Graph Trends
Use RRDtool to easily generate graphs for just about anything.
You may be familiar with graphing bandwidth usage with tools such as MRTG. From a security standpoint it’s useful to graph bandwidth usage, since it can help you spot anomalous behavior. Having a history of typical bandwidth usage gives you a baseline to judge what’s going on. This can make it easier to determine if somebody is performing a DoS attack on your site, or if a machine on your network is acting as a Warez depot.
RRDtool
(http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/)
provides similar functionality to MRTG, but it is much more
flexible.
RRDtool is basically a tool for
storing data in a general-purpose database that will never grow in
size. RRD stands for
round-robin
database
, which is a special type of
database that maintains a fixed number of entries—the oldest
entry is constantly being replaced by the newest data. RRDtool
also has the ability to generate graphs of the data
contained in a round-robin database.
The most common use of RRDtool
is to make pretty
bandwidth graphs. This is easily
done with RRDtool
and
snmpget
, a utility that queries devices managed
with SNMP.
First, you’ll need to create a
round-robin database by running a command similar to this one:
$ rrdtool create zul.rrd --start N \
DS:de0_in:COUNTER:600:U:U \
DS:de0_out:COUNTER:600:U:U \
RRA:AVERAGE:0.5:1:600 \
RRA:AVERAGE:0.5:6:700 \
RRA:AVERAGE:0.5:24:775 \
RRA:AVERAGE:0.5:288:797 \
RRA:MAX:0.5:1:600 \
RRA:MAX:0.5:6:700 ...
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.