Skip to Content

CGraph.exe

Description

This program permits you or programmer obtain graph like information associated with a data source (a device, a thread, all messages, possibly other items of interest.) You specify a data source, a graph type, and a start date for the graph data. One application of this program is to extend the dashboard graphing and reporting facility.

Usage and Syntax

Usage: cgraph minute (dsrc) [ -xml ]

Also:  cgraph hour  (dsrc) (startdate) [ -xml ]
Also:  cgraph day   (dsrc) (startdate) [ -xml ]

(dsrc) : messages | device/(devname) | thread/(uid)
(startdate): YYYY-MM-DD format.

Arguments

minute | hour | day

The first argument is one of the following keywords: minute to output graph minute data; hour to output graph hourly data, or; day to output graph daily data. One (and only one) of these arguments must be specified as the first argument to the program.

(dsrc)

The second argument specifies the data source of messages in the following format: message specifies graph data extracts from all messages; device or (devname) specifies that the data extracts from a device catalog (with (devname): being the name of the device appearing on the Catalogs > Devices screen); thread or (uid) specifies that the data is extracted from a thread catalog (with (uid) being the thread unique identifier for a correlation thread appearing on the Correlation > Threads screen.) See additional notes.

(startdate)

This option follows the data source argument, and is the start time for the graph (that is, the latest message in the graph) represented in standard YYYY-MM-DD format. This argument is required for hour and day data, and must be omitted for minute data. The value today or now can be used as an alias for the current day.

-xml

This option, if it exists, represents the data in XML format, that might be more convenient for programmers extracting data to be used in Javascript or other web programming languages. If omitted, a simpler text block format is used to display the graph data to standard output.

Application notes

The CGraph.exe program uses the graphing algorithms of the dashboards and Reports > Graph facility to output interval data in the same general format as these screens. The interval data can be subsequently parsed, or output in XML format.

One application of this program is to launch the program as a CGI script, and then subsequently read this data into a Javascript program, implementing a type of AJAX interface. This program is mainly of interest to web developers and programmers.

Information
Examples
REM: Get the minute data for all messages.
REM: Output goes to the "out.txt" file.

cgraph minute messages > out.txt

REM: Get the hour data for the 127.0.0.1 device
REM: starting with today's date

cgraph hour "device/127.0.0.1" today

REM: Get the hour data for the administrative user
REM: for May 20th, 2018

cgraph hour "user/administrator" 2018-05-20

REM: Get the day data for the thread with the
REM: specified UID. The thread UID is available from
REM: "CatThr.exe -uid" command, and also available
REM: from the "Audit Full Thread Configuration" link
REM: at the bottom of the  "Correlation > Threads"
REM: screen

cgraph day "thread/170519153159" today

REM: Same as above, except output XML instead of
REM: The standard block format.

cgraph day "thread/170519153159" today -xml

Related topic

Command-reference

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Defender SIEM Correlation Server 6.1