[linux] logovanie a grafy trafficu per IP

Ernest Beinrohr Ernest na Beinrohr.sk
Čtvrtek Červen 27 17:42:02 CEST 2002 

V IPACe vytvoris pravidlo, napr 'icmp'. Pouzijes takyto zaznam pre MRTG. 
Ipaccount je myslym defaultne dodavane s IPAC. Tot fsjo.

Target[icmp]: `/usr/sbin/ipaccount 5m icmp`
Options[icmp]: absolute, gauge
AbsMax[icmp]: 28750
Xsize[icmp]: 600
Ysize[icmp]: 160
MaxBytes[icmp]: 28750
PageTop[icmp]: <b>Traffic Analysis for ICMP on <u>eth2</u></b>
Title[icmp]: ICMP - eth2
LegendI[icmp]:   bytes/sec
LegendO[icmp]:   bytes/sec



Okrem toho na accounting podla pravidiel nanych IPACom pouzivam toto. 
Takto dokazem realtimovo zistit kolko kto tahal [cez cron 5min].

#> cat /root/bin/ipac2mysql.php
----------------------------------------------------------------
#!/usr/bin/php -q
<?
$db = mysql_connect ("HOSTNAME" ,"DB_USER", "DB_PASS");
mysql_select_db("DATABASE");

$result=mysql_query("select datetime from ipac order by datetime desc 
limit 0,1");
while($row=mysql_fetch_row($result)){
         $fromdate=$row[0];
         echo $fromdate."\n";
}

exec("/usr/local/bin/ipacsum --fixed-quantity b", $out, $return_value);
$all = array();
for($i=0; $i<count($out); $i++){
         //if($i==0) echo "Count: ".count($out)."\n";
         //ereg("  (outgoing|incoming) 
(.*)[:space:]+:[:space:]+([0-9]+)B", $out[$i], $regs);
         ereg("[\* ]*([a-z]+) ([a-zA-Z\.0-9_-]+[ 
]{0,1}[a-zA-Z\.0-9_-]+)[ ]+:[ ]*([0-9]+)", $out[$i], $regs);
         if($regs[1]=="incoming") $all[$regs[2]][0] = $regs[3];
         if($regs[1]=="outgoing") $all[$regs[2]][1] = $regs[3];
         //echo "$out[$i]\n";
}

echo "Count: ".count($all)."\n";
while (list($k,$v) = each($all)) {
         $incoming=($v[0]==""?0:$v[0]);
         $outgoing=($v[1]==""?0:$v[1]);
         $date=date("Y-m-d H:i:s");
         $query="insert into ipac set datetime='$date', 
fromdate='$fromdate', what='$k', incoming=$incoming, outgoing=$outgoing";
         echo $query;
         $result = mysql_query ($query) or die ("Error, query NOT 
executed");
         echo "\n";
}

mysql_close ($db);
exec("rm /var/log/ip-acct/200*");
exec("/usr/local/bin/fetchipac");

?>


Marek Podmaka wrote:
> On Thu, 30 May 2002, Ernest Beinrohr wrote:
> 
> 
>>U nas pouzivame IPAC + mrtg , funguje dobre. IPAC je na baze ipchains. 
>>Mozno jeho nova verzia IPAC-NG ma podporu aj 2.4.x
> 
> 
> mozem sa opytat ako si prepojil ipac a mrtg? Pomocou toho, co je v
> contrib/ v zdrojakoch ipac alebo si pouzil nieco ine?
> 
>    diki
> 


-- 
Ernest Beinrohr, OERNii
eAdmin @ AxonPro.sk, http://www.AxonPro.sk
+421-2-62410360, +421-905-241903
HomePage: http://www.oernii.sk

Další informace o konferenci linux