The output format of the collector and merge process is a header line
followed by a series of accounting records, with tab separated fields
and terminated with line-feeds. The header line is in the format:
h <collecting-host> <start-time> <end-time>
where <collecting-host> is the name of the host doing the
collection, <start-time> is the time of the last flush, and
<end-time> is the time of the current flush. In the merge
operation, the <collection-host> field is changed from the name of
the collecting host to the name of the merge block specified in the
configuration file.
The accounting data records are text lines, one for each object with a
non-zero counter, in the format:
d <provisioning-name> <count> <start> <length>
where <provisioning-name> is the name of the object being collected,
<count> is the aggregate count of the sample deltas, <start> is
the start time of the sample, i.e. the time the first query was taken
in Unix time_t format, and <length> is the number of seconds
from the first sample to the last.
Output records are written to standard output or a specified file. The
file name can use
strftime()
style time specification strings,
allowing a new file to be written on each pass. Output times are
aligned, so (for example) that two systems outputting data at five
minute intervals will output on the hour, at five past, ten past and
so-on, thus if two collectors are run, the data they collect will bear a
close resemblance.
Audit files record activity on a specific counter, if auditing for that
counter is requested. Audit files record the one header and one data
record at each data dump, and poll records at each SNMP poll associated
with the audited counter.
Audit files are in much the same format as the accounting data files,
using both the ``h'' and ``d'' record formats.
The poll record is in the format:
p <object> <last-time> <time-now> <last-value> <new-value> <delta>
where <object> is the OID name of the SNMP object being polled,
<last-time> is the last time the object was polled, <time-now>
is the time of the current poll, <last-value> is the value at the
time of the last poll, <new-value> is the value returned by the
current poll and <delta> is the delta between the two values that
will be added to the counter. Note that the <delta> may differ from
<new-value> - <last-value> if a counter reset or excessive traffic
condition is detected. <delta> is also corrected if a counter wrap
is detected.
When auditing, the sum of the <delta> values in ``p'' records
between ``d'' records should equal the <count> value in the
following following ``d'' record.