This is the command flow-rpt2rrd that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
flow-rpt2rrd — Convert flow-report CSV output to RRDtool format.
SYNOPSIS
flow-rpt2rrd [-nv] [-d debug_level] [-k keys] [-K keys_file] [-f fields] [-p
rrd_path] [-P rrd_postfix] [-r rrd_storage]
DESCRIPTION
The flow-rpt2rrd utility processes the CSV output of flow-report into RRDtool format. The
aggregates for a key are each stored as a DS in RRD filename
{rrd_path,"/",key,rrd_postfix,".rrd"}. By default a DS is created for flows, octets, and
packets. The key must be specified, for example an ip-port report could use
smtp,nntp,ssh,telnet as the keys which would create a separate RRD for each key.
OPTIONS
-d debug_level
Set debug level to debug_level (debugging code)
-h Help.
-k keys|html
Comma separated list of key values. If the report has symbols then the key must
be the symbol, ie smtp not 25. The totals_* lines may be used if they are
enabled in the report. There is no default, keys must be specified with -k or
-K.
-K keys_file
Load keys from keys_file. See -k.
-f Comma separated list of columns to store. Each column maps to a DS in the RRD.
Defaults to flows,octets,packets
-n Enable symbol table lookups. For example TCP port 25 = smtp. This will result
in RRD file names with the symbolic names if symbol lookups were not enabled in
the report.
-p rrd_path
Set path to RRD files. Defaults to ".".
-P rrd_postfix
Set RRD file name postfix. Defaults to "".
-r rrd_storage
Set RRD storage for 5 minute, 30 minute, 2 hour, and 1 day databases. List
items are : seperated. Defaults to 600:600:600:732.
-v Enable verbose output.
EXAMPLES
The following example shows the combined use of flow-nfilter (inline),
flow-report, and flow-rpt2rrd to create an RRD depicting traffic
from clmbo-r4 to AS 10796 and 6478 for 2004-11-08. rrdtool graph is
then used to create a .png.
#!/bin/sh
cat << EOF>report.cfg
include-filter nfilter.cfg
stat-report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
type destination-as
filter CLMBO-R4-INTERNET-OUT
scale 100
output
options +header,+xheader
fields -duration
stat-definition 5min-summaries
report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
EOF
cat << EOF>nfilter.cfg
# ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.46 = so-0/0/0.0
filter-primitive CLMBO-R4-INTERNET
type ifindex
permit 46
# Match on traffic to the Internet
filter-definition CLMBO-R4-INTERNET-OUT
match output-interface CLMBO-R4-INTERNET
EOF
mkdir rrds
# 5 minute flow files from flow-capture are here
FLOW_DATA=/flows/clmbo-r4/2004-11-08/
# for each 5 minute flow,aggregate with flow-report then store to RRD
for name in $FLOW_DATA/*; do
echo working...$name
flow-report -s report.cfg -S5min-summaries < $name | flow-rpt2rrd -k10796,6478 -p rrds
done
# first flow - 0:1:23 11/8/2004
START=1099890083
# last flow - 0:1:25 11/9/2004
END=1099976485
rrdtool graph CLMBO-R4-TO-INTERNET.png --start $START --end $END --vertical-label "Bits/Second" --title="CLMBO-R4 TO INTERNET BY AS" DEF:AS10796in=rrds/10796.rrd:octets:AVERAGE DEF:AS6478in=rrds/6478.rrd:octets:AVERAGE CDEF:b_AS10796in=AS10796in,8,* CDEF:b_AS6478in=AS6478in,8,* LINE1:b_AS10796in#FF0000:AS10796-in LINE1:b_AS6478in#555555:AS6478-in .fi
Use flow-rpt2rrd online using onworks.net services
