Wow, many thanks for this fast and in detail answer !!
You're right IMHO It should be possible with all available informations create the 95% table and Cacti graph out of the pmacct data.
I'll see what I can do ;-)
I think, at first I will use RTG (http://rtg.sourceforge.net/) for 95% and pmacct out of the box.
After a little experience I'll try your "recipe" and give my feedback, If I'm succesfull.
Cheers
Christian
On 11/21/05, Paolo Lucente <[EMAIL PROTECTED]> wrote:
Hello Christian,
first of all, thank you for giving a try to pmacct. Secondly, pmacct does
not do any 95th percentile itself but, as the ChangeLog mentions, it eases
its computation. The ChangeLog speaks about the 'sql_history' directive
and applies to the SQL plugins. So, let's start with this example but try
to mantain your patience until the end of this (rather long) email.
By launching any pmacct daemon with the following configuration fragment:
===
...
plugins: pgsql[in], pgsql[out]
sql_table[in]: acct_in
sql_table[out]: acct_out
aggregate[in]: dst_host
aggregate[out]: src_host
sql_history: 1h
sql_history_roundoff: h
...
===
Please note, strings in the [] are names of fired plugin instances; directives
with [] apply just to that specific plugin instance; directives without any []
are global and thus apply to all active plugins. By querying the 'acct_in'
table, you will have an output like the following:
pmacct=> SELECT * FROM acct_in WHERE ip_dst = '150.145.84.133' LIMIT 20;
ip_dst | packets | bytes | stamp_inserted | stamp_updated
----------------+---------+---------+---------------------+---------------------
150.145.84.133 | 87 | 10047 | 2005-10-17 21:00:00 | 2005-10-17 21:55:01
150.145.84.133 | 7 | 2593 | 2005-10-17 22:00:00 | 2005-10-17 22:55:05
150.145.84.133 | 15 | 4136 | 2005-10-17 23:00:00 | 2005-10-17 23:59:02
150.145.84.133 | 7 | 2535 | 2005-10-18 00:00:00 | 2005-10-18 00:55:02
150.145.84.133 | 10 | 2418 | 2005-10-18 01:00:00 | 2005-10-18 01:55:02
150.145.84.133 | 5 | 1908 | 2005-10-18 02:00:00 | 2005-10-18 02:55:01
150.145.84.133 | 9 | 3024 | 2005-10-18 03:00:00 | 2005-10-18 03:55:02
150.145.84.133 | 11 | 2896 | 2005-10-18 04:00:00 | 2005-10-18 04:59:01
150.145.84.133 | 5 | 1544 | 2005-10-18 05:00:00 | 2005-10-18 05:55:02
150.145.84.133 | 8 | 2574 | 2005-10-18 06:00:00 | 2005-10-18 06:56:02
150.145.84.133 | 5 | 1544 | 2005-10-18 07:00:00 | 2005-10-18 07:55:01
150.145.84.133 | 8 | 2642 | 2005-10-18 08:00:00 | 2005-10-18 08:55:01
150.145.84.133 | 468 | 61708 | 2005-10-18 09:00:00 | 2005-10-18 09:55:01
150.145.84.133 | 9 | 3210 | 2005-10-18 10:00:00 | 2005-10-18 10:55:01
150.145.84.133 | 6755 | 5330924 | 2005-10-18 11:00:00 | 2005-10-18 11:59:01
150.145.84.133 | 8202 | 5914022 | 2005-10-18 12:00:00 | 2005-10-18 12:58:01
150.145.84.133 | 7236 | 5892547 | 2005-10-18 13:00:00 | 2005-10-18 14:00:01
150.145.84.133 | 10576 | 9245806 | 2005-10-18 14:00:00 | 2005-10-18 14:58:01
150.145.84.133 | 5346 | 3757562 | 2005-10-18 15:00:00 | 2005-10-18 15:59:01
150.145.84.133 | 8112 | 6728615 | 2005-10-18 16:00:00 | 2005-10-18 17:00:01
Intuitively, by replacing the 'sql_history: 1h' to 'sql_history: 5m' will give you
a 5 minutes traffic breakdown instead. Having your DB populated with such values,
you can easily adapt any existing script for MRTG/RRDtool: instead of reading the
MRTG logfile line-by-line, it will need to spawn a SELECT query. At this propo,
i've found this page: http://www.seanadams.com/95/ .
The second chance is using the memory plugin. It does not offer any support for
timestamps. You can hook it in Cacti replacing SNMP (there is a page about this
- from Pedro Sanchez - linked on the pmacct homepage). Another way is to build
a MRTG-like logfile by polling the table each few minutes and extracting the
byte counter. Let's give an example: imagine you launch any pmacct daemon with
the following configuration fragment:
===
...
plugins: memory[in], memory[out]
imt_path[in]: /tmp/acct_in.pipe
imt_path[out]: /tmp/acct_out.pipe
aggregate[in]: dst_host
aggregate[out]: src_host
...
===
Now, imagine to write a script and that you invoke it:
shell> extract-data.sh 192.168.0.1
The script code could resemble the following:
===
<take actual time in seconds since the epoch>
COUNTER_IN=`pmacct -c dst_host -N $1 -n bytes -p /tmp/acct_in.pipe -r`
COUNTER_OUT=`pmacct -c src_host -N $1 -n bytes -p /tmp/acct_out.pipe -r`
...
===
Having the logfile in your hands, you will be able to use any 95th percentile
script over your counters by parsing the file line-by-line.
Cheers,
Paolo
_______________________________________________
pmacct-discussion mailing list
[EMAIL PROTECTED]
http://muffin.area.ba.cnr.it/mailman/listinfo/pmacct-discussion
