Top N Hosts Report (part 1)

Version 2

    The extended "Top-N-hosts" report, includes extra information about how long it has been since a message was received from each host as well.

    Here is a sample report:
    (Higher numbers in the "Age" column indicate hosts that have not been heard from in a while).

    +--------------------+----------------+---------------+
    | Host IP Address    | Message Count  | Age (seconds) |
    +--------------------+----------------+---------------+
    | 192.168.1.62       |  99            |  1456         |
    | 192.168.1.58       |  99            |  7            |
    | 192.168.1.166      |  99            |  3            |
    | 192.168.1.143      |  99            |  2            |
    | 192.168.1.93       |  99            |  7            |
    | 192.168.1.202      |  99            |  3            |
    | 192.168.1.94       |  99            |  1            |
    | 192.168.1.231      |  99            |  3            |
    | 192.168.1.227      |  99            |  1440         |
    | 192.168.1.179      |  98            |  2            |
    | 192.168.1.195      |  98            |  6            |
    | 192.168.1.114      |  98            |  6            |
    | 192.168.1.125      |  98            |  2            |
    | 192.168.1.251      |  98            |  8            |
    | 192.168.1.170      |  98            |  1            |
    | 192.168.1.212      |  98            |  12           |
    | 192.168.1.61       |  97            |  11           |
    | 192.168.1.71       |  97            |  5            |
    | 192.168.1.40       |  96            |  3            |
    | 192.168.1.247      |  96            |  18           |
    ...all hosts (not just top 20)

    The scripts are relatively easy to set up. 
    You will need two new rules, configured as follows:

    Rule "TopNHosts_Pt1"
      +-Filters
        --Input-Source = UDP, TCP, SNMP
      +-Actions
        --Run-Script "TopNHosts_Pt1.txt"

    Rule "TopNHosts_Pt2"
      +-Filters
        --Input-Source = Keep-alive
      +-Actions
        --Run-Script "TopNHosts_Pt2.txt"

    The first rule (TopNHosts_Pt1) is a generic "catch-all" rule that will collect the host statistics for the report.  You can incorporate this action into your default rule (if that is serving as a catch-all).

    The second rule (TopNHosts_Pt2) is triggered by a Keep-alive message and is the thing which generates and e-mails the report table.  This script will also reset the counts every time a report is e-mailled.  To make it work properly, you will need to configure a Keep-alive.

    Both scripts are VBScript, and need full read/write permission in the RunScript action options.

    To configure a keep-alive:
    Setup > Inputs > Keep-alive > Enable keep-alive.  Set the Frequency to a value that suits you - this will be how often the report is e-mailed, and the counts reset.  (86400 for a daily report, 3600 for an hourly report).

    NB.  You will need to edit the Pt2 script (TopNHosts_Pt2.txt) to ensure that the e-mail recipient and subject, etc, is what you need.

    Download TopNHosts_Pt1.txt from this post, TopNHosts_Pt2.txt from the post titled 'Top N Hosts Report (part 2)'