I've gone through the tutorial and the mailing list archives and I believe that I have created the RRD and am graphing with the correct options. However, I'd like to have a confirmation of that from someone who is more adept with RRDTool that I am.
What I do: 1) Parse through syslog output looking for packets that were denied access by a filter. I add up the number of packets that were denied (both total and ICMP only) for a 5 minute period. 2) Update the RRD. What I am looking for: What I am trying to do is get a count of the number of packets that were denied access (both total and ICMP only) for a given period of time. Currently, I'm hard coding that to 5 minutes for development and until I understand RRDTool better. I created the RRD with the following command: rrdtool create acllog.rrd DS:pkts:ABSOLUTE:600:U:U DS:icmp:ABSOLUTE:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 My updates then take the form of: rrdtool update acllog.rrd 1010074250:105:99 Finally, I output the graphs with the following: rrdtool graph <filename>.png -s <modifier> DEF:pkts=acllog.rrd:pkts:AVERAGE CDEF:abstot=pkts,300,* CDEF:absicmp=icmp,300,* AREA:abstot#00FF00:"All Packets" LINE:absicmp#FF0000:"ICMP Packets\c" --vertical-label "Packet Count" Where filename will change based on the modifier and I use the following modifiers: -86400: daily graph -604800: weekly graph -2419200: monthly graph -29030400: yearly graph Based on what I've read (and what I've "borrowed" (<G>) from the Tutorial and the mailing list archives), I believe that the graphs will be based on the number of packets that arrived over a 5 minute period. Am I correct? TIA Mike -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/rrd-users WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
