Use RRDtool to easily generate graphs for just about anything.

You may be familiar with graphing bandwidth usage with tools such as MRTG. From a security standpoint it’s useful to graph bandwidth usage, since it can help you spot anomalous behavior. Having a history of typical bandwidth usage gives you a baseline to judge what’s going on. This can make it easier to determine if somebody is performing a DoS attack on your site, or if a machine on your network is acting as a Warez depot.

RRDtool (http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/) provides similar functionality to MRTG, but it is much more flexible. RRDtool is basically a tool for storing data in a general-purpose database that will never grow in size. RRD stands for round-robin database , which is a special type of database that maintains a fixed number of entries—the oldest entry is constantly being replaced by the newest data. RRDtool also has the ability to generate graphs of the data contained in a round-robin database.

The most common use of RRDtool is to make pretty bandwidth graphs. This is easily done with RRDtool and snmpget , a utility that queries devices managed with SNMP. First, you’ll need to create a round-robin database by running a command similar to this one:

$ rrdtool create zul.rrd --start N \
            DS:de0_in:COUNTER:600:U:U \
            DS:de0_out:COUNTER:600:U:U \
            RRA:AVERAGE:0.5:1:600 \
            RRA:AVERAGE:0.5:6:700 \
            RRA:AVERAGE:0.5:24:775 \
            RRA:AVERAGE:0.5:288:797 \
            RRA:MAX:0.5:1:600 \
            RRA:MAX:0.5:6:700 ...