pt2.txt) to ensure that the e-mail recipient and subject, etc, is what you need.

Download TopNHosts_Pt1.txt from this post, TopNHosts_Pt2.txt from the post titled 'Top N Hosts Report (part 2)'

Find more posts tagged with

Accepted answers

All comments

Aforsythe

Just out of curiosity...

Why wouldn't you have the second script as a scheduled script instead of using Keep Alives?