flow-rpt2rrd(1) [debian man page]

flow-rpt2rrd(1) 					      General Commands Manual						   flow-rpt2rrd(1)

NAME

       flow-rpt2rrd -- Convert flow-report CSV output to RRDtool format.

SYNOPSIS

       flow-rpt2rrd [-nv]  [-d debug_level]  [-k keys]	[-K keys_file]	[-f fields]  [-p rrd_path]  [-P rrd_postfix]  [-r rrd_storage]

DESCRIPTION

       The  flow-rpt2rrd utility processes the CSV output of flow-report into RRDtool format.  The aggregates for a key are each stored as a DS in
       RRD filename {rrd_path,"/",key,rrd_postfix,".rrd"}.  By default a DS is created for flows, octets, and packets.	The key must be specified,
       for example an ip-port report could use smtp,nntp,ssh,telnet as the keys which would create a separate RRD for each key.

OPTIONS

       -d debug_level
		 Set debug level to debug_level (debugging code)

       -h	 Help.

       -k keys|html
		 Comma	separated  list  of  key values.  If the report has symbols then the key must be the symbol, ie smtp not 25.  The totals_*
		 lines may be used if they are enabled in the report.  There is no default, keys must be specified with -k or -K.

       -K keys_file
		 Load keys from keys_file.  See -k.

       -f	 Comma separated list of columns to store.  Each column maps to a DS in the RRD.  Defaults to flows,octets,packets

       -n	 Enable symbol table lookups.  For example TCP port 25 = smtp.	This will result in RRD file names with the symbolic names if sym-
		 bol lookups were not enabled in the report.

       -p rrd_path
		 Set path to RRD files.  Defaults to ".".

       -P rrd_postfix
		 Set RRD file name postfix.  Defaults to "".

       -r rrd_storage
		 Set RRD storage for 5 minute, 30 minute, 2 hour, and 1 day databases.	List items are : seperated.  Defaults to 600:600:600:732.

       -v	 Enable verbose output.

EXAMPLES

       The following example shows the combined use of flow-nfilter (inline),
       flow-report, and flow-rpt2rrd to create an RRD depicting traffic
       from clmbo-r4 to AS 10796 and 6478 for 2004-11-08.  rrdtool graph is
       then used to create a .png.

       #!/bin/sh

       cat << EOF>report.cfg

       include-filter nfilter.cfg

       stat-report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
	 type destination-as
	 filter CLMBO-R4-INTERNET-OUT
	 scale 100
	 output
	   options +header,+xheader
	   fields -duration

       stat-definition 5min-summaries
	 report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
       EOF

       cat << EOF>nfilter.cfg
       # ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.46 = so-0/0/0.0
       filter-primitive CLMBO-R4-INTERNET
	 type ifindex
	 permit 46

       # Match on traffic to the Internet
       filter-definition CLMBO-R4-INTERNET-OUT
	 match output-interface CLMBO-R4-INTERNET
       EOF

       mkdir rrds

       # 5 minute flow files from flow-capture are here
       FLOW_DATA=/flows/clmbo-r4/2004-11-08/

       # for each 5 minute flow,aggregate with flow-report then store to RRD
       for name in $FLOW_DATA/*; do
	 echo working...$name
	 flow-report -s report.cfg -S5min-summaries < $name | flow-rpt2rrd -k10796,6478  -p rrds
       done

       # first flow - 0:1:23 11/8/2004
       START=1099890083
       # last flow - 0:1:25 11/9/2004
       END=1099976485

       rrdtool graph CLMBO-R4-TO-INTERNET.png --start $START --end $END 	--vertical-label "Bits/Second" --title="CLMBO-R4 TO INTERNET BY AS"	    DEF:AS10796in=rrds/10796.rrd:octets:AVERAGE 	DEF:AS6478in=rrds/6478.rrd:octets:AVERAGE	  CDEF:b_AS10796in=AS10796in,8,*	 CDEF:b_AS6478in=AS6478in,8,*	      LINE1:b_AS10796in#FF0000:AS10796-in	  LINE1:b_AS6478in#555555:AS6478-in .fi

BUGS

       Hard coded to expect 5 minute flow file intervals.  Does not properly parse flow-report time-series output.

AUTHOR

       Mark Fullmer maf@splintered.net

SEE ALSO

       flow-tools(1)

																   flow-rpt2rrd(1)