Custom counter groups
You may extend the built in counter groups to suit your business needs. Here is a quick guide that will help you decide what type of custom metering you need.
- Filtered Counter Group
-
Meter only a subset of an existing counter group.
Example : A counter group called “Web Hosts” that only counts HTTP and HTTPS traffic in all hosts. The parent group is “Hosts” and the filter is “Apps 80(http) and 443(https)”
- Keyset counter group
-
Aggregates and counts from a host group.
Example : A new counter group called “My apps” which extends the Apps counter group. We may group ports {IAX2,SIP,3000-4000} as VoIP, {80,443} as Web, {pop3,imaps} as Email. These groups are called keysets.
- Traffic based counter group
-
Count only keys that satisfy a traffic criteria.
Example : A new counter group called “Low traffic interfaces”, which extends the Interfaces counter group but only counts interfaces with traffic less than 10Kbps.
- Rule based counter group
-
Specify arbitrary rules matching your business needs.
Example : A new counter group called “ACME apps” which extends the Apps counter group, but adds the rule – Surveillance Camera Traffic – if Port = 80 but only if subnet = 10.2.2.0/24. All others subnets will count port 80 as http. You can chain any number of rules to build your custom metering.
see Traffic metering section for more details
Filtered counter groupsTop
A cross-product counter group.
Meter a subset of a group that matches a set of keys from another group.
Uses
Filtered counter group are invaluable in setting up cross-group counters.
Some examples :
| HTTP Hosts | Parent = Hosts, Filter = Apps (Keys = http) |
| China Ukraine Hosts | Parent = Hosts, Filter = Country (Keys = cn,ua) |
| Server Apps | Parent = Apps, Filter = Hosts (Key = 10.10.1.18) |
Create new filtered counter groups
- Click the button “New Filtered Counter Group”
- You will be redirected to a page with following fields
| Field Name | Description |
|---|---|
| Counter Group Name | Counter Group name |
| Description | Descriptiom about the counter group |
| Parent Group | Choose parent counter group from the drop down list |
| Filter Group | |
| Key List | Comma separated list of keys/ranges: Port-80, 192.168.1.2, Port-5000~Port-8000, 192.168.1.1~192.168.1.255 |
| Inverse Key List |
Keyset counter groupsTop
A new counter group that aggregates sets of keys from a host counter group.
Use cases
| New Counter Group | Host Group | Key sets |
|---|---|---|
| MyApp profiles | CG Apps | Ports 80,445,8080 = WEB Ports 3000-4000 = VoIP Ports 18001,18002,19001 = TRADING p. ..build other business groupings |
| MyServers | CG Hosts | IPs 10.1.17.1,10.1.18.1 = GATEWAYS IPs 10.1.17.40 to 50 = MANAGEMENT IPs 10.1.19.1 to 255 = HR ..build other business groupings |
Multiple constraints
Creating a Keyset Counter Group
- Click on Keyset Counter Groups
Important Restart Trisul for the new counter group to take effect
Create new keyset
Directions to Create new keyset counter groups
- The list of keyset counter groups will appear
- Click the option found at the bottom section Add new Keyset Counter Group
- You will be redirected to a page with following fields
| Field Name | Description |
|---|---|
| Keyset Counter Group Name | |
| Description | |
| Parent Group |
On successful creation , you will be redirected to the List of keyset counter groups
- Click the Edit Keys to edit keysets for counter group
- You will be redirected to a page with following fields
| Field Name | Description |
|---|---|
| Keyset Key | Key name in new key set counter group |
| Keys | Key names from parent counter group,You can add multiple keys separated by comma Key ranges using ~ (eg Port3000~Port-14000) or (10.0.1.0~10.0.1.255) |
Traffic based counter groupsTop
A new counter group consisting of items based on an observed meter value.
Usage
Creates a subset of a parent group consisting only of items who meet a certain meter criteria.
Examples :
| Internal hosts only | Subset of hosts | When Hosts meter “Homenet” > 0 |
| Under the radar hosts | Subset of hosts | When Hosts meter “Total” < 2000 (hosts who only xmit or recv < 2K bytes in an interval ) |
Creating new Meter Value Counter Group
- The list of Configure Statval Counter Groups will appear
- Click the option found at the bottom section New Counter Group Statval
- You will be redirected to a page with following fields
| Field Name | Description |
|---|---|
| Counter Group Name | The Counter Group statval Name |
| Description | Description about counter group statval |
| Parent Counter Group | |
| Stat ID | |
| Operator | |
| Stat Val | Example : 8Mbps, 2000, 6Kbps (default units is bytes/sec) |
Rule Based counter groupsTop
A rule based counter group allows you the maximum flexibility to custom-meter your network traffic.
It works like this :
- Derive from a parent group such as hosts / applications / macs
- Specify a chain of rules in Trisul Filter Format
- The first rule that matches determines the meter key
- If no rule matches the key falls through to the parent counter group
An example : Corporate applications
You are a network admin in an enterprise and wish to meter traffic in terms of your applications.
Here are your requirements.
| This kind of traffic | Should be metered as |
|---|---|
| Ports 80 on IPs 10.10.17.20, 21, 22 | HR-Attendance |
| Ports 3000-9000 on IP 10.10.18.35 | Trisul-NSM |
| Ports 8000 on IPs 10.10.18.25 – 45 | Security-Cam |
| All traffic to IP 10.10.19.3 | Exchange-Email |
| All others | Use the default application (eg 80 = HTTP, SSH = 22 etc) |
You would specify the rules as follows
Counter Group Name : ACME APPS
Parent Group : Applications (guid = {})
| No | Rule in Trisul Filter Format | New Key |
|---|---|---|
| Rule 1 | {4CD742B1-C1CA-4708-BE78-0FCA2EB01A86}=0A.0A.11.14,0A.0A.11.15,0A.0A.11.16&{C51B48D4-7876-479e-B0D9-BD9EFF03CE2E}=Port-80 | HR-Attendance |
| Rule 2 | {4CD742B1-C1CA-4708-BE78-0FCA2EB01A86}=0A.0A.12.23&{C51B48D4-7876-479e-B0D9-BD9EFF03CE2E}=Port-3000~Port-8000 | Trisul-NSM |
| Rule 3 | {4CD742B1-C1CA-4708-BE78-0FCA2EB01A86}=10.10.18.25~10.10.18.45&{C51B48D4-7876-479e-B0D9-BD9EFF03CE2E}=Port-8000 | Security-Cams |
| Rule 4 | {4CD742B1-C1CA-4708-BE78-0FCA2EB01A86}=10.10.19.3 | Exchange-Email |
| - | Catch-all | Uses the same application key as the parent group (applications) |
Creating a Rule Based Counter Group
Directions to create a new Rule Based Counter Group
p(autohint hand-right info).
Select Customize → Counters → Configure Rule Based Counter Groups
- Click the option Create new rule based counter group
This leads you to a page , whose fields are explained below
| FieldName | Description |
|---|---|
| Rule Based Counter Group Name | Name of the counter group |
| Description | Words about the goals of the counter group |
| Parent Group | The parent counter group |
After creation , the user is redirected to a page which lists the available rule based counter groups
Now click the Edit Rules option for the counter group , which leads you o another page , whose fields are as follows
| FieldName | Description |
|---|---|
| Target Key | Name of the target |
| Target Rule | The rule which should be followed |
Specifying a target rule
{4CD742B1-C1CA-4708-BE78-0FCA2EB01A86}=80.79.32.7A&{C51B48D4-7876-479e-B0D9-BD9EFF03CE2E}=p-0050
The above rule tracks the activities of the key 80.79.32.7A only for HTTP application
