Hi Ben, so, "port" refers to TCP/UDP port. Ok. About the tutorial per-se, graphing port data rather than network data requires a) intercepting occurrences of src|dst_net in the document and b) replacing them with src|dst_port. Now, if you need just a per-port breakdown it's feaasible: generating 65k graphs should be not that problem. If you need per-port, per-host/network breakdown, then you hit a barrier.
However, my (personal) opinion is that considering ports either singularly or in chunks gives poor feedback. For example, if the goal of the solution is to know about top-used services, going this way you will be able to hit smtp, pop3, imap, web and dns and few others at the best. The pro is that, for example, you get quick hints for writing filter rules in order to stop the unknown talker; the cost of is getting loads of null graphs. An intermediate solution could be classificators: you get no reference to ports but to top-used services. This returns you an effective and scalable solution (tailored to pmacctd); there are some cons: a) the solution maybe need to be engineered carefully in order to be applicable to very large networks (which i don't know if it's your case); b) classifiers are not precise at 100% in the sense that a portion of traffic remains "unknown"; c) to get the real TCP/UDP port involved in a talk you need an auxiliar "lookup" backend, ie. nothing dramatic: a memory table to generate the loved graphs, and a pair of SQL tables to keep 2-days history of traffic details. Just a concluding note about MySQL, Cacti and pmacct. Cacti and pmacct both are able to use MySQL but each for they very own purposes. The way they have to communicate is still a commandline tool executed by Cacti. Then, because Cacti stores historical data in RRD files, the optimized way is not to make pmacct to store the same data on the disk twice (ie. SQL). However if this is required, it's pretty easy to integrate with Cacti: mind that to get counters, Cacti just requires a tool writing commandline the result (ie. the counter); and this is pretty easy to achieve with mysql, psql, sqlite commandline clients. Sorry for the rather long reply. Hoping it helps. Cheers, Paolo
