Hi!
I would like to monitor to total amount of traffic leaving and entering my home network. I have the following setup:
Internal network: 192.168.1.*
Firewall (internal NIC): 192.168.1.1
Firewall (external NIC): 192.168.178.23
DSL Modem: 192.168.178.1
I have Stream installed on the firewall 192.168.1.1.
I would like to see the following:
Total MB uploaded for a defined time
Total MB downloaded for a defined time
The queries I am using are:
Upload: sourcetype="stream:ip" dest_ip!="192.168.1.*" | stats sum(bytes_in) as bytes | eval MB=round((bytes/(1024*1024)),2) | table MB
Download: sourcetype="stream:ip" dest_ip!="192.168.1.*" | stats sum(bytes_out) as bytes | eval MB=round((bytes/(1024*1024)),2) | table MB
When I cross compare the Up and Download statistics on my DSL router for a specific time to what I get with my queries, I get very different numbers.
Any ideas?
Thanks!
... View more