[mrtg] Re: more than one IP address on one eth

Gary Smith gary at primeexalia.com
Thu Jul 15 09:40:29 MEST 2004


Here are the files that we use.  We stole the perl script from someone
who was doing MRTG on spam messages using spamassassin or something
similar.  Anyways, it works fairly well.  We have set the default chart
parameters to the metrics of our router.  We did this so it wouldn't
float up and down.  The charts give us an immediate list of anyone who
is abusing bandwidth.

BTW, watch for the line wraps.  Your mileage may vary.

crontab:
* * * * * /sbin/iptables -L FORWARD -vnx |  awk -F' ' ' /OUTCOUNT/ {
print $2" "$8" OUT" } /INCOUNT/ { print $2" "$9" IN" } ' >
/etc/snmp/ipalias.usage

/etc/snmp/ipalias.pl:
#!/usr/bin/perl -wT
#
#   mrtg-aliasscanner.pl
# Global Vars
$IPAliasLog = "/etc/snmp/ipalias.usage"; 
$USAGEIN = 0;
$USAGEOUT = 0;
$ipaddr=shift;
# Exec
&Process_Log;
&Print_Average;
# Subroutines
sub Process_Log {
  $cline="";
  open (IPUSAGE,$IPAliasLog);
  while ($cline = <IPUSAGE>) {
    if ($cline =~ "$ipaddr") {
      # STRIP THE NEWLINE OR THE COMPARISON FOR "IN" WILL FAIL
      my @cline = split(/\n/,$cline);
      my @curline = split(/\ /,$cline[0]);
      my $test = "$curline[2]";
      my $v = "$curline[0]";
      if ($test ne "IN") {
        $USAGEOUT = $v;
      } else {
        $USAGEIN = $v;
      }

    }
  }
  close IPUSAGE;
}
sub Print_Average {
  # Output the average in MRTG format.
  #  IN:
  #  OUT: 
#$hostname=`hostname`;
#$uptime=`uptime`;
  print "$USAGEIN\n";
  print "$USAGEOUT\n";
  print "uptime\n";
  print "hostname IPAlias [$ipaddr]\n";

}
exit 0;

iptables configuration <trimmed>:
:INCOUNT - [0:0]
:OUTCOUNT - [0:0]
[78648:50453390] -A FORWARD -s 10.0.0.130 -o eth0 -j OUTCOUNT 
[65826:15871344] -A FORWARD -d 10.0.0.130 -i eth0 -j INCOUNT 
[346874:390855236] -A FORWARD -s 10.0.0.131 -o eth0 -j OUTCOUNT 
[288429:25714501] -A FORWARD -d 10.0.0.131 -i eth0 -j INCOUNT 
[4628:413032] -A FORWARD -s 10.0.0.132 -o eth0 -j OUTCOUNT 
[11626:1158999] -A FORWARD -d 10.0.0.132 -i eth0 -j INCOUNT 
[0:0] -A FORWARD -s 10.0.0.133 -o eth0 -j OUTCOUNT 
[7297:522200] -A FORWARD -d 10.0.0.133 -i eth0 -j INCOUNT 
..
[84928:10922370] -A FORWARD -s 10.0.0.251 -o eth0 -j OUTCOUNT 
[82448:7960980] -A FORWARD -d 10.0.0.251 -i eth0 -j INCOUNT

MRTG configuration file:
Target[10.0.0.130]: `/etc/snmp/ipalias.pl 10.0.0.130`
Target[10.0.0.131]: `/etc/snmp/ipalias.pl 10.0.0.131`
Target[10.0.0.132]: `/etc/snmp/ipalias.pl 10.0.0.132`
Target[10.0.0.133]: `/etc/snmp/ipalias.pl 10.0.0.133`
...
Target[10.0.0.251]: `/etc/snmp/ipalias.pl 10.0.0.144`

-----Original Message-----
From: mrtg-bounce at list.ee.ethz.ch [mailto:mrtg-bounce at list.ee.ethz.ch]
On Behalf Of Igor Smitran
Sent: Wednesday, July 14, 2004 8:17 AM
To: mrtg at list.ee.ethz.ch
Subject: [mrtg] Re: more than one IP address on one eth

Igor wrote:
Hi, i have one eth and NAT-ed addresses behind that (192.168.0.*) Every
address is diferent client.
I need to monitor every address and different grafs for every address.
Is there a way to do that?

Garry wrote:
We did this in Linux using iptables.  We setup a rule for each IP in IP
tables for incoming and outgoing (for us it was the FORWARD chain).  The
rules that we created were called IN and OUT.  Then we do a
iptables-save -C >somefile (with awk filtering for IN and OUT only).
This runs every 1 minute.

The we have a perl script that mrtg calls with the parameter of which IP
to get the stats on.  It isn't elegant but it works.  

We have 126 IP's that we report on and it works just fine.

---------------------

Can you send me those files, offcourse you can mask anything that will
reflect your network security.

Thank you,
Igor


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi



More information about the mrtg mailing list