PmGraph User Guide « Aptivate – International I.T. Development

User Guide

User Guide

Getting started with pmGraph

To start using pmGraph once it is installed, just use a web browser to access the URL:

http://{yourtomcatservermachine}:{yourtomcatport}/pmgraph/

For example if your tomcat server is called “tomcatserver” and uses the default port 8080, the URL would be:

http://tomcatserver:8080/pmgraph/

or http://tomcatserver:8180/pmgraph/ on Ubuntu where the default tomcat port is 8180.

pmGraph user interface

The pmGraph user interface provides an overview of network traffic at a glance. There are three main parts (see picture): a Form in the top of the page to select the information required; a Graph (middle of the page) showing data relating to the IPs or ports selected, which has a related navigation bar below; and a legend (in the bottom of the page) which shows the key for the graph drawn.

The Form

The Form allows various parameters to be set:

From date / From time sets the graph start point
To date / To time sets the graph end point
Show Top Changes the number of results shown on the graph, ordered by significance. Other less significant results are aggregated in “Other”
View Selects from the 4 different possible views:
- Local port Shows the ports being used by local machines for network traffic with remote machines
- Local IP Shows the IP addresses of local machines engaged in network traffic with remote machines
- Remote port Shows the ports on remote machines being used for network traffic with local machines
- Remote IP Shows the IP addresses for remote machines engaged in network traffic with local machines
Dynamic Update If this box is checked the graph will be automatically refreshed from the database every 3 minutes.

When a specific IP or port is selected by clicking on it in the legend, the form shows the specific port or IP address selected. To show a less specific view either clear this field, or use the Reset link to draw the default graph at the current time.

After changing the settings to the desired ones, click “Draw Graph” to redraw the graph.

The Links

The Links provide more options:

Configure When this link is clicked, page opens with option of updating and saving the ‘LocalSubnet’ configuration parameter.
Help If this link is clicked, then pmGarph online documentation opens in another window.

The graph

The graph generated shows the network traffic rate in kb/s (Y axis) over time (X axis), for the view and time period specified. The X axis (time) increments in units of 1 minute. Downloaded traffic (i.e. traffic from a remote machine to a local machine) is shown in the positive part of the Y axis, and uploaded traffic (traffic from a local machine to a remote mhine) is shown in the negative one.

Each colour in the graph represents a different IP or port. The relationship between the colours and the IPs is shown by the legend.

The data is drawn as a stack graph where the values for each data series are added to the data series below it. The colour nearest the X axis is the colour with the highest peak in the time period selected. The graph shows both the traffic rate of various IP addresses or ports over time, and also the total bandwidth usage at any moment in time.

There is also a navigation bar below the graph with four buttons. Zoom - and Zoom + allow the user to respectively reduce or increase the time period, and Prev. and Next move the graph backward and forward by 90 minutes. When the graph shows a time period close to the current time, the Next button is replaced by Current , and clicking on it will give the most recent data.

The legend

The legend shows the relationship between the colours in the graph and the IPs or ports, depending on the selected view. It also shows the total amount of data uploaded and downloaded for each IP or port during the time period selected and the average upload and download throughput for each IP or port in this period. The units (GB,MB etc) used for the total amounts are customised to match the time period selected.

You can order the items in the legend, or reverse the current ordering, by clicking on the links of the titles “Uploaded”, “Downloaded” or “Total MB”.

You can obtain a graph of traffic for an individual IP or port by clicking on it in the legend. Once this has been done, an even more specific view can be achieved by clicking again on an individual local or remote port, or remote IP. The graph will then show only traffic involving the selected local IP and that port or remote IP. The title of the graph will always reflect the graph being drawn in each case. To reset to viewing the whole graph, delete the port and IP settings from the Form and click “Draw Graph”.

pmGraph will resolve as many IPs as possible to host names in the legend, using the DNS server or a DHCP when it is configured (see pmGraph configuration file) . If pmGraph cannot resolve the hostname, “Unknown Host” is displayed. In the port view you will see the protocol (udp/tcp/icmp) and the service associated with each port. Note:”n/a” is shown in the port column for the icmp protocol since this protocol does not have any ports associated with it.

A real example

Let’s look at real graph of a network and see how pmGraph can help us to investigate what is happening.

We have installed and configured pmGraph to work in a local network 10.0.156.0/24. Pmacct is running on the router that connects our network to internet and is logging all the traffic between our network (10.0.156.0/24) and any other network.

The graph of the current network traffic using the local IP view is shown in the picture on the right. As you can see in the graph, the IPs which are consuming most bandwidth are: 10.0.156.158 (Unknown Host): 119 Mb downloaded and 3Mb uploaded. 10.0.156.210 (fen-ndiyo1.fen.aptivate.org): 78 Mb downloaded and 4Mb uploaded. However the graph shows that in the last few minutes, the majority of the traffic is associated with IP 10.0.156.158, being the highest peak being 1500 Kb/s. The traffic for the second IP, 10.0.156.210, in the last few minutes is less than 100 kb/s which is more than 15 times lower. The first IP seems to be consuming most of the bandwidth.	Larger Screenshot (1) (256k)
We decide to investigate the IP 10.0.156.158, so we click on its link in the legend. By default that shows a graph with the local port view selected but we want to know where this local machine is connecting to, therefore we first select the “Remote IP” view, and then click on “Draw Graph”. The result is the graph shown below:	Larger Screenshot (2) (219k)
This graph shows that most of the traffic for this IP has been with the remote machine “ubuntu.datahop.net” which corresponds to the IP 194.169.254.10. Clicking on the IP and selecting the remote port view we see that the connection to the remote machine is on port 80, which corresponds to the HTTP protocol. We conclude that this IP has been downloading from a http server called ubuntu.datahop.net.	Larger Screenshot (3) (207k)

The pmGraph Configuration File

The pmGraph configuration file can be used to set various parameters, e.g. the database connection, local network information and the number of results shown by default. Some parameters may need changing, depending on your circumstances. It is important to change the database password from the default, for security reasons. See the pmGraph Configuration document to learn how to do this.

pmGraph and OpenWRT

If you want to use pmGraph on a router capable of handling WRT based software, you will need to follow the steps described here.

Back to the main page