Provided by: flow-tools_0.68-12.3build2_amd64 
flow-rpt2rrd(1) General Commands Manual flow-rpt2rrd(1)
NAME
flow-rpt2rrd — Convert flow-report CSV output to RRDtool format.
SYNOPSIS
flow-rpt2rrd [-nv] [-d debug_level] [-k keys] [-K keys_file] [-f fields] [-p
rrd_path] [-P rrd_postfix] [-r rrd_storage]
DESCRIPTION
The flow-rpt2rrd utility processes the CSV output of flow-report into RRDtool format. The
aggregates for a key are each stored as a DS in RRD filename
{rrd_path,"/",key,rrd_postfix,".rrd"}. By default a DS is created for flows, octets, and
packets. The key must be specified, for example an ip-port report could use
smtp,nntp,ssh,telnet as the keys which would create a separate RRD for each key.
OPTIONS
-d debug_level
Set debug level to debug_level (debugging code)
-h Help.
-k keys|html
Comma separated list of key values. If the report has symbols then the key must
be the symbol, ie smtp not 25. The totals_* lines may be used if they are
enabled in the report. There is no default, keys must be specified with -k or
-K.
-K keys_file
Load keys from keys_file. See -k.
-f Comma separated list of columns to store. Each column maps to a DS in the RRD.
Defaults to flows,octets,packets
-n Enable symbol table lookups. For example TCP port 25 = smtp. This will result
in RRD file names with the symbolic names if symbol lookups were not enabled in
the report.
-p rrd_path
Set path to RRD files. Defaults to ".".
-P rrd_postfix
Set RRD file name postfix. Defaults to "".
-r rrd_storage
Set RRD storage for 5 minute, 30 minute, 2 hour, and 1 day databases. List
items are : seperated. Defaults to 600:600:600:732.
-v Enable verbose output.
EXAMPLES
The following example shows the combined use of flow-nfilter (inline),
flow-report, and flow-rpt2rrd to create an RRD depicting traffic
from clmbo-r4 to AS 10796 and 6478 for 2004-11-08. rrdtool graph is
then used to create a .png.
#!/bin/sh
cat << EOF>report.cfg
include-filter nfilter.cfg
stat-report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
type destination-as
filter CLMBO-R4-INTERNET-OUT
scale 100
output
options +header,+xheader
fields -duration
stat-definition 5min-summaries
report CLMBO-R4-TO-INTERNET-BY-DESTINATION-AS
EOF
cat << EOF>nfilter.cfg
# ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.46 = so-0/0/0.0
filter-primitive CLMBO-R4-INTERNET
type ifindex
permit 46
# Match on traffic to the Internet
filter-definition CLMBO-R4-INTERNET-OUT
match output-interface CLMBO-R4-INTERNET
EOF
mkdir rrds
# 5 minute flow files from flow-capture are here
FLOW_DATA=/flows/clmbo-r4/2004-11-08/
# for each 5 minute flow,aggregate with flow-report then store to RRD
for name in $FLOW_DATA/*; do
echo working...$name
flow-report -s report.cfg -S5min-summaries < $name | flow-rpt2rrd -k10796,6478 -p rrds
done
# first flow - 0:1:23 11/8/2004
START=1099890083
# last flow - 0:1:25 11/9/2004
END=1099976485
rrdtool graph CLMBO-R4-TO-INTERNET.png --start $START --end $END --vertical-label "Bits/Second" --title="CLMBO-R4 TO INTERNET BY AS" DEF:AS10796in=rrds/10796.rrd:octets:AVERAGE DEF:AS6478in=rrds/6478.rrd:octets:AVERAGE CDEF:b_AS10796in=AS10796in,8,* CDEF:b_AS6478in=AS6478in,8,* LINE1:b_AS10796in#FF0000:AS10796-in LINE1:b_AS6478in#555555:AS6478-in .fi
BUGS
Hard coded to expect 5 minute flow file intervals. Does not properly parse flow-report
time-series output.
AUTHOR
Mark Fullmer maf@splintered.net
SEE ALSO
flow-tools(1)
flow-rpt2rrd(1)