This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: expand over time. RRDtool refers to a suite of tools that allow you to create and modify RRD databases, as well as generate useful graphs to present the data. It is used to keep track of time-series data (such as network band- width, machine room temperature, or server load average) and can display that data as an average over time. Note that RRDtool itself does not contact network devices to retrieve data. It is merely a database manipulation tool. You can use a simple wrapper script (typically in shell or Perl) to do that work for you. RRDtool is also used by many full featured front-ends that present you with a friendly web interface for configuration and display. RRD graphs give you more control over display op- tions and the number of items available on a graph as compared to MRTG. Figure 6.15: RRDtool gives you a lot of f exibility in how your collected network data may be displayed. RRDtool is included in virtually all modern Linux distributions, and can be downloaded from http://oss.oetiker.ch/rrdtool/. ntop http://www.ntop.org/ . For historical traf f c analysis and usage, you will cer- tainly want to investigate ntop . This program builds a detailed real-time re- port on observed network traf f c, displayed in your web browser. It integrates with rrdtool, and makes graphs and charts visually depicting how the network is being used. On very busy networks, ntop can use a lot of CPU and disk space, but it gives you extensive insight into how your network is being used. It runs on Linux, BSD, Mac OS X, and Windows. Some of its more useful features include: • Traf f c display can be sorted by various criteria (source, destination, proto- col, MAC address, etc.). • Traf f c statistics grouped by protocol and port number • An IP traf f c matrix which shows connections between machines • Network F ows for routers or switches that support the NetFlow protocol • Host operating system identi f cation Chapter 6: Security & Monitoring 191 • P2P traf f c identi f cation • Numerous graphical charts • Perl, PHP, and Python API Ntop is available from http://www.ntop.org/ and is available for most operat- ing systems. It is often included in many of the popular Linux distributions, including RedHat, Debian, and Ubuntu. While it can be left running to collect historical data, ntop can be fairly CPU intensive, depending on the amount of traf f c observed. If you are going to run it for long periods you should monitor the CPU utilization of the monitoring machine. Figure 6.16: ntop displays a wealth of information about how your network is utilized by various clients and servers. The main disadvantage of ntop is that it does not provide instantaneous in- formation, only long-term totals and averages. This can make it dif f cult to use to diagnose a problem that starts suddenly....
View Full Document