Graphs from SQL Data
Jonathan Tripathy
jonnyt at abpni.co.uk
Wed Aug 3 09:30:33 EDT 2011
-----Original Message-----
From: Carter Bullard [mailto:carter at qosient.com]
Sent: Wed 03/08/2011 14:23
To: Jonathan Tripathy
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Graphs from SQL Data
Hey Jonathan,
If the argus record was included in the database schema, (default behavior) the concept is to use rasql() to read the data from the database to build a cache, and then to use that cache to generate graphs using ragraph(), or whatever.
Fetch data from the database based on time, and then reuse that cache to create any graphs you're interested in.
Something like:
rasql -r mysql://user@host/db/table -t sdate-edate -w /tmp/argus.data.cache
ragraph spkts dpkts -M time 1m -m srcid -r /tmp/argus.data.cache -t sdate-edate
You can create an hourly cache, graph hourly stats, and then blow away the caches, and move to the next hour.
Better to fetch a 10-15 seconds before the beginning of the time period you're interested in graphing, and seconds added after, so you get all the data that contributes to your time period of interest.
You can pipe rasql() output into programs like rabins() that will do flow data aggregation on both flow key and time, if the primitive data is too big.
If you want to generate hourly graphs of aggregated data and matrix/16 data is a reasonable starting point for your reports, and seconds resolution is good, then something like:
rasql -r mysql://user@host/db/table -t sdate-edate -w - | \
rabins -M time 1s -m matrix/16 -w /tmp/argus.data.cache
This will precondition the data for ragraph(), and reduce the total amount of data needed. Then:
ragraph spkts dpkts -M time 1m -r /tmp/argus.data.cache - src net 2.3.0.0/16
While this may not be useful, hopefully that introduces some concepts that will help you out.
If you exposed the metrics you're interested in as columns in your db schema, you can use mysql() to dump data, and
use excel or gnuplot to graph the data.
Lots of strategies, send email with experiences, especially if its not working for you.
Hope this is helpful,
Carter
On Aug 3, 2011, at 8:50 AM, Jonathan Tripathy wrote:
> Hi Everyone,
>
> If I use rasqlinsert to connect to an argus stream, and write the output data to a MYSQL database, is there a way to use ragraph to create a nice RRD graph from the data in the database?
>
> Thanks
>
--------------------------------------------------------------------------
Hi Carter,
Thanks for your fantastic support!
I give your hints a go tonight and I'll send you my results!
Thanks
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110803/0ad7debf/attachment.html>
More information about the argus
mailing list