martybugs.net Linux Info
 navigation
. MartyBugs home
. linux info home
 
 software info
. installing RRDTool
 
 system health
. HDD Temp Monitoring
. Imaging a PC
 
 network traffic
. Traffic Monitoring with RRDTool
. Bandwidth Monitoring with ipac-ng
. WAIX IP Accounting
 
 wireless info
. Wireless Info
. Link Monitoring with RRDTool
 
 router config
. Linux Wireless Router
. Smoothwall Info
. Multiple AS with Quagga
 
 site search
Custom Search
 
Network Traffic Monitoring with RRDTool

This page details the use of RRDTool for monitoring the network traffic through one or more network interfaces.

Contents:   Background | Screen Shots | Requirements | Creating a Database | Getting Data | Automating | Viewing | What's Next? | References

Background

See my Installing RRDTool page for detailed info on installing and configuring RRDTool.

Note that this page assumes all directories and installation locations are as per the page mentioned above.
If your configuration is different, you may need to adjust some parts of the installation instructions appropriately.

Screen Shots
Here's a screen shot of the graphs page. This page displays daily, weekly, monthly and yearly trends for the traffic through the specified network interface.


the graphs page, showing daily, weekly, monthly, yearly graphs


Requirements
You'll need:
  • a Linux box
  • a web server running on the Linux box
  • a working installation of RRDTool
  • my eth0.pl script for data collection and graph generation
  • my eth0.cgi webpage for viewing the graphs
  • an SCP client (such as WinSCP, or SSH Secure File Transfer Client, part of SSH Secure Shell) for copying files onto your linux box.
  • a way of getting a command-line prompt on your linux box (either by logging directly onto your linux box, using a SSH client such as PuTTY or SSH Secure Shell).
Note that I'm using a custom installation of Red Hat 7.3 linux.
If your configuration is different, you may need to adjust some parts of the script appropriately.

Creating a Database
I'm using a separate RRD database to hold the traffic details for each network interface. Run the command below for each interface for which you want to monitor network traffic, adjusting the filename appropriately. 

rrdtool create /var/lib/rrd/eth0.rrd -s 300	\
         DS:in:DERIVE:600:0:1500000		\
         DS:out:DERIVE:600:0:1500000		\
         RRA:AVERAGE:0.5:1:576		\
         RRA:AVERAGE:0.5:6:672    		\
         RRA:AVERAGE:0.5:24:732   		\
         RRA:AVERAGE:0.5:144:1460

This will create an RRD database with the following attributes:
  • 5 minute step (base interval with which data will be fed into the RRD)
  • 2 data sources (in, and out)
  • 10 minute heartbeat for each data source
  • 2 days of 5 minute averages
  • 2 weeks of 1/2 hour averages
  • 2 months of 2 hour averages
  • 2 years of 12 hour averages

    Refer to the rrdcreate manpage for more information on these options.

    Getting Data
    The next task is to determine how to obtain the data we want to insert into the RRD database.
    Some shell scripting can easily be used to obtain the items of information required. The statements below will return the bytes in and out respectively for the specified interface (eth0): 

    ifconfig eth0 |grep bytes|cut -d":" -f2|cut -d" " -f1
ifconfig eth0 |grep bytes|cut -d":" -f3|cut -d" " -f1

    Run these from a command prompt to verify they return some rather large numbers.
    Note that these numbers are the cumulative total throughput of the interface. These totals will wrap around, and start again at zero, but RRDTool only looks at the difference in the value since the last time an update was performed.

    According to the RRDTool documentation, you're supposed to use COUNTER for these types of data, but I've found RRDTool generates large spikes in the trends if the traffic counters are unexpectedly reset (ie, when you reboot your linux box).
    Using DERIVE doesn't assume an overflow if the counter value has decreased, eliminating the spikes. However, it can mean you'll get a value of zero (which is perferable to a large spike, as the spike tends to upset the scale of the graphs).

    Automating Data Collection
    To automate data collection, I wrote a Perl script which performs the following tasks:

  • retrieve data
  • push data into the RRD database
  • generate daily, weekly, monthly and yearly graphs

    You can download a copy of my eth0.pl script.

    Rename it to eth0.pl, and save it in /etc/rrd/.
    Make it executable by changing the file permissions on it: 

    chmod 755 /etc/rrd/eth0.pl

    and adjust the settings defined at the top of the script to make them appropriate for your linux box, including the interface name, and the interface description: 

    # define location of rrdtool binary
my $rrdtool = '/usr/bin/rrdtool';
# define location of rrdtool databases
my $rrd = '/var/lib/rrd';
# define location of images
my $img = '/var/www/html/rrdtool';

# define the network interface
my $iface = 'eth0';
# define a description for the interface
my $descr = 'local ethernet';

    Test the script by executing it from a command prompt: 

    /etc/rrd/eth0.pl

    and you should see output similar to this: 

    [root rrd]# /etc/rrd/eth0.pl
eth0 traffic in, out: 2472152778, 477181472

    Once you've verified the operation of the script, it can be automatically scheduled to run periodically. To get it to run every 5 minutes, add the following to /etc/crontab: 

    # get eth0 traffic details
*/5 * * * * root /etc/rrd/eth0.pl > /dev/null

    Note that if you find your graphs are being created, but with no data, you'll have to either:
  • edit /etc/rrd/eth0.pl to reference the full pathname for ifconfig, cut and grep,
    or
  • edit the PATH definition in /etc/crontab to include the paths of those commands.

    Viewing the Graphs
    Each time the script is executed, if required, it'll update the graphs of SNR, signal, noise and the link rate.

    These graphs are being created in /var/www/html/rrdtool/, and assuming you've got a webserver running, they'll be accessible via http://your_ip/rrdtool/.

    To provide a much cleaner way to view these graphs, I've written a single webpage for displaying all the trends.

    You can download a copy of my eth0.cgi webpage.

    Rename it to eth0.cgi, and save it in /var/www/html/rrdtool/.
    Make it executable by changing the file permissions on it: 

    chmod 755 /var/www/html/rrdtool/eth0.cgi

    and adjust the settings defined at the top of the script to make them appropriate for your linux box, in particular, the interface name: 

    # define the network interface
my $iface = 'eth0';
# define the network inteface description
my $descr = 'local ethernet';

# get the server name (or you could hard code some description here)
my $svrname = $ENV{'SERVER_NAME'};

    Note that I'm assuming you've got your web server appropriately configured to handle .cgi scripts. if not, refer to the inline documentation in your httpd.conf or the Apache documentation for more information.

    You should now be able to point your web browser at http://your_ip/rrdtool/eth0.cgi and you should be rewarded with a page displaying the traffic graphs for the specified interface.

    What's Next?
    You can easily extend the code shown above to monitor traffic on additional interfaces.

    It's just a matter of creating an RRD database for each additional interface, copy the eth0.pl script, ajust the interface name and description, schedule it, and copy and edit the webpage to view the graphs.

    References
    Installing RRDTool
    Wireless Link Monitoring with RRDTool
    About RRD Tool
    RRD Tool Manual


    last updated 27 Dec 2003
    		•   
    .