Forum Discussion

Sharath413's avatar
Sharath413
Icon for Nimbostratus rankNimbostratus
Dec 09, 2020

how can I view the top 10 talkers' IP addresses for a given timeperiod?

I see a spike in network activity but would like to see the top talkers for a given timeperiod. How can I view that info? I am using i2800 on 15.1.2.

 

Thanks.

  • Since you ask for the past, I think its doable with 2 options (from what I know), either with logging using an Irule or using the Analytics (AVR) module.

    As you also called netstat, which is a real time data, not of past, I'll share few commands which I use, You can try these options,

    Current Connections for a given VIP:

    tmsh show sys connection cs-server-addr <VIP> | head -n -1 | tail -n +2 | awk '{print $1}'

    You can add more filters like awk, cut, sort, uniq to find top source ip's consuming your respective vip.

    Total Connections Count so far:

    tmsh show ltm virtual <Virtual-name> | grep -E "Ltm::Virtual Server|Total Connections" | awk 'NR%2{printf "%s ",$0;next;}1' | awk '{print $3","$6}'

    Live Connections Count on the box:

    tmsh show ltm virtual all | grep -E "Ltm::Virtual Server|Current Connections" | awk 'NR%2{printf "%s ",$0;next;}1' | awk '{print $3","$6}'

    Also you can use bigtop command,

    bigtop -conn -once

    Hope this helps.

  • When you say a given period, do you mean in the past or current traffic pattern. If current, you can use tmsh or bigtop commands. ​

  •  I meant sometime in the past. Also, is there any way on F5 to view client session info like netstat -ap etc?

    Do you know how I can get a list of client IP addresses to a virtual server?

    • jaikumar_f5's avatar
      jaikumar_f5
      Icon for MVP rankMVP

      Since you ask for the past, I think its doable with 2 options (from what I know), either with logging using an Irule or using the Analytics (AVR) module.

      As you also called netstat, which is a real time data, not of past, I'll share few commands which I use, You can try these options,

      Current Connections for a given VIP:

      tmsh show sys connection cs-server-addr <VIP> | head -n -1 | tail -n +2 | awk '{print $1}'

      You can add more filters like awk, cut, sort, uniq to find top source ip's consuming your respective vip.

      Total Connections Count so far:

      tmsh show ltm virtual <Virtual-name> | grep -E "Ltm::Virtual Server|Total Connections" | awk 'NR%2{printf "%s ",$0;next;}1' | awk '{print $3","$6}'

      Live Connections Count on the box:

      tmsh show ltm virtual all | grep -E "Ltm::Virtual Server|Current Connections" | awk 'NR%2{printf "%s ",$0;next;}1' | awk '{print $3","$6}'

      Also you can use bigtop command,

      bigtop -conn -once

      Hope this helps.