[mrtg] dynamic bandwidth thresholds based on anomalies

#1 (**permalink**) 04-18-2008

--===============2033764973==
Content-Type: multipart/alternative;
boundary="----=_Part_7451_24059439.1208521866324"

------=_Part_7451_24059439.1208521866324
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hey,

I'm new to this list and I've been using MRTG for some years now, excellent
piece of code!

My question:

I've been searching the web (mainly reading features of all sorts of network

monitoring and graphing software and all sorts of proggies that use RRDtool)

for a system that can recognize and alert on traffic anomalies. dynamically.

What I mean is the following:

Lets say I'm monitoring router traffic. (pretty stable traffic pattern in my
case)
I want to get an alert if the current traffic is somewhat unusual for this
time of
day (or even this time of day + day of the week). the easy way to do it is
that every time
I take a measurement of traffic, I compare the current value (say I'm
measuring at 13:00)
with the average of the last 7 days at the same time (13:00) and if the
current measurement is (say) 30% higher/lower than the average of that time.
issue an alert.

That's the idea, VERY EASY to implement. (rrdtool + couple lines of perl,
this could be
even implemented on top of MRTGs threshold mechanism, but it could also be
a stand alone daemon that would periodically 'query' .rrd files)

But I'm wondering if anyone knows some sorts of (open source) monitoring
suite
that does just that (or something better). or if someone sees a flaw with
this approach.

Thanks,
Eddie.

--
map{map{$a=unpack"C",$_;map{$c=$a-ord;print$_ x$c and goto"a"if$c>0}("Z",
" ");a:}split//;print"\n"}(q{&[%[%`#[%["},q{&[$[![$[%["[%["},q{&[#[#[#[%[
"[%["},q{&["[%["`#a"},q{[%["a"[([%["},q{[%["[%["[([%["},q{!_#[%["[([%["})

------=_Part_7451_24059439.1208521866324
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hey, I'm new to this list and I've been using MRTG for some years now, excellent piece of code! My question: I've been searching the web (mainly reading features of all sorts of network 
monitoring and graphing software and all sorts of proggies that use RRDtool) for a system that can recognize and alert on traffic anomalies. dynamically. What I mean is the following: Lets say I'm monitoring router traffic. (pretty stable traffic pattern in my case) 
I want to get an alert if the current traffic is somewhat unusual for this time of day (or even this time of day +  day of the week). the easy way to do it is that every time I take a measurement of traffic, I compare the current value (say I'm measuring at 13:00) 
with the average of the last 7 days at the same time (13:00) and if the current measurement is (say) 30% higher/lower than the average of that time. issue an alert. That's the idea, VERY EASY to implement. (rrdtool + couple lines of perl, this could be 
even implemented on top of MRTGs threshold mechanism, but it could also be a stand alone daemon that would periodically 'query' .rrd files) But I'm wondering if anyone knows some sorts of (open source) monitoring suite 
that does just that (or something better). or if someone sees a flaw with this approach. Thanks, Eddie. -- map{map{$a=unpack"C",$_;map{$c=$a-ord;print$_ x$c and goto"a"if$c>0}("Z", 
" ");a:}split//;print"\n"}(q{&[%[%`#[%["},q{&[$[![$[%["[%["},q{&[#[#[#[%[ "[%["},q{&["[%["`#a"},q{[%["a"[([%["},q{[%["[%["[([%["},q{!_#[%["[([%["})

------=_Part_7451_24059439.1208521866324--

--===============2033764973==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
mrtg mailing list
mrtg@lists.oetiker.ch
https://lists.oetiker.ch/cgi-bin/listinfo/mrtg

--===============2033764973==--

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode