Monday, April 16, 2007

Ragraph - DNS Graph

This is for my own note as I can't really remember everything in argus. It is definitely a beast as it needs some tinkering to fully understand how it works and getting the output you need. Anyway I just blog it here in case someone interested.

Ragraph is one of argus clients to create graph out of argus data, in fact argus comes with a lot of client tools that are very powerful, all the client tools are easy to use but hard to master. The 'Hard to Master' part really kills a lot of people including me.

Here's the graph that showing dns traffics, for both source and destination bytes. You may notice that changing the time mode makes huge different. The first graph with -M 1s shows the data in second and therefore it looks more detail, the second graph is generated using -M 1m which is 1 minute and therefore it looks more coarser as it spans to 1 minute time data. I first saw this kind of graph generated in argus site and not really understand it until I tried it myself.

shell>ragraph bytes -M 1s -fill -stack -r argus-test.arg - udp and port 53

shell>ragraph bytes -M 1m -fill -stack -r argus-test.arg - udp and port 53

I used -fill so that it won't fill the color for the data area, this make it like a line graph and I prefer it to be displayed that way.

Enjoy ;]


Anonymous said...

Thanks much... Your blog entry saved me having to figure out the command, with the "sparse" documentation :)


...Steve Beaudry...
Royal Roads University

Marcio Ghiraldelli said...

Good topic! Looks like Argus really do what I want: monitor independent hosts trafic usage, inside a LAN.
I was worried about the visual output, but looks like ragraph is the ideal way.
I'll try your command lines :)