Graphs from SQL Data

Carter Bullard carter at qosient.com
Wed Aug 3 09:23:34 EDT 2011 

Hey Jonathan,
If the argus record was included in the database schema, (default behavior) the concept is to use rasql() to read the data from the database to build a cache, and then to use that cache to generate graphs using ragraph(), or whatever.
Fetch data from the database based on time, and then reuse that cache to create any graphs you're interested in.

Something like:
    rasql -r mysql://user@host/db/table -t sdate-edate -w /tmp/argus.data.cache
    ragraph spkts dpkts -M time 1m -m srcid -r /tmp/argus.data.cache -t sdate-edate 

You can create an hourly cache, graph hourly stats, and then blow away the caches, and move to the next hour.
Better to fetch a 10-15 seconds before the beginning of the time period you're interested in graphing, and seconds added after, so you get all the data that contributes to your time period of interest.

You can pipe rasql() output into programs like rabins() that will do flow data aggregation on both flow key and time, if the primitive data is too big.
If you want to generate hourly graphs of aggregated data and matrix/16 data is a reasonable starting point for your reports, and seconds resolution is good, then something like:
    rasql -r mysql://user@host/db/table -t sdate-edate -w - | \
       rabins -M time 1s -m matrix/16  -w /tmp/argus.data.cache
   
This will precondition the data for ragraph(), and reduce the total amount of data needed.  Then:
   ragraph spkts dpkts -M time 1m -r /tmp/argus.data.cache - src net 2.3.0.0/16

While this may not be useful, hopefully that introduces some concepts that will help you out.

If you exposed the metrics you're interested in as columns in your db schema, you can use mysql() to dump data, and
use excel or gnuplot to graph the data.

Lots of strategies, send email with experiences, especially if its not working for you.
Hope this is helpful,
Carter

On Aug 3, 2011, at 8:50 AM, Jonathan Tripathy wrote:

> Hi Everyone,
> 
> If I use rasqlinsert to connect to an argus stream, and write the output data to a MYSQL database, is there a way to use ragraph to create a nice RRD graph from the data in the database?
> 
> Thanks
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110803/c4f89e43/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110803/c4f89e43/attachment.bin>

More information about the argus mailing list