You should be able to do what you need with the rrdplugin.
First off configuring hostDump is critical because otherwise nothing gets
stored.
Go out and look in one of the rrd directories and you'll see the list of
generic ports dumped:
$ ls
arp_rarpRcvd.rrd ipBytesSent.rrd IP_NBios-IPSentBytes.rrd
arp_rarpSent.rrd IP_DHCP-BOOTPRcvdBytes.rrd IP_NNTPRcvdBytes.rrd
arpReplyPktsRcvd.rrd IP_DHCP-BOOTPSentBytes.rrd IP_NNTPSentBytes.rrd
arpReplyPktsSent.rrd IP_DNSRcvdBytes.rrd IP_SSHRcvdBytes.rrd
arpReqPktsSent.rrd IP_DNSSentBytes.rrd IP_SSHSentBytes.rrd
bytesBroadcastSent.rrd IP_FTPRcvdBytes.rrd pktBroadcastSent.rrd
bytesMulticastSent.rrd IP_FTPSentBytes.rrd pktMulticastSent.rrd
bytesRcvdFromRem.rrd IP_HTTPRcvdBytes.rrd pktRcvd.rrd
bytesRcvd.rrd IP_HTTPSentBytes.rrd pktSent.rrd
bytesSentLoc.rrd IP_KazaaRcvdBytes.rrd tcpRcvdFromRem.rrd
bytesSentRem.rrd IP_KazaaSentBytes.rrd tcpSentRem.rrd
bytesSent.rrd IP_MailRcvdBytes.rrd
totContactedRcvdPeers.rrd
icmpRcvd.rrd IP_MailSentBytes.rrd
totContactedSentPeers.rrd
icmpSent.rrd IP_MessengerRcvdBytes.rrd udpRcvdFromRem.rrd
IGMPSent.rrd IP_MessengerSentBytes.rrd udpSentLoc.rrd
ipBytesRcvd.rrd IP_NBios-IPRcvdBytes.rrd udpSentRem.rrd
See those IP_ entries? They come from this logic:
protoList = myGlobals.ipProtosList, idx=0;
while(protoList != NULL) {
char buf[64];
if(snprintf(buf, sizeof(buf), "%sSent",
protoList->protocolName) < 0) BufferTooShort();
updateTrafficCounter(rrdPath, buf,
&el->ipProtosList[idx].sent);
if(snprintf(buf, sizeof(buf), "%sRcvd",
protoList->protocolName) < 0) BufferTooShort();
updateTrafficCounter(rrdPath, buf,
&el->ipProtosList[idx].rcvd);
idx++, protoList = protoList->next;
}
in plugins/rrdPlugin.c, whereby each protocol in the -p list gets its own
.rrd - for those ports you need, you'll just have to have -p entries.
Then you can use the rrdtools (you'll need to grab a full copy - the myrrd
stuff doesn't include rrdtools) and with the extract command you can create
.xml formatted files from the .rrds.
Some of this is discussed in the rrdandntop.pdf paper @ SourceForge.
-----Burton
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of COMAT
> Marco Pozzi
> Sent: Monday, March 29, 2004 11:59 AM
> To: [EMAIL PROTECTED]
> Subject: R: [Ntop] xmldump disabled on Fedora
>
>
> Thanks for your reply, Burton.
>
> Since I think that xmldump does not solve my problem, is it
> possible to run time-range queries over rrd?
>
> For example:
> - total sent traffic on host xxx and tcp port yyy during last 24 hours
> - total received traffic on host xxx and tcp port yyy during last week
> - total (sent and received) traffic on host xxx and tcp port yyy
> during last month
>
> Please note that including tcp port in the query is very
> important for my purpose.
>
> I've tried to configure rrd plugin with Host option enabled (on
> Data to Dump section). Is this a good start?
>
> Thanks,
>
> Marco
>
> -----Messaggio originale-----
> Da: Burton M. Strauss III [mailto:[EMAIL PROTECTED]
> Inviato: domenica 28 marzo 2004 15.14
> A: [EMAIL PROTECTED]
> Oggetto: RE: [Ntop] xmldump disabled on Fedora
>
>
> The xmldump plugin is a shell, designed for extension in the
> future. All it
> dumps now is the configuration and some header information.
>
> [...]
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of COMAT
> > Marco Pozzi
> > Sent: Sunday, March 28, 2004 7:54 AM
> > To: [EMAIL PROTECTED]
> > Subject: [Ntop] xmldump disabled on Fedora
> >
> > In case this is not possbile with xmldump, what do you suggest to
> > export data relative to a specific time interval?
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
