graph of bytes against protocols for network loop detection?
Marten Bauer
Marten.Bauer at gmx.net
Mon Mar 3 07:52:30 EST 2008
Hallo Carter,
thanks for your help and the gnuplot script.
Last week I tried to code an plot with
python/matplot and did the following.
1. Copy argus.logs from Server to my
workstation
2. Split the logfiles into hourly basis
(to isolate the moment when the
network loop appeares etc.)
The result are hundreds of files
3. racluster the hundred of files to get
a distribution of bytes against
protocols:
"racluster -m proto -r %s -s proto
sbytes dbytes spkts dpkts load >
%s"%(inputfile,outputfile)
4. read the files and create a data
structure
5. Plot this data into various plots
It's working fine with 2d plots and
today I will try to make an 3d plot.
Is it possible to do step 2. and 3. in
an easier way to get the same result?
Thx for helping
Carter Bullard schrieb:
> Hey Marten,
> Here is a simple gnuplot plot file that will generate a graph
> of 'Total Bytes By Protocol" using argus data. This graphs src and
> dst bytes per protocol separately, if you want just total bytes,
> then the change is really simple.
>
> There are a few things that you will want to modify, like adding
> a date string to the title, etc, but this should be a good start for
> you.
>
> So assuming your gnuplot is installed in /opt/local/bin/gnuplot
> (change the first line if this needs to be changed), put the included
> script in the file 'barchart.bytesxproto.plt" and then:
>
> % chmod 755 barchart.bytesxproto.plt
> % racluster -m proto -r argus.out -s proto spkts dpkts sbytes
> dbytes > racluster.dat
> % ./barchart.bytesxproto.plt
>
> And you'll get a window that pops up with a graph in it.
>
> If you want to discuss how to get other graphs out of argus data,
> just send email to the list and we'll talk about it.
>
> Carter
>
> ------ begin barchart.bytesxproto.plt ------
> #!/opt/local/bin/gnuplot -persist
> #
> # G N U P L O T
> # Version 4.2 patchlevel 2
> # last modified 31 Aug 2007
> # System: Darwin 9.2.0
> #
> # Copyright (C) 1986 - 1993, 1998, 2004, 2007
> # Thomas Williams, Colin Kelley and many others
> #
> # Type `help` to access the on-line reference manual.
> # The gnuplot FAQ is available from http://www.gnuplot.info/faq/
> #
> # Send bug reports and suggestions to
> <http://sourceforge.net/projects/gnuplot>
> #
> #
> reset
> #
> # Create simple barchart of Total Bytes by Protocol
> # The racluster.dat file was generated using:
> #
> # racluster -m proto -r argus.out -s proto spkts dpkts sbytes dbytes
> #
> # And is of the format:
> #
> # Proto SrcPkts DstPkts SrcBytes DstBytes
> # pim 53267 18086 48793554 1085160
> # ospf 1764 0 213220 0
> # [more]
> #
> set termoption font "Verdana, 12"
> set size square 0.90,0.90
> set bmargin 4
> set title "Total Bytes By Protocol" font "Verdana,22"
> set style data histogram
> set style histogram cluster gap 1
> set style fill solid border -1
> set tics font "Verdana,14"
> set boxwidth 0.80
> set grid
> set ylabel "Log Total Bytes" font "Verdana,18"
> set logscale y 10
> set auto y
> set label 1 "Generated by Argus using Gnuplot"
> set label 1 at graph 1.02, 0.62 rotate by 90 font "Verdana,9"
> #
> set key autotitle columnhead
> plot 'racluster.dat' using 4:xticlabels(1) ti col, \
> '' using 5 ti col
> #
>
>
> ------ end barchart.bytesxproto.plt ------
>
>
> On Feb 27, 2008, at 1:52 AM, Marten Bauer wrote:
>
>> Hello,
>>
>> for detecting network loops I need a graph which
>> prints the protocol on the x axes and the amount of
>> bytes on the y axes.
>>
>> I tried to archive this with ragraph, but I never got
>> what I want.
>>
>> Is it possible with ragraph or another ra* tool to
>> generate such plot?
>>
>> Thx for helping
>> Marten
>>
>
More information about the argus
mailing list