1FLOW-RPT2RRD(1)                                                FLOW-RPT2RRD(1)
2
3
4

NAME

6       flow-rpt2rrd - Convert flow-report CSV output to RRDtool format.
7

SYNOPSIS

9       flow-rpt2rrd [ -nv ]  [ -d debug_level ]  [ -k keys ]  [ -K keys_file ]
10       [ -f fields ]  [ -p rrd_path ]  [ -P rrd_postfix ]  [ -r rrd_storage ]
11

DESCRIPTION

13       The flow-rpt2rrd utility processes the CSV output of  flow-report  into
14       RRDtool format. The aggregates for a key are each stored as a DS in RRD
15       filename {rrd_path,"/",key,rrd_postfix,".rrd"}.  By  default  a  DS  is
16       created  for flows, octets, and packets. The key must be specified, for
17       example an ip-port report could use smtp,nntp,ssh,telnet  as  the  keys
18       which would create a separate RRD for each key.
19

OPTIONS

21       -d debug_level
22              Set debug level to debug_level (debugging code)
23
24       -h     Help.
25
26       -k keys|html
27              Comma  separated  list  of key values. If the report has symbols
28              then the key must be the symbol, ie smtp not  25.  The  totals_*
29              lines may be used if they are enabled in the report. There is no
30              default, keys must be specified with -k or -K.
31
32       -K keys_file
33              Load keys from keys_file. See -k.
34
35       -f     Comma separated list of columns to store. Each column maps to  a
36              DS in the RRD. Defaults to flows,octets,packets
37
38       -n     Enable  symbol  table  lookups.  For example TCP port 25 = smtp.
39              This will result in RRD file names with the  symbolic  names  if
40              symbol lookups were not enabled in the report.
41
42       -p rrd_path
43              Set path to RRD files. Defaults to ".".
44
45       -P rrd_postfix
46              Set RRD file name postfix. Defaults to "".
47
48       -r rrd_storage
49              Set RRD storage for 5 minute, 30 minute, 2 hour, and 1 day data‐
50              bases. List items are : seperated. Defaults to 600:600:600:732.
51
52       -v     Enable verbose output.
53

EXAMPLES

55       The following example shows the combined use of flow-nfilter (inline),
56       flow-report, and flow-rpt2rrd to create an RRD depicting traffic
57       from clmbo-r4 to AS 10796 and 6478 for 2004-11-08.  rrdtool graph is
58       then used to create a .png.
59
60       #!/bin/sh
61
62       cat << EOF>report.cfg
63
64       include-filter nfilter.cfg
65
66       stat-report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
67         type destination-as
68         filter CLMBO-R4-INTERNET-OUT
69         scale 100
70         output
71           options +header,+xheader
72           fields -duration
73
74       stat-definition 5min-summaries
75         report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
76       EOF
77
78       cat << EOF>nfilter.cfg
79       # ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.46 = so-0/0/0.0
80       filter-primitive CLMBO-R4-INTERNET
81         type ifindex
82         permit 46
83
84       # Match on traffic to the Internet
85       filter-definition CLMBO-R4-INTERNET-OUT
86         match output-interface CLMBO-R4-INTERNET
87       EOF
88
89       mkdir rrds
90
91       # 5 minute flow files from flow-capture are here
92       FLOW_DATA=/flows/clmbo-r4/2004-11-08/
93
94       # for each 5 minute flow,aggregate with flow-report then store to RRD
95       for name in $FLOW_DATA/*; do
96         echo working...$name
97         flow-report -s report.cfg -S5min-summaries < $name | flow-rpt2rrd -k10796,6478  -p rrds
98       done
99
100       # first flow - 0:1:23 11/8/2004
101       START=1099890083
102       # last flow - 0:1:25 11/9/2004
103       END=1099976485
104
105       rrdtool graph CLMBO-R4-TO-INTERNET.png --start $START --end $END \
106               --vertical-label "Bits/Second" --title="CLMBO-R4 TO INTERNET BY AS" \
107               DEF:AS10796in=rrds/10796.rrd:octets:AVERAGE \
108               DEF:AS6478in=rrds/6478.rrd:octets:AVERAGE \
109               CDEF:b_AS10796in=AS10796in,8,* \
110               CDEF:b_AS6478in=AS6478in,8,* \
111               LINE1:b_AS10796in#FF0000:AS10796-in \
112               LINE1:b_AS6478in#555555:AS6478-in \
113
114

BUGS

116       Hard coded to expect 5 minute flow file intervals.  Does  not  properly
117       parse flow-report time-series output.
118

AUTHOR

120       Mark Fullmer <maf@splintered.net>
121

SEE ALSO

123       flow-tools(1)
124
125
126
127                                26 Август 2010                 FLOW-RPT2RRD(1)
Impressum