rrdtool

CS Lee geek00l at gmail.com
Mon Sep 14 21:40:55 EDT 2009 

hi Carter,

I recall you mention this in mailing list and I would like to paste it here
again -

Gentle people,
With the new URL/URI output strategies, its now time to talk about
additional
output methods in argus and the ra* programs.

In particular, writing out argus metrics to rrd's seems like a natural
thing
to do, as many systems like Ganglia (just as an example) poke some of
their data into rrd's and use tobias's graphing to generate strip
charts.
We do the same thing with ragraph(), but delete the rrds when we're
done.

I'm thinking that this maybe the way to integrate argus data with
systems
like MRTG, Zenoss, etc... as we can populate rrd's and have the other
system do the drawing etc....

I'm thinking that this scenario may be useful as a place to start the
discussion.

Writing to rrd;s could be as simple as:

    rabins -S radium -B 5s -M rmon hard time 60s -m srcid saddr  \
       -s spkts dpkts sbytes dbytes sloss dloss \
       -w rrd-file:://path/to*/rrds/*\$srcid_\$addr_data

This example sez, write the 60s source and destination packet totals,
byte
totals, and loss metrics for specific IP addresses, to an rrd titled
with the
probe id and IP address.

If you were to replace the "rrd-file" with "mysql" all would work the
same,
just the data would go into a mysql table, rather than an rrd file
(RRA).

Rabins() is the program or choice. It generates 'bin' metrics, that are
"hard" aligned to a 60 second boundary (*rrdtool* really needs data
to conform to its concepts of time). The -B option causes rabins() to
hold data for 5 seconds before 'outputing' so that you get all the data
in from your remote argi/radii, and the "-m srcid saddr" with the
"-M rmon" option makes it so that the data is rmon style data for
the IP addresses seen in the stream.

just a few thoughts, ...., so what do you think?  Would direct rrd
support be of interest?


I definitely like to see it implemented if we can write to rrd file directly
so graph can be plotted easily, I think others may want it(seeing ragraph is
used by others as well).

Cheers ;)

-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090915/19adc5b7/attachment.html>

More information about the argus mailing list