Eric,
In Traffic Sentinel there is a field 'macsourcevendor' that you can
refer to directly. For example:
macsourcevendor = 000C29
A filter like this can go into the WHERE field in a report section,
such as Reports>Run>Traffic>General Queries>Historical Traffic.
Note: you could also use the address/mask form like before, but in
Traffic Sentinel you just specify the number of bits in the mask:
macsource = 000C29000000/24
or you could even use a range filter:
macsource = 000C29000000-000C29FFFFFF
The help page on filtering is:
http://www.inmon.com/sentinel_help/1.0/help/en/report/edit_filtering.shtml
When you said "locate" devices based on the vendor code, did you
mean to locate them to a switch port? The Search>Host page will tell
you this. Clicking on an address in the output from a report will
take you there directly.
regards,
neil
P.S. On the other hand, if you really wanted your report to list
the switch port locations of all the selected MACs. That can be done
too. Here is an example report template:
http://www.inmon.com/sample_scripts/maclocations_xml.txt
If you paste this into a new .xml file in a new directory under
~inmsf/report/ (e.g. ~inmsf/report/eric/maclocations.xml) then the
new report will appear as Reports>Run>Inventory>address locations.
No restart required.
On Apr 17, 2006, at 6:13 AM, Mckenney, Stephen E wrote:
> I've been trying to find a way to locate devices using traffic
> sentinel
> based on the first 6 of the mac address. Is there a way this can be
> done?
>
> Thanks
> Eric
>
> -----Original Message-----
> From: Neil McKee [mailto:neil.mckee@inmon.com]
> Sent: Monday, November 28, 2005 12:16 PM
> To: Mckenney, Stephen E
> Cc: traffic-management@inmon.com
> Subject: Re: [traffic-management] MAC address detection
>
> Eric,
>
> When filtering on a MAC address, you can use a mask (just as you can
> for IP addresses). For example:
>
> sourceAddress=00A000000000/FFFFFF000000
>
> works just like:
>
> sourceAddress=128.141.0.0/255.255.0.0
>
> regards,
> neil
>
> On Nov 28, 2005, at 4:29 PM, Mckenney, Stephen E wrote:
>
>> This is something we also need. However we need to be able to
>> perform
>
>> using partial MAC address. Allowing us to find anything made by a
>> particular company; example 00A000******.
>>
>> Thank You
>> Eric McKenney
>>
>> -----Original Message-----
>> From: owner-traffic-management@inmon.com
>> [mailto:owner-traffic-management@inmon.com] On Behalf Of Neil McKee
>> Sent: Saturday, November 26, 2005 11:20 AM
>> To: Mike Zanker
>> Cc: sflow traffic management ML
>> Subject: Re: [traffic-management] MAC address detection
>>
>> Mike,
>>
>> ITS version 5 will make this kind of thing quite straightforward,
>> because custom-reports can be scheduled to run quite frequently.
>> In the
>> mean time, if you need to do this with ITS version 4 I think the
>> simplest way to do it is probably will a small script. You can build
>> the query URL you want using Query->Other->Interface Traffic, and
>> then use it with wget(1). The script can be scheduled with cron(1)
>> to run periodically, and it can generate an event just by writing a
>> file into the appropriate directory.
>>
>> Below is a roughly thrown-together example that might serve as a
>> starting point. Hope this helps.
>>
>> regards,
>> neil
>>
>> ---------------------------------------------------------------------
>> -
>> --
>> ----
>> #!/bin/bash
>>
>> # example script to look for traffic from a given MAC address.
>> # To have this script run every 5 minutes, make it executable using #
>> "chmod -x", and submit a cron entry like this:
>> #
>> # echo "*/5 * * * * /path/to/this/script > /dev/null" | crontab "-"
>>
>> SEARCHMAC='000480603600';
>>
>> # query the last 5 minutes using Query->Other->Interface Traffic.
>> Filter
>> # with filterProtocol=MAC and set the sourceAddress filter to the one
>> # we are looking for. grep the output to see if it appeared.
>>
>> FOUND=`wget -q -O- "http://demo.inmon.com/its/query/Monitor?
>> filterProtocol=MAC&sou
>> rceAddress=$SEARCHMAC&intervals=1&intervalSize=5&resultField=time%
>> 2CsourceAddress&
>> resultFormat=csv&resultProtocol=MAC&action=query" | grep -c
>> $SEARCHMAC`;
>>
>> echo "FOUND=$FOUND";
>>
>> # post an event into the ITS event directory #
>> POSTEVENTS="/usr/local/inmon/server/events/testForMAC.$$.up"
>> #if [ "$FOUND" = "1" ]; then
>> # echo "::inform:status:mac:up::::mac=$SEARCHMAC" > $POSTEVENTS;
>> #fi
>>
>> On Nov 23, 2005, at 12:26 PM, Mike Zanker wrote:
>>
>>> Hello,
>>>
>>> is it possible to configure InMon to alert when it sees a specific
>>> MAC
>>
>>> address?
>>>
>>> Thanks,
>>>
>>> Mike.
>>
>> =====================================================================
>> =
>> ==========================
>>
>> Confidentiality Notice: This e-mail message, including any
>> attachments, is for the sole use of the intended recipient(s) and may
>> contain confidential and privileged information. Any unauthorized
>> review, use, disclosure or distribution is prohibited. If you are
>> not
>
>> the intended recipient, please contact the sender by reply e-mail and
>> destroy all copies of the original message.
>> =====================================================================
>> =
>> ==========================
>
>
> ======================================================================
> ==========================
>
> Confidentiality Notice: This e-mail message, including any
> attachments, is for the sole use of the intended recipient(s) and
> may contain confidential and privileged information. Any
> unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please contact
> the sender by reply e-mail and destroy all copies of the original
> message.
> ======================================================================
> ==========================
Received on Mon Apr 17 17:01:46 2006
This archive was generated by hypermail 2.1.8 : 04/17/06 PDT