[mrtg] Re: ip-filter & mrtg (was Re: Please, help)
Richard Johnson
rdump at river.com
Thu Nov 9 19:39:55 MET 2000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:20 -0700 on 11/9/00, Brian Hechinger wrote:
> Ronald Florence drunkenly mumbled...
> Content-Description: message body and .signature
>
> > I've been using a slightly simpler approach to reading and graphing
> > ip-filter data with mrtg than the one Jim Sandoz posted, based on any
> > of four invocations of the little perl script below with
> > `pass|block|nat|acct' as the argument. I've included part of an
> > mrtg.cfg file that uses a couple of these as well.
>
> ok, i'm building ucd-snmp which is supposed to understand ipfilter. i'll post
> what i find here. no point writing all sorts of scripts if you can pull right
> from snmp.
>
> anyway, i'll post again later,
>
> -brian
I use scripts rather than an snmp daemon to gather stats from ipfilter
because scripts don't listen for connections from outsiders.
I don't have the time (and most would say I don't have the ability :-) to
make sure that ucd-snmp is free of buffer overflows. If you're pulling
stats off a secure box, you might want to keep that issue in mind.
Of course, I'm not trying to count traffic on reallybigpipes or a large
number of interfaces. The script support in MRTG seems to use signed
integers, so it goes negative rather than rolling when dealing with large
numbers between manual counter resets. Also, firing up a whole bunch of
copies of a Perl script, one per interface or value you wish to count, is
almost certainly going to be slower than a direct SNMP query.
Richard
- -------
Below is one quick hack that 'count's bits and packets. It's not pretty,
but it gets the job done.
I call it like this in /etc/mrtg.cnf:
Target[hme0-total-traffic.bytes]: `/usr/local/etc/ipfacct2mrtg.pl bytes "from any to any"`
#!/usr/bin/perl -Tw
# ipfacct2mrtg.pl
#
# Totals packets or bytes as counted by ip-filter and presents the
# results in a form that MRTG enjoys
#
# Input: - flag indicating 'bytes' or 'packets' count desired
# - list of search strings to match in ipfstat output
# Output: - total of bytes or packets from ipfstat output that
# matched each and every given search string (AND)
# Examples: - show all tcp traffic counted
# 'ipfacct2mrtg bytes tcp'
# - show count of all packets through interface fxp0
# 'ipfacct2mrtg packets fxp0'
# Caveats: - if two rules each count a packet or byte, and both
# rules match every search string, then the results
# will be inflated
BEGIN
{ $ENV{PATH}="/usr/bin:/bin"; }
$DEBUG = 0;
$ctype = shift @ARGV;
@strings = @ARGV;
$scount = scalar @strings;
$matchlist = join ' ', (@strings, $ctype);
$incoming = $outgoing = 0;
$upstring = `/usr/bin/uptime`;
print $upstring, "\n" if $DEBUG;
if ( $upstring =~ m/up ([a-z0-9\s]+,[\s]+[a-z0-9:\s]+),/) {
$uptime = $1;
} else {
$uptime = "NA";
}
open FOO, "/sbin/ipfstat -ahio |";
while (<FOO>) {
$mcount = 0;
foreach $srch (@strings) {
if ( m/$srch/ ) {
$mcount++;
}
}
if ( $mcount eq $scount ) {
print STDERR "matched: $_" if $DEBUG;
if ( m/count in/ ) {
( $packets, $bytes, @rest ) = split;
if ( $ctype eq 'bytes' ) { $incoming += $bytes; }
elsif ( $ctype eq 'packets' ) { $incoming += $packets; }
else { die "Caller is doofus - ctype needs to be either packets or bytes"; }
}
if ( m/count out/ ) {
( $packets, $bytes, @rest ) = split;
if ( $ctype eq 'bytes' ) { $outgoing += $bytes; }
elsif ( $ctype eq 'packets' ) { $outgoing += $packets; }
else { die "Caller is doofus - ctype needs to be either packets or bytes"; }
}
}
}
close FOO;
print $incoming, "\n";
print $outgoing, "\n";
print $uptime, "\n";
print $matchlist, "\n";
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
iQA/AwUBOgroX2KSuJuuNAZUEQJi9wCg0q1JHaD2YGRVyBIPOVrp7IsaUlsAoJUj
iV7j5XJEganvhHdW2XtMTFpl
=mBJ7
-----END PGP SIGNATURE-----
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the mrtg
mailing list