04.12.2017

FastNetMon Advanced cli reference guide

Brief

fcli is a simplest way to configure FastNetMon in convenient network operations approach. You could use TAB for options auto completion. Please run this tool only with root permissions or with sudo, please use only following syntax:

Overview

We have three configuration categories:

  • main – toolkit wide options
  • bgp – BGP configuration options
  • hostgroup – custom threshold configurations for different networks

For getting option value you could use following form:

If you want to change string or integer value you could use following form:

For boolean fields we are using slightly different approach:

If you want to add new value to list (networks_list for example) you could use:

If you want to remove element from list option, please use this approach instead:

Also you could retireve configuration options for whole category with this approach:

After all changes, you could commit changes and reload fastnetmon daemon with commit command:

Blackhole management

Block host:

Example output: Ban executed

Show blocked hosts:

Example output:

Unblock host:

Example output: Disabled correctly

Flow spec rules management

Apply new rule:

List flow spec rules

Example output:

Delete flow spec announce

Example output: Disabled correctly

Get system counters

Example output:

Get total traffic counters

Example output:

Interfaces management

Get interfaces list

Example output:

Get per subnet counters

Get counters for all subnets in networks list.

Example output:

You could use following sort options here: bytes, packets, incoming or outgoing.

Get per host counters

Get top 10 hosts by specified traffic type (packets, bytes, flows) in specific direction (incoming, outgoing) from your network.

You could use following sort options here: bytes, flows, packets, incoming or outgoing. Also, you could increase number of hosts in output with environment variable:

Enable or disable traffic capture

With this command you could enable or disable traffic capture with deep analytics. You could trigger it manually if you are sure that you are under attack.

Disable:

List all host groups:

show certain host group

Create new host group with name “new_group”

Delete host group with name:

Check option value for cerain host group

Set option for certain host group:

Lookup host group for specified IP address