opFlow 3 Operations Guide
Operational Status Report
You can get to this from "Views -> Operational Status Report"
High Volume mode sample:
To read a loadCycle: "Load Time: 42.73s, Insertion Time: 21.08s, Filter Time: 0.15s, Endpoint Time: 10.41s, Flows: 56075, Conversations: 21246, Skipped Filtered Flows: 53, Unique IPs: 8960"
total processing time = "Load Time + Filter Time + Endpoint Time" (Load time includes Insertion Time, it is broken out to help see DB performance)
total processing time = 42.73 + 0.15 + 10.41
total processing time = 53.29s
Date | Activity | Type | Status | Details | Stats |
---|---|---|---|---|---|
2016-04-19T11:12:13 | loadCycle | completed | ok | Process 27739 done with file(s) nfcapd.201604191109 | Load Time: 42.73s, Insertion Time: 21.08s, Filter Time: 0.15s, Endpoint Time: 10.41s, Flows: 56075, Conversations: 21246, Skipped Filtered Flows: 53, Unique IPs: 8960 |
2016-04-19T11:10:02 | loadCycle | completed | ok | Process 27684 done with file(s) nfcapd.201604191107 | Load Time: 37.42s, Insertion Time: 18.82s, Filter Time: 0.13s, Endpoint Time: 5.37s, Flows: 48445, Conversations: 18372, Skipped Filtered Flows: 57, Unique IPs: 8472 |
2016-04-19T11:08:30 | loadCycle | completed | ok | Process 27576 done with file(s) nfcapd.201604191105 | Load Time: 55.97s, Insertion Time: 33.9s, Filter Time: 0.24s, Endpoint Time: 10.17s, Flows: 56434, Conversations: 21374, Skipped Filtered Flows: 51, Unique IPs: 8788 |
2016-04-19T11:06:28 | loadCycle | completed | ok | Process 27438 done with file(s) nfcapd.201604191103 | Load Time: 54.56s, Insertion Time: 34.03s, Filter Time: 0.14s, Endpoint Time: 10.56s, Flows: 55158, Conversations: 19285, Skipped Filtered Flows: 45, Unique IPs: 8975 |
Low Volume mode example:
To read a loadCycle: "Load Time: 223.72s Summarize Time: 5.05s Aggregation Time: 3.18s Filter Time: 133.78s Endpoint Time: 23.65s Flows: 202482 Conversations: 16355 Unique IPs: 5221" the
total processing time = "Load Time + Summarize Time + Filter Time + Endpoint Time" ( Summarise Time includes Aggregation Time, it is broken out to see DB performance)
total processing time = 223.72 + 5.05 + 133.78 + 23.65
total processing time = 386.2s
Low Volume mode does not list the insertion time
Also note:
Skipped Empty Flows - flows that were skipped because they had 0 bytes
Skipped Filtered Flows - flows that were skipped because they matched the config setting opflow_drop_endpoints
opflow-cli.pl
opflow-cli.pl is your friend!
Run opflow-cli.pl -h to get help, this bit was missing but will be added later.
Usage: opflow-cli.pl act=operation [option=A...] [param=X...] opflow-cli.pl act=setup-db [drop=true] [usepercent=NN] opflow-cli.pl act=setup-iana [url=...|file=...] opflow-cli.pl act=(purge|purge-raw|purge-endpoints|purge-indices) opflow-cli.pl act=load-flows file=... opflow-cli.pl act=list-endpoints [searchprop=value...] value can be regex:... opflow-cli.pl act=create-endpoint property=value... opflow-cli.pl act=show-endpoint ip=address opflow-cli.pl act=update-endpoint ip=address entry.propname=value... opflow-cli.pl act=delete-endpoint ip=address opflow-cli.pl act=list-apps [searchprop=value...] opflow-cli.pl act=(create-app|update-app) number=N protocol=M name=X description=Y opflow-cli.pl act=delete-app number=N protocol=M opflow-cli.pl act=list-agents opflow-cli.pl act=update-agent agent=X [in_if=Y out_if=Z] admin_status=(active|inactive) opflow-cli.pl act=list-filters [include_inactive=0/1] opflow-cli.pl act=show-filter name=F opflow-cli.pl act=disable-filter name=F opflow-cli.pl act=create-filter name=F [description=D] propA=X,Y,Z [propB=...] properties: agent application endpoint proto src_ip dst_ip src_port dst_port filter expressions: A,B,C for list of choices, regex:string supported for all properties except agent and proto. proto must be number or list of numbers. agent must be agent_ip (for all interfaces), or agent_ip:in_ifidx:out_ifidx. opflow-cli.pl act=create-report [param=...] options: quiet=1: suppress output, only set exit code debug=1: more verbose debugging output
Manage Agents
Get a list of Agents
/usr/local/omk/bin/opflow-cli.pl act=list-agents
e.g.
opflow-cli.pl Version 2.102.0 Copyright (C) 2015 Opmantek Limited (www.opmantek.com) This program comes with ABSOLUTELY NO WARRANTY; See www.opmantek.com or email contact@opmantek.com opFlow 1.0 is licensed to Hearst Corporation for Unlimited Interfaces on a single server - not for resale - Expires 19-Feb-2016 Agent IP In Intf Out Intf Active Last Seen 10.192.69.250 172 164 inactive Fri Feb 5 04:57:57 2016 10.73.238.6 909 57 inactive Fri Feb 5 04:57:57 2016 10.73.238.7 909 909 active Fri Feb 5 04:49:57 2016 152.179.115.250 9 19 active Fri Feb 5 04:57:57 2016 167.173.29.6 9 14 active Fri Feb 5 04:57:57 2016 172.19.39.36 13 14 inactive Thu Feb 4 23:55:35 2016
Stop Processing Flows from an Agent
/usr/local/omk/bin/opflow-cli.pl act=update-agent agent=10.73.238.6 admin_status=inactive
Start Processing Flows from an Agent
/usr/local/omk/bin/opflow-cli.pl act=update-agent agent=10.73.238.7 admin_status=active
Manage Filters
Create a Filter Based on the Agent
/usr/local/omk/bin/opflow-cli.pl act=create-filter name=Agent-10.192.69.250 agent=10.192.69.250
/usr/local/omk/bin/opflow-cli.pl act=create-filter name=Agent-10.73.238.6 agent=10.73.238.6
/usr/local/omk/bin/opflow-cli.pl act=create-filter name=Agent-10.73.238.7 agent=10.73.238.7