<HTML dir=ltr><HEAD><TITLE>RE: Graphing with MRTG something other than active leases?</TITLE>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6000.16705" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText11145 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Might want to look at ntop. It's a non-intrusive way to do it live. It can be dumped to RRD graphs. Here's an example:</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2><A href="http://www.ntopsupport.com/192.168.42.35.html">http://www.ntopsupport.com/192.168.42.35.html</A></FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Brad Dameron</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>Clearw're</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> dhcp-users-bounce@isc.org on behalf of Frank Bulk<BR><B>Sent:</B> Tue 10/14/2008 6:21 PM<BR><B>To:</B> dhcp-users@isc.org<BR><B>Subject:</B> RE: Graphing with MRTG something other than active leases?<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Rather than pipe it to 'wc', just use the '-c' option in grep.<BR><BR>Frank<BR><BR>-----Original Message-----<BR>From: dhcp-users-bounce@isc.org [<A href="mailto:dhcp-users-bounce@isc.org">mailto:dhcp-users-bounce@isc.org</A>] On Behalf<BR>Of Jerimiah Cole<BR>Sent: Friday, October 10, 2008 9:40 AM<BR>To: dhcp-users@isc.org<BR>Subject: Re: Graphing with MRTG something other than active leases?<BR><BR>On Fri, 2008-10-10 at 12:58 +0200, Leif Arne Neset wrote:<BR>> Nomad skrev:<BR>> > Is anybody else using MRTG to create graphs for ISC DHCP? I have graphs<BR>for<BR>> > the active and known leases but I've been asked to do the same for the<BR>> > number of DHCPDISCOVER and other messages. We've had several instances<BR>of<BR>> > clients going nuts and flooding our servers with DHCPDISCOVER and we'd<BR>like<BR>> > to keep track of this.<BR>> > Any thoughts? Suggestions? Currently we're running v3.1.0 on a redhat<BR>> > enterprise v4 server.<BR>> ><BR>><BR>> We are starting a small script from the MRTG server that uses tcpdump,<BR>> on the dhcp servers, for 10 sec. to count the number of incoming dhcp<BR>> packets and returns a value to MRTG.<BR><BR>That will only capture a small snapshot of traffic, and ignores<BR>potential peaks across the entire interval that MRTG is averaging<BR>against (usually 5 minutes). Why not just:<BR><BR>grep DISCOVER /var/log/dhcp.log | wc -l<BR><BR>I think MRTG is smart enough to realize when the log rotates and the<BR>count plummets.<BR><BR>Jerimiah<BR><BR><BR><BR><BR></FONT></P></DIV></BODY></HTML>