[Ntop] queries regarding rrd & ntop

Mon, 24 Feb 2003 23:41:38 -0800 

Hi all 

  as suggested i have upgraded to the latest version
of ntop now , it's working fine , now the problem is 
i am monitoring following protocols using NMAP.Here is
my startup command for ntop

ntop -u root -i eth0 -a /var/log/ntop-access.log -r
1200 -w 3000 -P /usr/share/ntop/ -p
"FTP=ftp|ftp-data,HTTP=http|www|https,DNS=name|domain,Telnet=telnet|login,NBios-IP=netbios-ns|netbios-dgm|netbios-ssn,Mail=pop2|pop3|kpop|smtp|imap2,SNMP=snmp|snmp-trap,NEWS=nntp,SSH=22,MSN_Yahoo_Chat=1863|5050|5190|5191|5192|5193,Morpheus=11523|1214,Games=5001|11999|26000|28800-29000|47624|2300-2400,AudioGalaxy=41000-41900,Nepster=4444|5555|6666|7777|8888|8875,GnuTella=6346|6347,Video-Conferencing=5100|1503|1490|6670|25793|22555|1720|2000|2001|2002|2003|7648|7649|7650|7651|7652|24032|9943|9945|56768,Streaming=554|1558|1755|7000|6970-7170|18888,Audio-Services=1731|3450|6112|6113|6114|6115|6116|6117|6118|6119|5000|5001|6498|6502|2327"

Now the thing is that ntop is monitoring all these and
showing results alos in the stats traffic part , but
when i use it with rrd to show the real time traffic
distribution for above protocol the rrd shows
incorrect results, 
   i have modified the rrd's protoUsage.pl, to include
all the above protocols in addition to the default
protocols whic hit shows , i am also attaching the my
modified proUsage.pl. 

 kindly some one please help me on this 


regards
Prashant




__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
#!/usr/bin/perl

#makes things work when run without install
use lib qw( ../perl-shared/blib/lib ../perl-shared/blib/arch );

#makes programm work AFTER install
use lib qw( /usr/local/rrdtool-1.0.28/lib/perl ../lib/perl );

use LWP::Simple; # Part of libwww (see http://www.cpan.org)
use lib qw (/usr/local/rrdtool-1.0.40/lib/perl);
use RRDs;
#############

$ntopHost  = "203.187.192.41"; # Host where ntop is running
$ntopPort  = 3000;        # Port where ntop is listening for HTTP connections
$if        = "NetFlow-device";     # Interface to monitor
$url       = 
"http://".$ntopHost.":".$ntopPort."/dumpTrafficData.html?language=perl&key=$if";;
$sleepTime = 10;
#############

$start     = time;
$name      = "protoUsage";
$rrd       = $name.".rrd";

#############

if(!(-e $rrd)) {
  RRDs::create ($rrd, "--start",$start-1, "--step",300,
                "DS:FTP:COUNTER:600:0:U",
                "DS:HTTP:COUNTER:600:0:U",
                "DS:DNS:COUNTER:600:0:U",
                "DS:Telnet:COUNTER:600:0:U",
                "DS:NBios-IP:COUNTER:600:0:U",
                "DS:Email:COUNTER:600:0:U",
                "DS:SNMP:COUNTER:600:0:U",
                "DS:NEWS:COUNTER:600:0:U";,
                "DS:SSH:COUNTER:600:0:U",
                "DS:MSN_Yahoo_Chat:COUNTER:600:0:U",
                "DS:Morpheus:COUNTER:600:0:U",
                "DS:Games:COUNTER:600:0:U",
                "DS:AudioGalaxy:COUNTER:600:0:U",
                "DS:Nepster:COUNTER:600:0:U",
                "DS:GnuTella:COUNTER:600:0:U",
                "DS:Video-Conferencing:COUNTER:600:0:U",
                "RRA:AVERAGE:0.5:1:600",
                "RRA:AVERAGE:0.5:6:700",
                "RRA:AVERAGE:0.5:24:775",
                "RRA:MAX:0.5:1:600",
                "RRA:MAX:0.5:6:700",
                "RRA:MAX:0.5:24:775"
                );
    
    $ERROR = RRDs::error;
    die "$0: unable to create `$rrd': $ERROR\n" if $ERROR;
}

while(1) {
    $content = get($url);

    if($content ne "") {
        eval($content);
        
        $a = 
$ntopHash{$if}{IP}{FTP}{local}+$ntopHash{$if}{IP}{FTP}{local2remote}+$ntopHash{$if}{IP}{FTP}{remote2local}+$ntopHash{$if}{IP}{FTP}{remote};
        $b = 
$ntopHash{$if}{IP}{HTTP}{local}+$ntopHash{$if}{IP}{HTTP}{local2remote}+$ntopHash{$if}{IP}{HTTP}{remote2local}+$ntopHash{$if}{IP}{HTTP}{remote};
        $c = 
$ntopHash{$if}{IP}{DNS}{local}+$ntopHash{$if}{IP}{DNS}{local2remote}+$ntopHash{$if}{IP}{DNS}{remote2local}+$ntopHash{$if}{IP}{DNS}{remote};
        $d = 
$ntopHash{$if}{IP}{Telnet}{local}+$ntopHash{$if}{IP}{Telnet}{local2remote}+$ntopHash{$if}{IP}{Telnet}{remote2local}+$ntopHash{$if}{IP}{Telnet}{remote};
        $e = 
$ntopHash{$if}{IP}{'NBios-IP'}{local}+$ntopHash{$if}{IP}{'NBios-IP'}{local2remote}+$ntopHash{$if}{IP}{'NBios-IP'}{remote2local}+$ntopHash{$if}{IP}{'NBios-IP'}{remote};
        $f = 
$ntopHash{$if}{IP}{Mail}{local}+$ntopHash{$if}{IP}{Mail}{local2remote}+$ntopHash{$if}{IP}{Mail}{remote2local}+$ntopHash{$if}{IP}{Mail}{remote};
        $g = 
$ntopHash{$if}{IP}{SNMP}{local}+$ntopHash{$if}{IP}{SNMP}{local2remote}+$ntopHash{$if}{IP}{SNMP}{remote2local}+$ntopHash{$if}{IP}{SNMP}{remote};
        $h = 
$ntopHash{$if}{IP}{NEWS}{local}+$ntopHash{$if}{IP}{NEWS}{local2remote}+$ntopHash{$if}{IP}{NEWS}{remote2local}+$ntopHash{$if}{IP}{NEWS}{remote};
        $i = 
$ntopHash{$if}{IP}{SSH}{local}+$ntopHash{$if}{IP}{SSH}{local2remote}+$ntopHash{$if}{IP}{SSH}{remote2local}+$ntopHash{$if}{IP}{SSH}{remote};
        $j = 
$ntopHash{$if}{IP}{MSN_Yahoo_Chat}{local}+$ntopHash{$if}{IP}{MSN_Yahoo_Chat}{local2remote}+$ntopHash{$if}{IP}{MSN_Yahoo_Chat}{remote2local}+$ntopHash{$if}{IP}{MSN_Yahoo_Chat}{remote};
        $k = 
$ntopHash{$if}{IP}{Morpheus}{local}+$ntopHash{$if}{IP}{Morpheus}{local2remote}+$ntopHash{$if}{IP}{Morpheus}{remote2local}+$ntopHash{$if}{IP}{Morpheus}{remote};
        $l = 
$ntopHash{$if}{IP}{Games}{local}+$ntopHash{$if}{IP}{Games}{local2remote}+$ntopHash{$if}{IP}{Games}{remote2local}+$ntopHash{$if}{IP}{Games}{remote};
        $m = 
$ntopHash{$if}{IP}{AudioGalaxy}{local}+$ntopHash{$if}{IP}{AudioGalaxy}{local2remote}+$ntopHash{$if}{IP}{AudioGalaxy}{remote2local}+$ntopHash{$if}{IP}{AudioGalaxy}{remote};
        $n = 
$ntopHash{$if}{IP}{Nepster}{local}+$ntopHash{$if}{IP}{Nepster}{local2remote}+$ntopHash{$if}{IP}{Nepster}{remote2local}+$ntopHash{$if}{IP}{Nepster}{remote};
        $o = 
$ntopHash{$if}{IP}{GnuTella}{local}+$ntopHash{$if}{IP}{GnuTella}{local2remote}+$ntopHash{$if}{IP}{GnuTella}{remote2local}+$ntopHash{$if}{IP}{GnuTella}{remote};
        $p = 
$ntopHash{$if}{IP}{Video-Conferencing}{local}+$ntopHash{$if}{IP}{Video-Conferencing}{local2remote}+$ntopHash{$if}{IP}{Video-Conferencing}{remote2local}+$ntopHash{$if}{IP}{Video-Conferencing}{remote};
$value = 
$start.":".$a.":".$b.":".$c.":".$d.":".$e.":".$f.":".$g.":".$h.":".$i.":".$j.":".$k.":".$l.":".$m.":".$n.":".$o.":".$p;

        print $value."\n";
      RRDs::update $rrd, $value;
        if ($ERROR = RRDs::error) {
            die "$0: unable to update `$rrd': $ERROR\n";
        }
    }
RRDs::graph "$name.png",
    "--title", "IP Traffic Statistics for ".$if, 
    "--start", "now-1h",
    "--end", "now",
    "--lower-limit=.1",
#    "--interlace", 
    "--imgformat","PNG",
    "--logarithmic",
    "--height=250",
    "--width=600",
    "--vertical-label","Throughtput (Bytes/sec)",
    "DEF:a=$rrd:FTP:AVERAGE",
    "DEF:b=$rrd:HTTP:AVERAGE",
    "DEF:c=$rrd:DNS:AVERAGE",
    "DEF:d=$rrd:Telnet:AVERAGE",
    "DEF:e=$rrd:NBios-IP:AVERAGE",
    "DEF:f=$rrd:Email:AVERAGE",
    "DEF:g=$rrd:SNMP:AVERAGE",
    "DEF:h=$rrd:NEWS:AVERAGE";,
    "DEF:i=$rrd:SSH:AVERAGE",
    "DEF:j=$rrd:MSN_Yahoo_Chat:AVERAGE",
    "DEF:k=$rrd:Morpheus:AVERAGE",
    "DEF:l=$rrd:Games:AVERAGE",
    "DEF:m=$rrd:AudioGalaxy:AVERAGE",
    "DEF:n=$rrd:Nepster:AVERAGE",
    "DEF:o=$rrd:GnuTella:AVERAGE",
    "DEF:p=$rrd:Video-Conferencing:AVERAGE",
    "AREA:a#99FF00: FTP     ",
    "GPRINT:a:LAST:Current \\: %8.2lf %s",
    "GPRINT:a:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:a:MIN:Min      \\: %8.2lf %s",
    "GPRINT:a:MAX:Max      \\: %8.2lf %s\\n",
    "AREA:b#99FF00: HTTP     ",
    "GPRINT:b:LAST:Current \\: %8.2lf %s",
    "GPRINT:b:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:b:MIN:Min      \\: %8.2lf %s",
    "GPRINT:b:MAX:Max      \\: %8.2lf %s\\n", 
    "AREA:c#99FF00: DNS     ",
    "GPRINT:c:LAST:Current \\: %8.2lf %s",
    "GPRINT:c:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:c:MIN:Min      \\: %8.2lf %s",
    "GPRINT:c:MAX:Max      \\: %8.2lf %s\\n",
    "AREA:d#990000: Telnet     ",
    "GPRINT:d:LAST:Current \\: %8.2lf %s",
    "GPRINT:d:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:d:MIN:Min      \\: %8.2lf %s",
    "GPRINT:d:MAX:Max      \\: %8.2lf %s\\n",
    "AREA:e#9900FF: NBios-IP     ",
    "GPRINT:e:LAST:Current \\: %8.2lf %s",
    "GPRINT:e:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:e:MIN:Min      \\: %8.2lf %s",
    "GPRINT:e:MAX:Max      \\: %8.2lf %s\\n",
    "AREA:f#FF66FF: Mail     ",
    "GPRINT:f:LAST:Current \\: %8.2lf %s",
    "GPRINT:f:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:f:MIN:Min      \\: %8.2lf %s",
    "GPRINT:f:MAX:Max      \\: %8.2lf %s\\n",
    "AREA:g#FF6633: SNMP     ",
    "GPRINT:g:LAST:Current \\: %8.2lf %s",
    "GPRINT:g:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:g:MIN:Min      \\: %8.2lf %s",
    "GPRINT:g:MAX:Max      \\: %8.2lf %s\\n",
    "AREA:h#66FFFF: NEWS     ",
    "GPRINT:h:LAST:Current \\: %8.2lf %s",
    "GPRINT:h:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:h:MIN:Min      \\: %8.2lf %s",
    "GPRINT:h:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:i#66FFFF: SSH    ",
    "GPRINT:i:LAST:Current \\: %8.2lf %s",
    "GPRINT:i:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:i:MIN:MinMSN      \\: %8.2lf %s",
    "GPRINT:i:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:j#333333: MSN_Yahoo_Chat     ",
    "GPRINT:j:LAST:Current \\: %8.2lf %s",
    "GPRINT:j:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:j:MIN:Min      \\: %8.2lf %s",
    "GPRINT:j:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:k#3300FF: Morpheus   ",
    "GPRINT:k:LAST:Current \\: %8.2lf %s",
    "GPRINT:k:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:k:MIN:Min      \\: %8.2lf %s",
    "GPRINT:k:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:l#FF6633: Games ",
    "GPRINT:l:LAST:Current \\: %8.2lf %s",
    "GPRINT:l:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:l:MIN:Min      \\: %8.2lf %s",
    "GPRINT:l:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:m#3300FF: AudioGalaxy    ",
    "GPRINT:m:LAST:Current \\: %8.2lf %s",
    "GPRINT:m:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:m:MIN:Min      \\: %8.2lf %s",
    "GPRINT:m:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:n#3300FF: Nepster    ",
    "GPRINT:n:LAST:Current \\: %8.2lf %s",
    "GPRINT:n:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:n:MIN:Min      \\: %8.2lf %s",
    "GPRINT:n:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:o#3300FF: GnuTella    ",
    "GPRINT:o:LAST:Current \\: %8.2lf %s",
    "GPRINT:o:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:o:MIN:Min      \\: %8.2lf %s",
    "GPRINT:o:MAX:Max      \\: %8.2lf %s\\n",
    "STACK:p#66FFFF: Video-Conferencing    ",
    "GPRINT:p:LAST:Current \\: %8.2lf %s",
    "GPRINT:p:AVERAGE:Avg  \\: %8.2lf %s",
    "GPRINT:p:MIN:Min      \\: %8.2lf %s",
    "GPRINT:p:MAX:Max      \\: %8.2lf %s\\n"
 ;

    if ($ERROR = RRDs::error) {
        print "ERROR: $ERROR\n";
    };

    sleep $sleepTime;
    $start  = time;
}

Reply via email to