~ubuntu-branches/ubuntu/dapper/flow-tools/dapper

« back to all changes in this revision

Viewing changes to bin/flow-rpt2rrd

Committer: Bazaar Package Importer
Author(s): Radu Spineanu
Date: 2005-06-02 20:12:57 UTC
mfrom: (1.1.1 upstream) (2.1.1 sarge)
Revision ID: james.westby@ubuntu.com-20050602201257-jv0qdk3hjhpdf04b

Tags: 1:0.68-2

http://bugs.debian.org/311568

Fixed a bashism in init script (closes: #311568)

files added:
bin

bin/Makefile.am

bin/Makefile.in

bin/flow-log2rrd

bin/flow-rpt2rrd

bin/flow-rptfmt

debian/patches

debian/patches/00list

debian/patches/01_gcc4_amd64

debian/patches/02_postgre

debian/patches/04_docbook

debian/patches/05_python

docs/flow-log2rrd.1.in

docs/flow-log2rrd.html.in

docs/flow-log2rrd.sgml

docs/flow-rpt2rrd.1.in

docs/flow-rpt2rrd.html.in

docs/flow-rpt2rrd.sgml

docs/flow-rptfmt.1.in

docs/flow-rptfmt.html.in

docs/flow-rptfmt.sgml

files modified:
ChangeLog

Makefile.am

Makefile.in

TODO

acconfig.h

aclocal.m4

configs/Makefile

configs/Makefile.in

configs/filter.cfg

configs/stat.cfg

configure

configure.in

debian/changelog

debian/control

debian/copyright

debian/flow-tools.flow-capture.init

debian/rules

docs/Makefile.am

docs/Makefile.in

docs/flow-capture.1.in

docs/flow-capture.html.in

docs/flow-capture.sgml

docs/flow-filter.1

docs/flow-filter.html

docs/flow-filter.sgml

docs/flow-mask.1.in

docs/flow-mask.html.in

docs/flow-mask.sgml

docs/flow-nfilter.1.in

docs/flow-nfilter.html.in

docs/flow-nfilter.sgml

docs/flow-print.1.in

docs/flow-print.html.in

docs/flow-print.sgml

docs/flow-receive.1.in

docs/flow-receive.html.in

docs/flow-receive.sgml

docs/flow-report.1.in

docs/flow-report.html.in

docs/flow-report.sgml

docs/flow-tag.1.in

docs/flow-tag.html.in

docs/flow-tag.sgml

docs/flow-xlate.1.in

docs/flow-xlate.html

docs/flow-xlate.html.in

docs/flow-xlate.sgml

lib/Makefile.in

lib/ftconfig.h.in

lib/ftdecode.c

lib/ftfil.c

lib/ftlib.h

lib/ftstat.c

lib/fttag.c

lib/ftvar.c

lib/ftxlate.c

src/Makefile.am

src/Makefile.in

src/flow-capture.c

src/flow-cat.c

src/flow-dscan.c

src/flow-export.c

src/flow-fanout.c

src/flow-filter.c

src/flow-nfilter.c

src/flow-receive.c

src/flow-report.c

src/flow-send.c

src/flow-stat.c

src/flow-tag.c

src/flow-xlate.c

src/ftbuild.h

Show diffs side-by-side

added added

removed removed

bin/flow-rpt2rrd

#!/usr/local/bin/python

import getopt

import os

import rrdtool

import sys

import string

# flow-rpt2rrd - convert flow-report output to rrd format

# TODO

# work with time-series flow-report output

# relax 5 minute sample requirement.

# load key file

def load_keyfile(fname):

keys = []

f = open(fname, "r")

line = f.readline().strip()

while line:

if line[0:1] == '#':

line = f.readline()

continue

keys.append(line)

line = f.readline().strip()

f.close()

return string.join(keys, ',')

# Class: ftsym

# load a symbol table from a file in value symbol format, provide

# access methods findbyname and findbyval

class ftsym:

# load symbols

def __init__(self,field):

self.sv = {}

self.vs = {}

__symbol_lookup = { 'ip-source-port' : 'tcp-port.sym',

'ip-destination-port' : 'tcp-port.sym',

'ip-protocol' : 'ip-prot.sym',

'source-as' : 'asn.sym',

'destination-as' : 'asn.sym',

'source-tag' : 'tag.sym',

'destination-tag' : 'tag.sym',

'ip-address-type' : 'ip-type.sym',

}

fname = "/usr/local/netflow/var/sym/%s" % __symbol_lookup[field]

f = open(fname, "r")

line = f.readline().strip()

while line:

(v,s) = line.split();

self.vs[v] = s

self.sv[s] = v

line = f.readline().strip()

f.close()

# access by name, return value. If the name does not exist return the name.

def findbyname(self, name):

return self.sv.get(name,name)

# access by value, return name. If the value does not exist return the value.

def findbyval(self, val):

return self.vs.get(val,val)

# Class: ftrpt2rrd

# Read in output of flow-report, make suitable for rrd

# pickfields - pick flows,octets,packets for inclusion into new rrd

# pickkeys - pick keys for inclusion into new rrds.

# mapsym() - replace key values with symbols

# setrrd() - set rrd params

# convert(stream) - convert to rrd format

class ftrpt2rrd:

def __init__(self):

# not in data area

self.debug = 0

self.verbose = 0

self.in_data = 0

self.use_key_names = {}

self.use_key_names_special = {}

100

self.use_key_names_total = 0

101

self.use_fields = {'flows' : 1, 'octets' : 1, 'packets' : 1}

102

self.mapsym = 0

103

self.rrd_5min = 0

104

self.rrd_30min = 0

105

self.rrd_2hr = 0

106

self.rrd_1day = 0

107

self.rrd_path = '.'

108

self.rrd_postfix = ''

109

self.field_names = {}

110

self.field_names2 = {}

111

self.field_total = 0

112

self.field_keys = {}

113

self.field_vals = {}

114

self.start_time = 0

115

self.sym = {}

116

self.records_processed = 0

117

118

def set_use_fields(self,f):

119

self.use_fields = {}

120

for i in string.split(f, ','):

121

self.use_fields[i] = 1

122

123

def set_use_key_names(self,f):

124

self.use_key_names = {}

125

self.use_key_names_special = {}

126

for i in string.split(f, ','):

127

if i[:6] == 'total_':

128

self.use_key_names_special[i] = 1

129

else:

130

self.use_key_names[i] = 1

131

self.use_key_names_total += 1

132

133

def set_mapsym(self):

134

self.mapsym = 1

135

136

def set_debug(self, debug):

137

self.debug = debug

138

139

def set_verbose(self, verbose):

140

self.verbose = verbose

141

142

def setrrd(self, storage, path, postfix):

143

(self.rrd_5min, self.rrd_30min, self.rrd_2hr, self.rrd_1day) = \

144

string.split(storage,':')

145

self.rrd_path = path

146

self.rrd_postfix = postfix

147

148

def update_rrd(self, key, vals, use_fields_index):

149

150

# / in the key maps to - for files

151

key = key.replace('/','-')

152

153

# open an rrd, it it doesn't exist create it.

154

rrdFile = "%s/%s%s.rrd" % (self.rrd_path, key, self.rrd_postfix)

155

156

# exists?

157

if not os.access(rrdFile, os.F_OK):

158

159

print "Creating RRD", rrdFile

160

161

rrdParams = []

162

t = str(int(self.start_time) - 300)

163

rrdParams.append('--start')

164

rrdParams.append(t)

165

for i in use_fields_index.keys():

166

rrdParams.append("DS:%s:ABSOLUTE:600:U:U" % use_fields_index[i])

167

if (self.rrd_5min):

168

rrdParams.append('RRA:AVERAGE:0.5:1:%s' % self.rrd_5min)

169

rrdParams.append('RRA:MAX:0.5:1:%s' % self.rrd_5min)

170

if (self.rrd_30min):

171

rrdParams.append('RRA:AVERAGE:0.5:6:%s' % self.rrd_30min)

172

rrdParams.append('RRA:MAX:0.5:6:%s' % self.rrd_30min)

173

if (self.rrd_2hr):

174

rrdParams.append('RRA:AVERAGE:0.5:24:%s' % self.rrd_2hr)

175

rrdParams.append('RRA:MAX:0.5:24:%s' % self.rrd_2hr)

176

if (self.rrd_1day):

177

rrdParams.append('RRA:AVERAGE:0.5:288:%s' % self.rrd_1day)

178

rrdParams.append('RRA:MAX:0.5:288:%s' % self.rrd_1day)

179

180

rrdtool.create(rrdFile, *rrdParams)

181

if self.debug:

182

print >>sys.stderr, string.join(rrdParams,' ')

183

184

# foreach value

185

186

update = self.start_time

187

for i in use_fields_index.keys():

188

update = "%s:%s" % (update,vals[i])

189

if self.debug:

190

print >>sys.stderr, "update", update

191

192

if (self.verbose):

193

print "Updating RRD", rrdFile

194

195

rrdtool.update(rrdFile,update)

196

197

198

199

200

def convert(self, f):

201

202

# first line

203

line = f.readline().strip()

204

205

while line:

206

207

# report data starts after recn comment

208

if (not self.in_data) :

209

210

if line[:13] == '# first-flow:':

211

self.start_time = (string.split(line[14:]))[0]

212

213

# handle the totals record differently

214

if line[:53] == '# rec1: records,ignores,flows,octets,packets,duration':

215

tmp = string.split(line[8:], ',')

216

line = f.readline().strip()

217

tmp_use_fields_index = {}

218

tmp_splt = string.split(line, ',')

219

x = 0

220

ds = 0

221

for i in tmp:

222

if self.use_key_names_special.get("total_%s" % i,0):

223

tmp_use_fields_index[x] = i

224

ds = ds + 1

225

x = x + 1

226

if ds:

227

self.update_rrd('totals', tmp_splt, tmp_use_fields_index)

228

del tmp_splt, tmp_use_fields_index, i, x, ds

229

continue

230

231

if line[:6] == '# recn':

232

self.in_data = 1

233

234

# foreach element in field names

235

for i in string.split(line[8:],','):

236

237

# remove key designators

238

if i[-1:] == '*':

239

i = i[:-1]

240

self.field_keys[self.field_total] = 1

241

else:

242

self.field_vals[self.field_total] = 1

243

244

# store the field names

245

self.field_names[self.field_total] = i

246

self.field_names2[i] = self.field_total

247

248

self.field_total += 1

249

250

# start time must be set by now

251

if (self.start_time == 0):

252

raise ValueError, "Start time not found, make sure flow-report is including the header"

253

254

# load symbol tables

255

if self.mapsym == 1:

256

for i in self.field_keys.keys():

257

self.sym[i] = ftsym(self.field_names[i])

258

259

# convert use_fields to use_fields_index for easier access

260

self.use_fields_index = {}

261

for i in self.use_fields.keys():

262

if self.use_fields[i] and self.field_names2.get(i,'x') != 'x':

263

self.use_fields_index[self.field_names2[i]] = i

264

265

else :

266

267

# if in the data area and not a comment, store it

268

if self.in_data and line [:1] != '#':

269

270

splt = string.split(line, ',')

271

272

# combine the key fields to form one key

273

k = ''

274

for i in self.field_keys.keys():

275

# try a symbol table lookup

276

if self.mapsym == 1:

277

t = self.sym[i].findbyval(splt[i])

278

else:

279

t = splt[i]

280

k = "%s-%s" % (k, t)

281

282

# done if all entries in key_names list have been stored.

283

if self.use_key_names_total:

284

if self.records_processed == self.use_key_names_total:

285

break

286

287

# if set, only allow specified keys

288

if self.use_key_names.get(k[1:],0) == 0:

289

line = f.readline().strip()

290

continue

291

292

# mark this key as processed

293

self.use_key_names[k[1:]] |= 2

294

295

self.records_processed += 1

296

297

self.update_rrd(k[1:], splt, self.use_fields_index)

298

299

# next line

300

line = f.readline().strip()

301

302

# keys which were not available in the report also need to be

303

# updated with 0 values.

304

for i in xrange(len(splt)):

305

splt[i] = 0

306

for x in self.use_key_names.keys():

307

if not (self.use_key_names[x] & 2):

308

self.update_rrd(x, splt, self.use_fields_index)

309

310

311

# main

312

313

314

(opts,rags) = getopt.getopt(sys.argv[1:], "dhk:K:f:np:P:r:v")

315

316

# mrtg defaults

317

opt_rrd_storage = "600:600:600:732"

318

opt_keys = ''

319

opt_fields = 'flows,octets,packets'

320

opt_names = 0

321

opt_rrd_path = './'

322

opt_keyfile = ''

323

opt_debug = 0

324

opt_rrd_postfix = ''

325

opt_verbose = 0

326

327

for o,v in opts:

328

329

if o == '-d':

330

opt_debug = 1

331

elif o == '-k':

332

opt_keys = v

333

elif o == '-K':

334

opt_keys = load_keyfile(v)

335

elif o == '-f':

336

opt_fields = v

337

elif o == '-n':

338

opt_names = 1

339

elif o == '-p':

340

opt_rrd_path = v

341

elif o == '-P':

342

opt_rrd_postfix = v

343

elif o == '-r':

344

opt_rrd_storage = v

345

elif o == '-v':

346

opt_verbose = 1

347

elif o == '-h':

348

print "Usage: flow-rpt2rrd [-nv] [-k keys] [-K keyfile] [-f fields]"

349

print " [-p rrd_path] [-P fname_postfix]"

350

print " [-r rrd_storage 5_min:30_min:2_hr:1_day ]"

351

sys.exit(0)

352

353

if opt_keys == '':

354

print >>sys.stderr, "Keys must be defined with -k or -K."

355

sys.exit(1)

356

357

ftrrd = ftrpt2rrd()

358

if (opt_names == 1):

359

ftrrd.set_mapsym()

360

ftrrd.setrrd(opt_rrd_storage, opt_rrd_path, opt_rrd_postfix)

361

ftrrd.set_use_key_names(opt_keys)

362

ftrrd.set_use_fields(opt_fields)

363

ftrrd.set_debug(opt_debug)

364

ftrrd.set_verbose(opt_verbose)

365

ftrrd.convert(sys.stdin)

366

Older »