NetWitness Community

Hi,

I recently found out that several people use this script regularly and some have even tweaked or updated it, so it seems logical that we have a place to host it and share ideas about it. Hopefully this will be that place, I may look at moving the code to a public repository.

This script simply connects to multiple REST endpoints (defined at the top of the code, with some additional magic for each device type later in the code) and collects these values and outputs them in a CSV format to STDOUT. It relies on a configuration file for each device that it should connect to based on the sample CSV file. It's format is shown in the table below, with an example for each possible device type:

Also attached is a sample BaSH script that would loop through this configuration file and will split it into a one device per file configuration and will then regularly collect stats in 5 minute intervals generating one output CSV file per device.

Personally, I find this useful for troubleshooting and configuration compare between multiple devices in larger environments.

It is recommended that statistics be collected for a period of at least a full business day in order to cover both different traffic patterns and analysts usage of the existing system; ideally a longer period is advisable.

The generated statistics CSV files can easily be imported into a spreadsheet where an extra column (in blue box below) can be added with to calculate the packet drop deltas between each run of the script at 5 minute intervals. Which will then make it easier to compare with other parameters at the same point in time, as seen below:

Highlighted in red above are some of the possible example causes for packet loss, like high traffic throughput and possible I/O contention.

Hope you find this useful and looking forward to your feedback!

Thank you,

Rui