2007 Mar 02 - Fri

Darvas Results at EOD 2007/03/02 with EOD Signal of 2007/03/01

In comparison, the Dow Jones Industrial Index opened at 12233, had a lower high of 12247, had a higher low of 12107, and closed down for the day at 12114.

Symbol	#	Open	High	Low	Close	Stop	O->H	O->C
ABT	1	53.53	53.65	52.58	53.01	54.28	0.12	-0.52
ADI	2	36.15	36.37	35.18	35.35	36.64	0.22	-0.80
ADP	1	49.76	49.76	48.68	48.68	50.33	0.00	-1.08
AEP	1	45.38	45.59	44.85	44.87	45.37	0.21	-0.51
AKS	1	22.90	23.20	21.30	21.79	22.03	0.30	-1.11
ALTR	2	20.48	20.68	20.21	20.26	21.48	0.20	-0.22
AMCC	1	3.71	3.77	3.57	3.63	3.68	0.06	-0.08
AMKR	1	11.72	11.83	11.31	11.32	12.04	0.11	-0.40
ATHR	1	24.79	25.20	24.08	24.31	26.71	0.41	-0.48
ATI	2	100.00	101.48	95.95	97.06	104.51	1.48	-2.94
AUY	2	13.84	14.10	13.39	13.77	15.25	0.26	-0.07
AXL	2	24.30	24.32	23.64	23.65	25.82	0.02	-0.65
BBBY	1	39.75	40.18	39.50	39.55	42.54	0.43	-0.20
BBI	1	6.77	6.86	6.50	6.52	6.91	0.09	-0.25
BDN	1	35.01	35.16	34.56	34.56	34.02	0.15	-0.45
BG	1	79.60	79.60	76.81	76.97	84.03	0.00	-2.63
BNI	1	78.48	78.98	77.40	77.53	84.57	0.50	-0.95
CA	1	25.86	25.86	25.47	25.49	25.45	0.00	-0.37
CECO	1	29.79	31.85	29.79	30.25	29.85	2.06	0.46
CEG	1	79.09	79.09	77.79	77.81	77.42	0.00	-1.28
CERN	3	52.00	52.07	50.67	50.67	53.28	0.07	-1.33
CF	2	37.60	38.43	36.20	36.56	38.11	0.83	-1.04
CHL	1	45.43	46.27	44.87	45.00	49.57	0.84	-0.43
CMS	1	17.35	17.36	17.04	17.07	17.02	0.01	-0.28
CNP	2	17.15	17.63	17.03	17.50	18.31	0.48	0.35
CTSH	1	88.45	88.93	86.92	86.93	91.00	0.48	-1.52
D	1	85.45	85.68	85.00	85.00	84.70	0.23	-0.45
DD	2	50.79	50.95	49.83	50.09	52.95	0.16	-0.70
ED	3	48.60	48.63	48.06	48.08	49.25	0.03	-0.52
EQ	2	54.89	55.06	53.34	53.39	57.05	0.17	-1.50
ESLR	1	9.74	9.90	9.35	9.41	10.68	0.16	-0.33
FAF	1	47.22	48.27	46.96	47.82	46.70	1.05	0.60
FE	1	62.50	62.59	61.65	61.65	64.35	0.09	-0.85
GILD	2	70.35	71.50	69.76	70.44	73.25	1.15	0.09
GS	1	198.20	200.92	195.59	195.67	219.26	2.72	-2.53
GT	1	26.16	27.88	26.03	27.19	25.85	1.72	1.03
HES	2	52.97	53.29	51.11	51.42	55.06	0.32	-1.55
HL	2	7.78	7.93	7.50	7.56	8.40	0.15	-0.22
HLT	1	34.15	35.46	34.15	34.69	35.84	1.31	0.54
HLTH	1	14.72	14.81	14.57	14.60	15.48	0.09	-0.12
IR	3	43.08	43.35	42.43	42.61	44.00	0.27	-0.47
JBHT	1	26.30	26.40	25.80	25.81	27.48	0.10	-0.49
JOYG	2	43.25	43.36	42.40	42.40	52.94	0.11	-0.85
KLAC	2	50.50	51.16	49.51	49.91	53.65	0.66	-0.59
LLTC	2	32.81	32.94	32.08	32.08	33.64	0.13	-0.73
LM	1	101.88	103.12	99.43	99.43	109.03	1.24	-2.45
LWSN	1	7.67	7.88	7.67	7.75	8.44	0.21	0.08
LYO	1	31.84	32.00	30.70	31.05	32.48	0.16	-0.79
MET	1	62.95	63.12	62.17	62.48	65.79	0.17	-0.47
MHS	1	68.16	68.47	66.63	66.63	67.57	0.31	-1.53
NBL	3	57.03	57.78	56.89	57.38	57.06	0.75	0.35
NIHD	1	69.99	70.48	69.15	69.31	70.54	0.49	-0.68
NRG	3	67.18	68.40	67.12	67.42	65.79	1.22	0.24
NSM	1	25.20	25.47	24.77	24.96	25.58	0.27	-0.24
NTES	2	20.07	20.48	19.76	19.91	20.60	0.41	-0.16
NVTL	2	13.12	13.44	13.10	13.33	12.80	0.32	0.21
NYB	2	16.94	16.99	16.75	16.77	17.35	0.05	-0.17
OMC	1	103.33	103.90	102.62	103.12	100.61	0.57	-0.21
OMX	1	50.90	51.00	49.98	50.24	51.85	0.10	-0.66
ONNN	3	9.68	9.87	9.41	9.49	10.46	0.19	-0.19
PAAS	3	27.54	28.48	26.75	26.97	31.52	0.94	-0.57
PAYX	2	39.64	39.70	39.13	39.16	41.93	0.06	-0.48
PD	3	124.01	124.80	123.05	123.05	124.40	0.79	-0.96
PENN	2	45.50	46.13	45.34	45.66	42.95	0.63	0.16
PMTC	1	18.88	19.01	18.49	18.60	20.18	0.13	-0.28
POT	1	152.50	155.45	147.93	148.28	161.00	2.95	-4.22
PPL	2	38.33	38.45	37.85	37.85	38.17	0.12	-0.48
PWR	3	23.31	23.43	22.36	22.38	23.31	0.12	-0.93
PX	2	60.98	61.36	60.40	60.56	64.20	0.38	-0.42
RIMM	1	139.94	141.31	135.96	135.97	139.74	1.37	-3.97
RIO	1	33.41	33.64	32.32	32.70	36.68	0.23	-0.71
RRC	3	32.00	32.11	31.30	31.31	31.25	0.11	-0.69
RRI	1	17.21	17.42	17.12	17.17	17.06	0.21	-0.04
RYI	1	33.81	36.89	33.71	35.43	34.01	3.08	1.62
SCUR	1	8.25	8.45	8.05	8.12	9.35	0.20	-0.13
SHLD	1	174.89	181.15	174.89	177.10	187.27	6.26	2.21
SIRF	1	27.96	28.55	27.56	28.02	31.70	0.59	0.06
SONS	1	7.40	7.46	7.14	7.33	7.23	0.06	-0.07
STM	3	18.93	19.00	18.69	18.70	19.92	0.07	-0.23
STP	1	35.75	36.47	34.52	34.63	36.70	0.72	-1.12
SYK	1	61.28	61.65	60.67	61.00	63.50	0.37	-0.28
TEVA	1	34.81	35.17	34.68	34.70	37.76	0.36	-0.11
TRA	1	16.98	17.10	16.43	16.65	17.70	0.12	-0.33
TSM	2	10.93	10.95	10.64	10.64	11.30	0.02	-0.29
UIS	1	8.37	8.43	8.23	8.28	8.92	0.06	-0.09
USG	1	53.40	53.78	52.73	52.82	57.74	0.38	-0.58
USU	3	14.22	14.33	13.87	13.90	14.98	0.11	-0.32
VSEA	1	47.08	47.95	46.24	46.29	47.22	0.87	-0.79
WIN	1	14.85	14.89	14.32	14.38	15.10	0.04	-0.47
WYN	2	34.90	35.27	34.75	34.77	35.10	0.37	-0.13
XL	1	69.90	70.22	69.33	69.69	73.99	0.32	-0.21
XLU	2	38.64	38.64	38.05	38.05	39.17	0.00	-0.59
YRCW	1	43.38	43.38	41.84	42.06	42.92	0.00	-1.32
93		3896.94					48.45	-51.85

[/Trading/Darvas/D200703] permanent link

Installing Netflow Tool: nfsen

nfsen is companion tool to nfdump. Where nfdump handles the capture and writing to disk of netflow records, nfsen takes the captured files and makes the data available through a web interface.

To install, download and expand the latest snapshot (be sure the nfsen snapshot is compatible with the nfdump snapshot):

cd /usr/src
wget http://internap.dl.sourceforge.net/sourceforge/nfsen/nfsen-snapshot-20070208.tar.gz
tar -zxvf nfsen-snapshot-20070208.tar.gz
cd nfsen-snapshot-20070208

To build and install nfsen is a bit more complicated that installing nfdump:

cd etc
cp nfsen-dist.conf nfsen.conf
nano nfsen.conf
* $BASEDIR = "/usr/local/nfsen";
* $CONFDIR = "/etc/nfsen";
* $VARDIR   = "/var/local/nfsen";
* $PROFILESTATDIR="${VARDIR}/profiles";
* $PROFILEDATADIR="/var/local/nfdump/flows";
* $USER    = "www-data";
* $WWWUSER  = "www-data";
* $WWWGROUP = "www-data";
* $SUBDIRLAYOUT = 7;
* %sources = (
*      'bmr01'        => { 'port'    => '9999', 'col' => '#0000ff', 'type' => 'netflow' },
* );
cd ..
./install.pl etc/nfsen.conf

[/OpenSource/Debian/Monitoring] permanent link

Installing Netflow Tool: nfdump

For a while now, I've been using the Flow-Tools set of netflow analysis tools. I've heard that Nfdump and Nfsen are the current netflow tools of choice. The weakness with Flow-tools has been in the web side. The command line tools are rich, but the graphical side has lacked a little. I'm hoping to see something better with this alternate tools set.

Peter Haag, the toolset author, has a presentation titled Watch Those Flows. There is a second, larger paper called Watch your Flows with NfSen and NFDUMP.

Download, expand, and build the snapshot from Sourceforge Nfdump:

cd /usr/src
wget http://internap.dl.sourceforge.net/sourceforge/nfdump/nfdump-snapshot-20070208.tar.gz
tar -zxvf nfdump-snapshot-20070208.tar.gz
cd nfdump-snapshot-20070208
./configure
make 
make install

There are man tools for each of the tools. There must be a separate nfcpad process for each neflow source. So that collection starts on monitoring server boot, these can be placed in the /etc/rc.local config file, which will be processed near the end of the operating system boot process. The author provides the following as an example:

nfcapd -w -D -l /flow_base_dir/router1 -p 23456
nfcapd -w -D -l /flow_base_dir/router2 -p 23457

I've used (pre-create the directory):

nfcapd -p 9999 -l /var/local/nfdump/flows -S 7 -w -I bmr01

Each interface on a Cisco router should have the following:

interface fastethernet 0/0
ip route-cache flow

A basic config to export the flows would be:

ip flow-export  
ip flow-export version 5
ip flow-cache timeout active 5

Note that even though lower end switches like 3550's, 3750's, and 3560's have some of the netflow commands, they will only export process switched flows. Talk to your Cisco account manager, and as a group, we may be able to influence Cisco to provide full netflow capability in 'every day' line of switches.

The alternative to this problem is to use nProbe utility from NTOP. Connect a promiscuous ethernet port to a spanned port on a switch. nProbe will capture the packets, evaluate them, and forward netflows to the netflow capture utility. As a bonus, nProbe is useful in VOIP networks as it knows how to evaluate RTP streams and forward helpful statistics on a per flow basis. I'll try to write this up in another entry.

As a side note, I came across plixer international, who were previouisly known as Somix Technologies. They have a netflow analyzer available for downloading.

[/OpenSource/Debian/Monitoring] permanent link

Installing and Configuing syslog-ng

The syslogging capability that comes standard with Debian gets the job done, but offers little for flexibility. I needed something that would allow simple replication of certain log entries to a vendor's syslog server. BalaBit's syslog-ng is an excellent replacement. And dead easy to install:

apt-get install syslog-ng

This removes the old syslog programs, installs the new ones, and starts things up. The configuration file, although in a different format, attempts to replicate the functionality of the previous programs quite well. The configuration is found in /etc/syslog-ng/syslog-ng.conf. The documentation is straight forward and useful. After taking a quick look at it,the configuration file makes sense, and is easy to add configuration items.

In the configuration file, I added the following to the options section:

use_dns(yes);
use_fqdn(yes);

to add some lookups, even though it may not be recommeded in high volume environments. In the source s_all section, I added:

udp();

in order to allow messages from the Cisco devices. In order forward syslog messages from specific devices to a vendor in order to correlate network problems, I added the following lines:

# external destination for log messages (will require a port opening on firewall)
destination du_externallog { udp("192.2.0.5"); };
# specific device list
filter f_devicesforvendor { host("router1") or host("router2"); };
# perform the logging to vendor
log {
  source(s_all);
  filter(f_devicesforvendor);
  destination(du_externallog);
  }

[/OpenSource/Debian/Monitoring] permanent link