cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Top N Hosts Report (part 1)

The extended "Top-N-hosts" report, includes extra information about how long it has been since a message was received from each host as well.

Here is a sample report:
(Higher numbers in the "Age" column indicate hosts that have not been heard from in a while).

+--------------------+----------------+---------------+
| Host IP Address    | Message Count  | Age (seconds) |
+--------------------+----------------+---------------+
| 192.168.1.62       |  99            |  1456         |
| 192.168.1.58       |  99            |  7            |
| 192.168.1.166      |  99            |  3            |
| 192.168.1.143      |  99            |  2            |
| 192.168.1.93       |  99            |  7            |
| 192.168.1.202      |  99            |  3            |
| 192.168.1.94       |  99            |  1            |
| 192.168.1.231      |  99            |  3            |
| 192.168.1.227      |  99            |  1440         |
| 192.168.1.179      |  98            |  2            |
| 192.168.1.195      |  98            |  6            |
| 192.168.1.114      |  98            |  6            |
| 192.168.1.125      |  98            |  2            |
| 192.168.1.251      |  98            |  8            |
| 192.168.1.170      |  98            |  1            |
| 192.168.1.212      |  98            |  12           |
| 192.168.1.61       |  97            |  11           |
| 192.168.1.71       |  97            |  5            |
| 192.168.1.40       |  96            |  3            |
| 192.168.1.247      |  96            |  18           |
...all hosts (not just top 20)

The scripts are relatively easy to set up. 
You will need two new rules, configured as follows:

Rule "TopNHosts_Pt1"
  +-Filters
    --Input-Source = UDP, TCP, SNMP
  +-Actions
    --Run-Script "TopNHosts_Pt1.txt"

Rule "TopNHosts_Pt2"
  +-Filters
    --Input-Source = Keep-alive
  +-Actions
    --Run-Script "TopNHosts_Pt2.txt"

The first rule (TopNHosts_Pt1) is a generic "catch-all" rule that will collect the host statistics for the report.  You can incorporate this action into your default rule (if that is serving as a catch-all).

The second rule (TopNHosts_Pt2) is triggered by a Keep-alive message and is the thing which generates and e-mails the report table.  This script will also reset the counts every time a report is e-mailled.  To make it work properly, you will need to configure a Keep-alive.

Both scripts are VBScript, and need full read/write permission in the RunScript action options.

To configure a keep-alive:
Setup > Inputs > Keep-alive > Enable keep-alive.  Set the Frequency to a value that suits you - this will be how often the report is e-mailed, and the counts reset.  (86400 for a daily report, 3600 for an hourly report).

NB.  You will need to edit the Pt2 script (TopNHosts_Pt2.txt) to ensure that the e-mail recipient and subject, etc, is what you need.

Download TopNHosts_Pt1.txt from this post, TopNHosts_Pt2.txt from the post titled 'Top N Hosts Report (part 2)'

Labels (1)
Attachments
Comments
Just out of curiosity...

Why wouldn't you have the second script as a scheduled script instead of using Keep Alives?
Version history
Revision #:
1 of 1
Last update:
‎01-07-2009 12:00 AM
Updated by: