Menu

Grapher give a empty graph

General Discussion
Isaque Profeta
2014-09-18
2014-09-26

  • Isaque Profeta

    Isaque Profeta - 2014-09-18

    Hi folks!

    Awesome tool we got here, Silk is great and FlowViewer get me some good reports.

    Got a little problem here that I wanted to know if is a misconfiguration or something like that: using FlowGrapher I got all the list result for the data, but the graph is empty like below:

    alternate text

    I got all the GD libraries installed and I'm using FV4.4 with Silk3.8.3 on a Centos6.5. My DEBUG_GRAPHER give me this:

    In FlowGrapher_Main.cgi
FORM{device_name}: DEVICENAME
FORM{exporter}: 
FORM{start_date}: 17/9/2014  start_date: 9/17/2014  FORM{end_date}: 17/9/2014  end_date: 9/17/2014
This device is exporting IPFIX
current_year_date: 01/01/2014   current_year_epoch: 1388541600  current_year_dst: 1
  prior_year_date: 01/01/2013     prior_year_epoch: 1357005600    prior_year_dst: 1
   next_year_date: 01/01/2015      next_year_epoch: 1420077600     next_year_dst: 1
Current Year: 01/01/2014  Epoch: 1388541600  DST: 1
  Start Date:  17/9/2014  Epoch: 1410958800  DST: 0
       start_date: 17/9/2014           start_epoch: 1410958800   start_epoch_dst: 0
         end_date: 17/9/2014             end_epoch: 1410962400     end_epoch_dst: 0
   selection_switches: --data-rootdir=/data --type=all --start-date=2014/09/17:07 --end-date=2014/09/17:11 --active=2014/09/17:10:00:00-2014/09/17:11:00:00 
partitioning_switches: --sport=80 --scidr=IPADDRESS
from: start                          to: start filter_SiLK               elapsed seconds: 0.006464  running: 0.006464
rwfilter_command: /usr/local/bin/rwfilter --data-rootdir=/data --type=all --start-date=2014/09/17:07 --end-date=2014/09/17:11 --active=2014/09/17:10:00:00-2014/09/17:11:00:00   --sport=80 --scidr=IPADDRESS --pass=/var/www/cgi-bin/FlowViewer_4.4/Flow_Working/FlowGrapher_filtered_114209GC
from: start filter_SiLK              to: start rwcount_SiLK              elapsed seconds: 0.366787  running: 0.373251
silk_command: /usr/local/bin/rwcount --bin-size=5 --start-time=2014/09/17:10:00:00 --epoch-slots /var/www/cgi-bin/FlowViewer_4.4/Flow_Working/FlowGrapher_filtered_114209GC > /var/www/cgi-bin/FlowViewer_4.4/Flow_Working/FlowGrapher_output_114209GC
from: start rwcount_SiLK             to: start report_SiLK               elapsed seconds: 0.084401  running: 0.457652
from: start report_SiLK              to: start rwcut_SiLK                elapsed seconds: 0.004857  running: 0.462509
from: start rwcut_SiLK               to: start records_SiLK              elapsed seconds: 0.035117  running: 0.497626
looked at:  flows
passed   :  flows
from: start records_SiLK             to: done_FLOWS                      elapsed seconds: 0.014668  running: 0.512294
from: done_FLOWS                     to: create_graph                    elapsed seconds: 0.039883  running: 0.552177
from: create_graph                   to: done                            elapsed seconds: 16.317302  running: 16.869479
run took: 17 seconds

    Any helps? In the meantime, thanks for the attention!

     

  • Joe Loiacono

    Joe Loiacono - 2014-09-25

    Isaque,

    Forgive me - I did not see your email until just now! My apologies.

    First - can you see if FlowGrapher_Main is creating any png file?

    The code is:

       $png_filename  = "FlowGrapher_save_" . $suffix . ".png";

   open(PNG,">$graphs_directory/$png_filename");
   binmode PNG;
   print PNG $image->png;
   close PNG;

    So we'll be looking to see if $graphs_directory/$png_filename got created.

    We'll go from there ...

    Joe

     

  • Joe Loiacono

    Joe Loiacono - 2014-09-26

    When I replied yesterday, your image had not been visible to me. I believe this was because I was on a VPN. Now that I can see it, yes all of your GD stuff is fine.

    I'm beginning to suspect a timezone issue.

    In GMT time, your start_epoch and end_epoch convert to:

    epoch_time = 1410958800; calendar_time = 09/17/2014 13:00:00 (GMT)
    epoch_time = 1410962400; calendar_time = 09/17/2014 14:00:00 (GMT)

    Is that correct for your timezone? How have you set $timezone in FlowViewer_Configuration.pm:

    $time_zone  = "";   # If left empty, will use system time zone

    When you built SiLK, did you use the --enable-localtime switch? From SiLK Installation reference:

    2.3.11 Using your local timezone

    By default, SiLK uses UTC when printing timestamps to the user, and it expects timestamps from the user to be in UTC. Giving configure the --enable-localtime switch will modify SiLK to print and expect times in the local timezone. (Data files are always indexed by UTC.)

    Finally...

    Can you add to following DEBUG lines to see if that is the problem?

     716                 $silk_record = $_;
 717                 $silk_record =~ s/\s+//g;
 718                 ($bucket_start,$num_recs,$num_bytes,$num_pkts) = split(/\|/,$silk_record);
      print DEBUG "bucket_start: $bucket_start  start_epoch: $start_epoch  end_epoch: $end_epoch\n";
 719
 720                 if (($bucket_start < $start_epoch) || ($bucket_start >= $end_epoch)) { next; }

    and then a couple of lines down ...

     727
 728                 if ($sampling_multiplier > 1) { $value *= $sampling_multiplier; }
 729
 730                 $buckets[$bucket_num] = $value;
 731                 $bucket_num++;
       print DEBUG "buckets[$bucket_num]: $buckets[$bucket_num]\n";

    Thanks!

    Joe

     

  • Isaque Profeta

    Isaque Profeta - 2014-09-26

    Right on the spot man!

    Running the debug like you asked I got that the time of graph was out of the start/end time.

    from: start rwcount_SiLK             to: start report_SiLK               elapsed seconds: 0.045359  running: 0.904488
bucket_start: Date  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750800  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750805  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750810  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750815  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750820  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750825  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750830  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750835  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750840  start_epoch: 1411761600  end_epoch: 1411765200
bucket_start: 1411750845  start_epoch: 1411761600  end_epoch: 1411765200

    Just changed the timezone of server to UTC and graph is working!

    Thank you a lot!

     

Log in to post a comment.