By default, FastNetMon checks thresholds per /32 or per /128 basis. But in many cases it may be useful to calculate total traffic for number of prefixes and make custom actions when it reaches specified value.
In FastNetMon 2.0.150 we introduces such option. You can enable it this way:
sudo fcli set main enable_total_hostgroup_counters enable sudo fcli set main average_calculation_time_for_hostgroups 5
Please configure average_calculation_time_for_hostgroups to same value as you have for average_calculation_time and average_calculation_time_for_subnets.
To use this feature, you have to create global total hostgroup. All trafic without custom hostgroup will be accounted in this hostgroup.
sudo fcli set hostgroup global_total sudo fcli set hostgroup global_total calculation_method total
You also can create any number of custom hostgroups which can consist any number of networks this way:
sudo fcli set hostgroup servers sudo fcli set hostgroup servers calculation_method total sudo fcli set hostgroup servers networks 192.168.1.0/24 sudo fcli set hostgroup servers networks 10.10.1.2/16
After making changes, please apply changes this way:
sudo fcli commit
You can debug per hostgroup traffic using following fcli command:
sudo fcli show hostgroup_counters_total
Also, we have dashboard to graph this traffic from InfluxDB in Grafana.
To avoid data duplication between per_host hostgroups and total hostgroups we offer (since FastNetMon 2.0.150) option to create total hostgroups for each per_host hostgroup:
sudo fcli set main build_total_hostgroups_from_per_host_hostgroups enable
For all total hostgroups we have field “parent_name” which specifies hostgroup name which should be used as parent. In this context “parent” means that the current group will use networks list from parent group. It’s a useful option when you have the same networks list for per-host and for total hostgroups.
You can set it this way:
sudo fcli set hostgroup client1 parent_name client1_per_host
To configure automated attack detection using total traffic to hostgroup, please follow to this guide.