[mrtg] MRTG and catching data from LAN IP's ,how ??
Stuart Henderson
stu at spacehopper.org
Sat Jun 30 14:15:28 CEST 2012
On 2012-06-19, Ton Muller <spatieman at online.nl> wrote:
>> "i have MRTG now runing for a while, made some snity script to collect
>> all kind of data.
>> but the only thing i still cant get to work is, how to catch trafic data
>> from every network interface on my local network."
>
> my OS is openBSD ,and it does not have iptables, it uses pfctlon it.
> Previous router project was freesco, and with ipfwadm i could collect
> all data i needed.
You can collect data with "label" rules in PF then parse the data
output from 'pfctl -s labels' to feed into MRTG. It might seem slightly
awkward to configure as you'll have to account for incoming and outgoing
connections separately (then either add them together or graph them
separately, according to your preference) but this is an artefact of
the tracking being associated with the firewall states, rather than
directly with the hosts.
For example
hosts="{ 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5 10.0.0.6 }"
match from $hosts label "from_$srcaddr"
match to $hosts label "to_$dstaddr"
$ pfctl -s labels
from_10.0.0.1 91 23 3001 12 929 11 2072 0
from_10.0.0.2 91 12 7882 10 7770 2 112 0
from_10.0.0.3 91 328 85024 162 14324 166 70700 0
from_10.0.0.4 91 0 0 0 0 0 0 0
from_10.0.0.5 91 4 304 2 152 2 152 0
from_10.0.0.6 91 0 0 0 0 0 0 0
to_10.0.0.1 91 0 0 0 0 0 0 0
to_10.0.0.2 91 0 0 0 0 0 0 0
to_10.0.0.3 91 22 1990 12 684 10 1306 0
to_10.0.0.4 91 0 0 0 0 0 0 0
to_10.0.0.5 91 0 0 0 0 0 0 0
to_10.0.0.6 91 0 0 0 0 0 0 0
Output format is described where '-s labels' is mentioned in pfctl(8).
You might also want to look into pflow(4) (an implementation of netflow
for PF which makes use of the state tracking), you can probably export the
data into a format suitable for graphing with MRTG, or there are dedicated
graphing programs for netflow (nfsen/nfweb comes to mind but there are
others).
> it even got worse now, i got a new modem from my ISP, and the stupid
> brik has NO SNMP at al,
If the data are presented in a web interface, you could screen-scrape them,
I do this for various adsl modems for graphing signal margin, attenuation
etc (I usually do this straight into rrdtool rather than via mrtg, but
either way works). Some modems have an annoying web ui which uses cookies
or form posts, cURL is good at coping with this. Or if there's a telnet
interface you could drive it with "expect".
More information about the mrtg
mailing list