1FLOW-RPT2RRD(1) FLOW-RPT2RRD(1)
2
6 flow-rpt2rrd - Convert flow-report CSV output to RRDtool format.
7
9 flow-rpt2rrd [ -nv ] [ -d debug_level ] [ -k keys ] [ -K keys_file ]
10 [ -f fields ] [ -p rrd_path ] [ -P rrd_postfix ] [ -r rrd_storage ]
11
13 The flow-rpt2rrd utility processes the CSV output of flow-report into
14 RRDtool format. The aggregates for a key are each stored as a DS in RRD
15 filename {rrd_path,"/",key,rrd_postfix,".rrd"}. By default a DS is
16 created for flows, octets, and packets. The key must be specified, for
17 example an ip-port report could use smtp,nntp,ssh,telnet as the keys
18 which would create a separate RRD for each key.
19
21 -d debug_level
22 Set debug level to debug_level (debugging code)
23 -h Help.
25 -k keys|html
27 Comma separated list of key values. If the report has symbols
28 then the key must be the symbol, ie smtp not 25. The totals_*
29 lines may be used if they are enabled in the report. There is no
30 default, keys must be specified with -k or -K.
31 -K keys_file
33 Load keys from keys_file. See -k.
34 -f Comma separated list of columns to store. Each column maps to a
36 DS in the RRD. Defaults to flows,octets,packets
37 -n Enable symbol table lookups. For example TCP port 25 = smtp.
39 This will result in RRD file names with the symbolic names if
40 symbol lookups were not enabled in the report.
41 -p rrd_path
43 Set path to RRD files. Defaults to ".".
44 -P rrd_postfix
46 Set RRD file name postfix. Defaults to "".
47 -r rrd_storage
49 Set RRD storage for 5 minute, 30 minute, 2 hour, and 1 day data‐
50 bases. List items are : seperated. Defaults to 600:600:600:732.
51 -v Enable verbose output.
53
55 The following example shows the combined use of flow-nfilter (inline),
56 flow-report, and flow-rpt2rrd to create an RRD depicting traffic
57 from clmbo-r4 to AS 10796 and 6478 for 2004-11-08. rrdtool graph is
58 then used to create a .png.
59 #!/bin/sh
61 cat << EOF>report.cfg
63 include-filter nfilter.cfg
65 stat-report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
67 type destination-as
68 filter CLMBO-R4-INTERNET-OUT
69 scale 100
70 output
71 options +header,+xheader
72 fields -duration
73 stat-definition 5min-summaries
75 report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
76 EOF
77 cat << EOF>nfilter.cfg
79 # ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.46 = so-0/0/0.0
80 filter-primitive CLMBO-R4-INTERNET
81 type ifindex
82 permit 46
83 # Match on traffic to the Internet
85 filter-definition CLMBO-R4-INTERNET-OUT
86 match output-interface CLMBO-R4-INTERNET
87 EOF
88 mkdir rrds
90 # 5 minute flow files from flow-capture are here
92 FLOW_DATA=/flows/clmbo-r4/2004-11-08/
93 # for each 5 minute flow,aggregate with flow-report then store to RRD
95 for name in $FLOW_DATA/*; do
96 echo working...$name
97 flow-report -s report.cfg -S5min-summaries < $name | flow-rpt2rrd -k10796,6478 -p rrds
98 done
99 # first flow - 0:1:23 11/8/2004
101 START=1099890083
102 # last flow - 0:1:25 11/9/2004
103 END=1099976485
104 rrdtool graph CLMBO-R4-TO-INTERNET.png --start $START --end $END \
106 --vertical-label "Bits/Second" --title="CLMBO-R4 TO INTERNET BY AS" \
107 DEF:AS10796in=rrds/10796.rrd:octets:AVERAGE \
108 DEF:AS6478in=rrds/6478.rrd:octets:AVERAGE \
109 CDEF:b_AS10796in=AS10796in,8,* \
110 CDEF:b_AS6478in=AS6478in,8,* \
111 LINE1:b_AS10796in#FF0000:AS10796-in \
112 LINE1:b_AS6478in#555555:AS6478-in \
113
116 Hard coded to expect 5 minute flow file intervals. Does not properly
117 parse flow-report time-series output.
118
120 Mark Fullmer <maf@splintered.net>
121
123 flow-tools(1)
124 26 Август 2010 FLOW-RPT2RRD(1)