Throughput 0.1

Throughput monitor is a log analyzer

Developer:   Ragnar Kurm       more software by author → Price:  0.00 License:   GPL (GNU General Public License) File size:   12K Language:    OS:    Rating:   0 /5 (0 votes) Your vote:   enlarge screenshot

Throughput monitor is a log analyzer. In general notation it is a event counter per timeframe - in short frquency monitor. If it detects too high event rate, utility notifies about it. If rate drops below predefined value, also notify with statistics gathered meanwhile. It can analyze past logs or realtime logs.

Throughput monitor can analyze every single-line log (1 event per line). Good examples are of this kind of log producers are syslog and apache. Log lines are filtered through regex. Log can contain random crap, except on line we are interested in. Usually most of log is useless. The interesting lines must be somewhat consistent and regex must be able to detect:

timestamp in format: Day Mon dd hh:mm:ss yyyy
observerion object like username or hostname, etc

Output can be only hwm or lwm line. If amount of events per timeframe rises above hwm, then hwm line is generated. The format of hwm line is following:
Day Mon dd hh:mm:ss yyyy hwm obj

Day Mon dd hh:mm:ss yyyy - timestamp
hwm - fixed string
obj - can be username or hostname or whatever user's regex matches as observation object

Similarly lwm line is generated when rate drops below lwm. Also additional statistics is included. The format of lwm line is following:
Day Mon dd hh:mm:ss yyyy lwm obj max=zz count=xx duration=sec/hh:mm:ss interval=hh:mm:ss

Day Mon dd hh:mm:ss yyyy - timestamp
lwm - fixed string
obj - can be username or hostname or whatever user's regex matches as observation object
max=zz - the peak amount (zz) of event in timeframe
count=xx - count of events while rate is over hwm. May be smaller than max. Because when rate crosses hwm line, count is initalized to 1, but max at the same moment is hwm.
duration=sec/hh:mm:ss - how long object were in hwm state. Duration is given in both forms: seconds for automation and hhmmss for humans.
interval=hh:mm:ss - average delay between events. Equals to duration/count.

One may ask, why do i need lwm output when detecting spam? Because statistics included gives feedback about parameters to tune and also we get quick info about incident.

Know that the utility may complain about timetravel when log is not linear. In the other words, every next matched log entry must have timestamp, which is greater or equal then previous one of the same object. Unfortunately this is too common problem with logs in general.
tags day mon  lwm line  hwm line  regex matches  whatever user  obj can  string obj  duration sec  when rate  observation object  the same  following day  drops below  

Download Throughput 0.1

 http://home.uninet.ee/~ragnar/throughput_monitor/throughput_monitor2

Authors software

Throughput 0.1 (by Ragnar Kurm) Throughput monitor is a log analyzer

Similar software

Throughput 0.1 (by Ragnar Kurm) Throughput monitor is a log analyzer

Audio::Data 1.029 (by Nick Ing-Simmons) Audio::Data is a module for representing audio data to perl. SYNOPSIS use Audio::Data; my $audio = Audio::Data->new(rate =

JQuantify 3.3.0 (by BerryWorks) Developers use a simple API to insert count-points or start/stop boundaries at appropriate places within their system

WWW::Google::SiteMap::URL 1.09 (by Jason Kohles) WWW::Google::SiteMap::URL is URL Helper class for WWW::Google::SiteMap. This is a helper class that supports WWW::Google::SiteMap

Squid Graph 3.2 (by SecurLogic) Squid Graph is a free, simple, yet powerful Squid v2 native logfile analysis tool that generates reports with graphical representatio

nLive Core 2.4 (by Vigiliti Systems, Inc.) nLive Core is a Linux server based product with a web based user interface console. nLive Core Free Edition is freely downloadabl

Locale::Object::Currency::Converter 0.74 (by ^Earle Martin)

if_rate 2.0.0 (by Mihai Voicu) if_rate measures and prints some statistics about the rate of traffic through network interfaces (like iptraf). This is a simple p

flog 1.7 (by Fredrik Sjoholm) flog (file logger) is a program that reads input from STDIN and writes to a file. If SIGHUP is received, the file will be reopened

bmon 2.1.0 (by Thomas Graf) bmon is a portable bandwidth monitor and rate estimator running on various operating systems

Other software in this category

GKrellM 2.2.10 (by Bill Wilson) GKrellM application is a GTK-based stacked monitor program that charts SMP CPUs, disks,

lm_sensors 2.10.1 (by Mark S.)

Loggerithim 7.0.1 (by gphat) Loggerithim is an extensible monitoring and remote management package

SmokePing 2.0.9 (by Tobias Oetiker) SmokePing is a delux latency measurement tool

Pipe Viewer 0.9.6 (by Andrew Wood)