small scrip contribution
Fabien COELHO
coelho at cri.ensmp.fr
Tue May 22 05:55:51 EDT 2001
Hello,
Please find enclosed a magnificent perl script and two additionnal small
scripts I wrote with my very own little fingers. The object is to collect
line quality data (well, really TCP/IP retransmission rates) aggregated
with different criterions (that is by dst ip, src ip, size, hour...). I
needed this feature to analyse a particular problem here, and could
not find how to do it directly with argus privided commands. The script
takes as input a xml argus flow and collects statistics.
example usage :
shell> raxml -n -r argusfile.gz - tcp port 80 and ... |\
raqual.pl --group-by=dip --drate=1.1 | units.pl | tabify.pl
DstIP rate src-rate dst-rate #src-retrans #src-packets src-volume #dst-retrans #dst-packets dst-volume
193.48.171.100 1.09 1.04 1.13 1.6K 38.4K 3.6M 6.0K 45.2K 22.2M
193.48.171.196 1.47 1.01 1.88 37 3.4K 259.4K 3.5K 3.9K 3.6M
193.48.171.231 1.06 1.01 1.1 4.2K 304.4K 29.3M 38.9K 385.5K 314.1M
193.48.171.232 1.31 1.01 1.59 598 58.5K 4.7M 38.3K 64.5K 50.8M
193.48.171.244 1.39 1.01 1.74 447 25.8K 2.1M 20.9K 27.9K 26.0M
193.48.171.247 1.41 1.01 1.74 4.5K 386.0K 32.0M 344.0K 461.8K 412.3M
193.48.171.251 1.32 1.01 1.59 76 3.8K 333.3K 2.6K 4.3K 3.7M
193.48.171.99 1.08 1 1.14 1 5.1K 311.2K 1.1K 8.0K 11.7M
193.48.180.195 1.06 1.02 1.1 1.6K 79.9K 12.8M 9.9K 94.2K 81.7M
* 1.14 1.03 1.24 61.7K 1.9M 318.4M 535.9K 2.2M 1.5G
It is still partial, but I thought it might be useful to someone in that
state. Might be put in some contrib directory in the distribution.
Hope this help, have a nice day anyway,
--
Fabien.
-------------- next part --------------
#! /usr/local/bin/perl -w
#
# $Id: raqual.pl,v 1.5 2001/05/21 15:36:20 coelho Exp $
#
# collects and summarizes quality figures for TCP connexions
# input : argus XML file
#
# option management
use Getopt::Long;
$repeatdrate = '';
$repeatsrate = '';
$repeatrate = '';
$dvolume = '';
$svolume = '';
$volume = '';
$group = '';
$all = 0;
GetOptions('group-by=s' => \$group,
'drate=f' => \$repeatdrate, 'dvolume=i' => \$dvolume,
'srate=f' => \$repeatsrate, 'svolume=i' => \$svolume,
'rate=f' => \$repeatrate, 'volume=i' => \$volume,
'help' => \&help)
or die "invalid option ($!), try --help";
if ($group)
{
if ($group eq 'dip') { $key=\$dip; $type='DstIP'; }
elsif ($group eq 'sip') { $key=\$sip; $type='SrcIP'; }
elsif ($group eq 'hour') { $key=\$h; $type='Hour'; }
elsif ($group eq 'dsize') { $key=\$dsx; $type='DstSize'; }
elsif ($group eq 'ssize') { $key=\$ssx; $type='SrcSize'; }
elsif ($group eq 'size') { $key=\$sx; $type='Size'; }
else { die "unexpected group by option ($group)"; }
}
if (not ($repeatrate or $repeatdrate or $repeatrate or
$dvolume or $svolume or $volume))
{
$all = 1;
}
# collect loop
while (<>)
{
if (/LastTime = \"U(\d+)/) { $h = (localtime($1))[2]; }
# source data
if (/SrcIPAddr = \"([0-9\.]+)/) { $sip = $1; }
if (/SrcTCPRetrans = \"(\d+)/) { $sr = $1; }
if (/SrcCount = \"(\d+)/) { $sc = $1; }
if (/SrcBytes = \"(\d+)/) { $sb = $1; }
# dest data
if (/DstIPAddr = \"([0-9\.]+)/) { $dip = $1; }
if (/DstTCPRetrans = \"(\d+)/) { $dr = $1; }
if (/DstCount = \"(\d+)/) { $dc = $1; }
if (/DstBytes = \"(\d+)/) { $db = $1; }
if (/DstBytes/)
{
$dsx = int($db/100000);
$ssx = int($sb/100000);
$sx = int(($db+$sb)/100000);
$dstretrans{$$key} += $dr;
$dstcount{$$key} += $dc;
$dstbytes{$$key} += $db;
$srcretrans{$$key} += $sr;
$srccount{$$key} += $sc;
$srcbytes{$$key} += $sb;
}
}
# show result
# header
print "$type rate src-rate dst-rate " .
"#src-retrans #src-packets src-volume " .
"#dst-retrans #dst-packets dst-volume\n";
# contents
for $i (sort keys %dstretrans)
{
$show = $all
| testandcompute($dstretrans{$i}, $dstcount{$i}, $dstbytes{$i},
$repeatdrate, $dvolume, \$drate)
| testandcompute($srcretrans{$i}, $srccount{$i}, $srcbytes{$i},
$repeatsrate, $svolume, \$srate)
| testandcompute($dstretrans{$i}+$srcretrans{$i},
$dstcount{$i}+$srccount{$i},
$dstbytes{$i}+$srcbytes{$i},
$repeatrate, $volume, \$rate);
if ($show)
{
print "$i $rate $srate $drate " .
"$srcretrans{$i} $srccount{$i} $srcbytes{$i} " .
"$dstretrans{$i} $dstcount{$i} $dstbytes{$i}\n";
}
# anyway, count
$tsr += $srcretrans{$i};
$tsu += $srccount{$i};
$tsv += $srcbytes{$i};
$tdr += $dstretrans{$i};
$tdu += $dstcount{$i};
$tdv += $dstbytes{$i};
}
# summary
$rate = ($tdu+$tsu)? ($tdr+$tdu+$tsr+$tsu)/($tdu+$tsu): 1;
$drate = $tdu? ($tdr+$tdu)/$tdu: 1;
$srate = $tsu? ($tsr+$tsu)/$tsu: 1;
print "* ", cent($rate), " ", cent($srate), " ", cent($drate),
" $tsr $tsu $tsv $tdr $tdu $tdv\n";
# give some help
sub help
{
print
"raqual.pl [options] argus-xml-files\n" .
"\t--group-by=(dip|sip|hour|dsize|ssize|size): " .
"group by destination IP, ...\n" .
"\t--help: give this help\n" .
"\t--(d|s|)rate=f: repetition (dst|src|) rate (1.0 or greater)\n" .
"\t--(d|s|)volume=i: minimum (dst|src|) volume to report, in bytes\n";
exit 0;
}
# round to the cent
sub cent
{
return int(100*$_[0])/100;
}
# returns: whether ok
# modify rate-variable
# (#retrans, #count, #bytes, min-rate, min-bytes, rate-variable-reference)
sub testandcompute
{
my ($r,$c,$b,$mr,$mc,$prate) = @_;
$$prate = cent($c? ($r+$c)/$c: 1);
$result = ((($mr and $$prate>=$mr) or not $mr)
and (($mc and $b>=$mc) or not $mc)
and ($mc or $mr))? 1: 0;
# $, = ' '; print @_, "$$prate $result\n";
return $result;
}
-------------- next part --------------
#! /usr/local/bin/perl -wp
#
# prettyprint computer units.
#
s/([ \t]\d+)(\d)\d{11}\b/$1.$2T/g;
s/([ \t]\d+)(\d)\d{8}\b/$1.$2G/g;
s/([ \t]\d+)(\d)\d{5}\b/$1.$2M/g;
s/([ \t]\d+)(\d)\d{2}\b/$1.$2K/g;
-------------- next part --------------
#! /usr/local/bin/perl -wp
s/^\s+//;
s/ +/\t/g;
More information about the argus
mailing list