[Mimedefang] Graphdefang...

[Jonas Eckerman]

Hi!

Just thought I'd tell you people that I've added some more stuff to my modified Graphdefang. The code and info is available at "http://whatever.frukt.org/graphdefang-mods.shtml". My own mail stats created by this is at "http://whatever.frukt.org/graphdefang/".

Here's what I've done (and remembered to put in writing) to it so far:

   * Added $senderdomain and $recipientdomain to the collected data values.
    * Totals available for "summary" graphs with the following time groups:
          o yearly_totals
          o monthly_totals
          o daily_totals
          o hourly_totals
          o weekdaily_totals
          o yeardaily_totals
    * Grand total available as totals (only works with graphs with no axis).
    * Average available for "summary" graphs with the following time groups:
          o yearly_average (only works with graphs with no axis)
          o monthly_average
          o daily_average
          o hourly_average
          o weekdaily_average
          o yeardaily_average
    * The graph type pie has been added (only works with summary graphs.
    * I've added the graph type stacked_area because I like it.
    * I've replaced the different draw_*_graph() functions with one draw_graph().
    * Summaries are sorted by value, just like other graphs.
    * If you specify data type all together with other data types, the other data types will be excepted from the graph.
    * I'm stripping "<", ">", "[" and "]" from addresses.
    * The dataset is now accessed with DWH_File instead of loaded into RAM. This ought to make a big difference on big sites, and should also make it feasible to save data for a long time.
    * The y axis values are calculated in order to waste less space than GD::Graph's built-in calculations.
    * Added "value3" and "value4" to make room for some more info.
      This was done mainly because I've made my event handlers use p0fIP2OS from my p0f scripts in order to include operating system info int the stats.
    * Added the graph types hbar and stacked_hbar (h stands for horizontal), because they can be useful.
    * Added the following graph settings that makes it easier to make the graphs look good:
          o compute_bars_sz: If this is true for a horizontal bar chart, y_graph_size specifies the bredth of the bars, and the actual height of of graph will be computed depending on the number of bars.
          o legend_columns: Specifies the number of columns in the legend, and is necessary for add_legend_sz to work.
            If this is set to zero for a bar chart, it will be treated the same way pie charts are treated by the program.
          o add_legend_sz: If this is true for a graph with a legend, the size of the legend will be added to the graphs height.
          o reversed: If this is true, the graph values will be sorted in reverse order.

Use it if you like it...

Regards
/Jonas

PS. This version's using DWH_File wich results in a lot lof diskaccess and a high demand of CPU time, but hopefully means it needs less RAM to run on big dataset but might also make it a lot slower when the dataset isn't huge anyway. My dataset on disk is currently about 320MB, and with that dataset Graphdefang and uses (at it's peak) about 60MB RAM. If anyone tests it on a high load site I'd be interested in the results. Without such info I can't say wether using DWH_File was a good or bad idea.

-- 
Jonas Eckerman, jonas at truls.org
http://www.truls.org/