Filter By IP Address
8 views
Skip to first unread message
Rudi Garcia
Apr 10, 2012, 12:21:48 PM4/10/12
to fusiona...@googlegroups.com
We're looking to break down Request analysis by IP Address (or vice versa). So far, exploring all the granularity available, we haven't found a way to do this through any of the available filters or parameters. Has anyone developed anything custom/a plugin to help with this? Or maybe we're just missing something obvious.
We're trying to analyze a Denial Of Service attack we had a few days ago. We were able to pinpoint this through our ColdFusion logs where we log site wide errors, the request, browser agent. A particular page request floods in that is invalid in it's CF url structure (eg. two "?"s). We can see 30-40 requests from the same browser agent over a 1-2 second time span. We've just added IP logging to this log. How can we use Fusion Analytics to troubleshoot this further?
![Bernd Donath [FusionReactor Team]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjWuzH91dJ_9E7-ew_4Q94vs5I78-g9SYhFRFB_372g2a4Wyr0B3=s40-c)
Bernd Donath [FusionReactor Team]
Apr 11, 2012, 12:04:24 PM4/11/12
to fusiona...@googlegroups.com
Hi Rudi,
Have you tried looking at the 'Most Hits By IP Address' perspective in the AIR client (Deep Server Analysis->Request->Most Hits By IP Address)?
Use the Timeline to navigate to the time frame you are interested in, and then switch to the Request tab and use the 'Client IP Address' filter to limit the data to the IP address that you want to see. If you want to see multiple specific IP addresses simply add more filters to the filter table.
Regards,
Bernd
Regards,
Bernd
Bernd Donath [FusionReactor Team]
Apr 11, 2012, 12:27:48 PM4/11/12
to fusiona...@googlegroups.com
Rudi,
There is one little thing I forgot to mention...
This feature is part of FusionAnalytics 1.0.2 which is not yet released but will be in the next few days. Please accept my apologies for giving you tips that you can't use yet.
Regards,
Bernd
Rudi Garcia
Apr 13, 2012, 10:45:20 AM4/13/12
to fusiona...@googlegroups.com
Hi Bernd,
I am able to go into other Deep Server Analysis->Request->other tabs and apply By IP Address filters in those. Is that what you mean? (See my attached screenshots). Can you elaborate on what the new features will let us do?
Rudi
--To view this discussion on the web visit https://groups.google.com/d/msg/fusionanalytics/-/fT6lF1Cszy4J.
You received this message because you are subscribed to the Google Groups "FusionAnalytics" group.
To post to this group, send email to fusiona...@googlegroups.com.
To unsubscribe from this group, send email to fusionanalyti...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/fusionanalytics?hl=en.
Reply all
Reply to author
Forward
0 new messages