1. No category

(RRD) II. How does RRDtool work?

MRTG and RRDTool
What they are, how they work
Giovanni Albani, Julien Fournel, November 15, 2005
I. Overview of RRDtool
I. Overview of RRDtool
Round-Robin Database Tool
I. Overview of RRDtool
Round-Robin Database Tool
stores and displays data
I. Overview of RRDtool
Round-Robin Database Tool
stores and displays data
such as
• network bandwidth
• machine-room temperature
• server load average
I. Overview of RRDtool
Round-Robin Database Tool
stores and displays data
such as
• network bandwidth
• machine-room temperature
• server load average
allows analyzing the data
II. How does RRDtool work?
II. How does RRDtool work?
1. Data acquisition
II. How does RRDtool work?
1. Data acquisition
Fetches data at a constant time interval
II. How does RRDtool work?
1. Data acquisition
Fetches data at a constant time interval
Stores the new value in a Round-Robin
Database (RRD)
II. How does RRDtool work?
1. Data acquisition
2. Consolidation
II. How does RRDtool work?
1. Data acquisition
2. Consolidation
Define consolidation interval and
consolidation function (average,
minimum, maximum, total, last)
II. How does RRDtool work?
3. Round Robin Archives
II. How does RRDtool work?
3. Round Robin Archives
Stores data values of the same
consolidation in a RRA
II. How does RRDtool work?
3. Round Robin Archives
Stores data values of the same
consolidation in a RRA
Advantages : for an amount of time, a
constant amount of disk space
II. How does RRDtool work?
1,000 values in 5 minute interval RRA
Header
Data
New values are written to the RRA in
round robin manner
II. How does RRDtool work?
3. Round Robin Archives
Can define several RRA within a single
RRD
II. How does RRDtool work?
3. Round Robin Archives
Can define several RRA within a single
RRD
RRD does not grow over time
II. How does RRDtool work?
3. Round Robin Archives
Can define several RRA within a single
RRD
RRD does not grow over time
Old data are automatically eliminated
II. How does RRDtool work?
3. Round Robin Archives
Can define several RRA within a single
RRD
RRD does not grow over time
Old data are automatically eliminated
With consolidation, you can register :
• The maximum one minute traffic on
the LAN
• The total minutes of down times
• etc…
II. How does RRDtool work?
4. UNKNOWN value
II. How does RRDtool work?
4. UNKNOWN value
If no new data available, RRDTool
stores a UNKNOWN value into the
database
II. How does RRDtool work?
4. UNKNOWN value
If no new data available, RRDTool
stores a UNKNOWN value into the
database
All the functions of RRDTool supports
the value UNKNOWN
II. How does RRDtool work?
4. UNKNOWN value
If no new data available, RRDTool
stores a UNKNOWN value into the
database
All the functions of RRDTool supports
the value UNKNOWN
Consolidation check
II. How does RRDtool work?
5. Remote control
II. How does RRDtool work?
5. Remote control
For using RRDTool from MRTG
III. Useful function of RRDTool
III. Useful function of RRDTool
Create: Set up a new Round Robin
Database (RRD)
III. Useful function of RRDTool
Create: Set up a new Round Robin
Database (RRD)
Update: Store new data values into an
RRD.
III. Useful function of RRDTool
Create: Set up a new Round Robin
Database (RRD)
Update: Store new data values into an
RRD.
Graph: Create a graph from data stored
in one or several RRDs. Apart from
generating graphs, data can also be
extracted to stdout.
III. Useful function of RRDTool
Create: Set up a new Round Robin
Database (RRD)
Update: Store new data values into an
RRD.
Graph: Create a graph from data stored
in one or several RRDs. Apart from
generating graphs, data can also be
extracted to stdout.
Fetch: Get data for a certain time period
from a RRD. The graph function uses
fetch to retrieve its data from an
RRD.
I. Overview of the MRTG
I. Overview of the MRTG
Multi Router Traffic Grapher
I. Overview of the MRTG
Multi Router Traffic Grapher
GNU General Public License
I. Overview of the MRTG
Multi Router Traffic Grapher
GNU General Public License
Tobias Oetiker, Dave Rand
I. Overview of the MRTG
Multi Router Traffic Grapher
GNU General Public License
Tobias Oetiker, Dave Rand
produces Web pages
I. Overview of the MRTG
Multi Router Traffic Grapher
GNU General Public License
Tobias Oetiker, Dave Rand
produces Web pages
daily, weekly, monthly, yearly scales
I. Overview of the MRTG
Multi Router Traffic Grapher
GNU General Public License
Tobias Oetiker, Dave Rand
produces Web pages
daily, weekly, monthly, yearly scales
allows diagnosing network problems
I. Overview of the MRTG
II. How does MRTG work?
II. How does MRTG work?
Obtain data from the routers, switches...
II. How does MRTG work?
Obtain data from the routers, switches...
SNMP v1, SNMP v2
II. How does MRTG work?
Obtain data from the routers, switches...
SNMP v1, SNMP v2
sends SNMP requests every 5 minutes
II. How does MRTG work?
Obtain data from the routers, switches...
SNMP v1, SNMP v2
sends SNMP requests every 5 minutes
Round Robin Database
II. How does MRTG work?
Obtain data from the routers, switches...
SNMP v1, SNMP v2
sends SNMP requests every 5 minutes
Round Robin Database
.PNG (Portable Network Graphics)
II. How does MRTG work?
III. What can MRTG be used for?
III. What can MRTG be used for?
View the traffic patterns
III. What can MRTG be used for?
View the traffic patterns
View the history
III. What can MRTG be used for?
View the traffic patterns
View the history
100Mb/s link, 85Mb/s traffic
III. What can MRTG be used for?
View the traffic patterns
View the history
100Mb/s link, 85Mb/s traffic
Detect attacks
III. What can MRTG be used for?
View the traffic patterns
View the history
100Mb/s link, 85Mb/s traffic
Detect attacks
Study trends in the traffic
III. What can MRTG be used for?
View the traffic patterns
View the history
100Mb/s link, 85Mb/s traffic
Detect attacks
Study trends in the traffic
Plan capacity needs
IV. Using and maintaining MRTG
IV. Using and maintaining MRTG
Faulty data
IV. Using and maintaining MRTG
Faulty data
Other reasons
IV. Using and maintaining MRTG
Faulty data
Other reasons
Examine traffic for other devices
IV. Using and maintaining MRTG
Faulty data
Other reasons
Examine traffic for other devices
v1 counters capacity overloaded
IV. Using and maintaining MRTG
Faulty data
Other reasons
Examine traffic for other devices
v1 counters capacity overloaded
Router command interface
IV. Using and maintaining MRTG
Faulty data
Other reasons
Examine traffic for other devices
v1 counters capacity overloaded
Router command interface
Missing data
IV. Using and maintaining MRTG
IV. Using and maintaining MRTG
Must reflect changes in configuration
V. Detecting attacks
V. Detecting attacks
Example 1
A sharp increase in HTTP 401
“Authorization Required” errors.
V. Detecting attacks
Example 1
A sharp increase in HTTP 401
“Authorization Required” errors.
=> An attacker tries to brute-force
accounts on a password- protected web
site.
V. Detecting attacks
Example 2
An increase in bytes of outgoing FTP or
HTTP traffic.
V. Detecting attacks
Example 2
An increase in bytes of outgoing FTP or
HTTP traffic.
=> An intruder finds an anonymous
writeable FTP and creates a warez
download site on our server.
V. Detecting attacks
Example 3
A huge increase in outgoing SMTP
traffic; an increase in out-going DNS
lookups; an increase in CPU usage.
V. Detecting attacks
Example 3
A huge increase in outgoing SMTP
traffic; an increase in out-going DNS
lookups; an increase in CPU usage.
=> A spammer finds our SMTP server
and uses it to spam a million e-mail
addresses.
V. Detecting attacks
Example 4
An increase in ICMP traffic; an increase
in various IP errors; an increase in TCP
connections; an increase in multicast
traffic; an increase in general traffic
coupled with a decrease in actual web
hits; an increase in TCP packets without
much increase in actual bandwidth
used. An increase in IDS alerts.
V. Detecting attacks
Example 4
An increase in ICMP traffic; an increase
in various IP errors; an increase in TCP
connections; an increase in multicast
traffic; an increase in general traffic
coupled with a decrease in actual web
hits; an increase in TCP packets without
much increase in actual bandwidth
used. An increase in IDS alerts.
=> An attacker tries to take down our
web site with a DDoS attack.
V. Detecting attacks
Conclusion
Giovanni Albani, Julien Fournel, November 15, 2005
Giovanni Albani, Julien Fournel, November 15, 2005

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz