I'm new to this list and I've been using MRTG for some years now, excellent
piece of code!

My question:

I've been searching the web (mainly reading features of all sorts of network

monitoring and graphing software and all sorts of proggies that use RRDtool)

for a system that can recognize and alert on traffic anomalies. dynamically.

What I mean is the following:

Lets say I'm monitoring router traffic. (pretty stable traffic pattern in my
I want to get an alert if the current traffic is somewhat unusual for this
time of
day (or even this time of day +  day of the week). the easy way to do it is
that every time
I take a measurement of traffic, I compare the current value (say I'm
measuring at 13:00)
with the average of the last 7 days at the same time (13:00) and if the
current measurement is (say) 30% higher/lower than the average of that time.
issue an alert.

That's the idea, VERY EASY to implement. (rrdtool + couple lines of perl,
this could be
even implemented on top of MRTGs threshold mechanism, but it could also be
a stand alone daemon that would periodically 'query' .rrd files)

But I'm wondering if anyone knows some sorts of (open source) monitoring
that does just that (or something better). or if someone sees a flaw with
this approach.


