Getting total traffic counts for a specific host

Thu Aug 28 14:25:09 EDT 2008

if your data is in hourly directories (like mine :) then I'd do  
something like (pseudo perl):

my $ip = shift;

chdir <top of hierarch>

#read directory to get all days and select what you want
# - alternatively write a loop that generates the days

opendir(DIR, '.' )
my @days = grep(/pattern/, readdir(DIR));
close DIr;

my $grand_total = 0;

foreach my $day (@days) {
   open(DAY, "racount -r $day/* - host $ip |) or warn "..."  # need  
option to suppress header ?
   my( $cant, $remember, $what $all, $the, $fields, $are,  
$total_bytes) = split(/ +/, <DAY>);
   close DAY;

   $grand_total += $total_bytes;
}

print "$grand_total\n";

There are other ways of doing it of course but this is what occured to  
me off the top of my head.

Russell

On 28/08/2008, at 11:23 PM, David wrote:

> Firstly thanks for all the previous help.  I have now imported all my
> data again and split it up by day, which is much more manageable.
>
> I am trying to solve the following problem but can't think where to
> begin.  I want to pick out one host from my argus files and work out
> the total traffic to/from it over a few months.  Calculating this in 6
> hour blocks would be a good starting point.
>
> If I can get an approximation as if I had sampled the interface
> statistics every 6 hours over a few months (for src pkts, src bytes,
> dst pkts & dst btyes), that would be excellent.
>
> I'm not sure how to aggregate over a 6 hour period (though I think
> rabins should help) nor how to ensure that src and dst always refer to
> the same 'direction' to or from the machine.
>
> Does this make sense?
>
> Regards,
>
> David
>