ragraph w/large files

[Ken A]

Carter Bullard wrote:
> Hey Ken,
> When you are graphing objects like ports, you can use the aggregation
> features of ragraph() to minimize the memory use.   What are the
> command line arguments you are using for ragraph?


ragraph dbytes sbytes dport -M 5m -t $time -fill -stack -invert -title 
\"$title\" $log -w $filename $filter

So '-m dport' will do the right thing?

Ken


> 
> Carter
> 
> On Dec 24, 2008, at 12:21 PM, Ken A wrote:
> 
>> Hey all,
>>
>> I'm writing a php script to webify using ragraph, but I've run into a 
>> problem. Giving ragraph a lot of data sometimes results in rabins 
>> eating nearly all system memory (2gb in this case), or ragraph 
>> generating a very huge but empty, one color graph image. This happens 
>> when I tell ragraph to read (-R) and process ("sbytes dbytes dport") 
>> log directories that total in size ~200mb or more.
>>
>> I've hacked in a 'max-ports-to-graph' command line argument with 2 
>> additional lines in ragraph around line 918 and 960:
>> if($i > $max_ports_to_graph) { last; }
>> This forces ragraph out of it's processing after it's finished a 
>> certain number of ports and reduces the size of the image generated.
>>
>> Is this a dumb thing to do, or is there a better way? Typically, when 
>> I want to look at larger time periods, I am interested in ports that 
>> will be in the top 100 ports.
>>
>> Thanks,
>>
>> Ken
>>
>>
>> -- 
>> Ken Anderson
>> http://www.pacific.net/
>>
>>
> 


-- 
Ken Anderson
http://www.pacific.net/
(707) 468-1005