FloX (Flow eXplorer) is a simple PHP tool to examine large tables of flow data in a SQL database. Although made for pmacct tables (http://www.pmacct.net), it should work with any flow table.
Like you can browse your directories with the "du -sk" command to find the cause, why your hard disk is full again, you have with FloX the possibility to browse through your flow data to find out, what that strange traffic peak during the last hour exactly is composed of. Whatever you are storing in your flows, you can get the information.
Here is a screenshot.
Installation is as easy as dropping the directory somewhere in the root directory of your webserver, adapting config.php.inc and pointing your browser to that location. Of course, PHP has to be installed and working.
So, how does it work? After selecting a table, you first should select a time interval, which you want to look at, choose how long the ranking should be and by which Counter Field the ranking should be ordered. Don't forget to click update after this, as I don't use any javascript for now. Then you can click on one of the Flow Keys, and a ranking will be calculated for the selected Flow Key in respect of the selected Counter Field. Next to each line of the Summation Ranking you will see a select button. By using it you can "lock" all following actions to that specific Flow Key value. That is, you can now select again another Flow Key to calculate a Summation Ranking, but this time only in the subset of the Flow data defined by the already selected Flow Key values. If you repeat this procedure you can break down a certain traffic peak to a set of Flow Key values as far as possible. If you want to go back a step, you can click on an already selected Flow Key to deselect it again.
HINT: The performance of the ranking calulation highly depends on good indexes for the database tables. So at least build an tree index for the time column.
old versions:
Any comments, ideas and bug reports are most welcome!
Sven Anderson <sven-floxanderson.de>