[linux] MRTG
Ondrej Ivanic
ondrej na kmit.sk
Středa Říjen 1 16:50:54 CEST 2003
Michal Zila wrote:
> mam router s dvomi sietovkami eth0 a eth1. Snazim sa na nich odmerat
> traffic pomocou MRTG. Funguje to tak, ze cfg skript vola dalsi skript,
> ktory meria traffic na danych sietovkach pomocou iptables. Snazim sa
> merat celkovy traffic, ktory bezi z eth0 na eth1 a opacne (forward). To sa mi aj
> dari. Avsak nedari sa mi merat traffic podla jednotlivych MAC adries
> (meranie prenosu dat jednotlivych uzivatelov).
Nepouzivam MRTG, ale RRDTool:
firewall:
for ((I=1; I<255; I++)) ; do
${IPTABLES} -A lan2inet_tcp -s xxx.xxx.xxx.${I} -j RETURN
${IPTABLES} -A lan2inet_udp -s xxx.xxx.xxx.${I} -j RETURN
${IPTABLES} -A lan2inet_icmp -s xxx.xxx.xxx.${I} -j RETURN
${IPTABLES} -A lan2inet_all -s xxx.xxx.xxx.${I} -j RETURN
${IPTABLES} -A inet2lan_tcp -d xxx.xxx.xxx.${I} -j RETURN
${IPTABLES} -A inet2lan_udp -d xxx.xxx.xxx.${I} -j RETURN
${IPTABLES} -A inet2lan_icmp -d xxx.xxx.xxx.${I} -j RETURN
${IPTABLES} -A inet2lan_all -d xxx.xxx.xxx.${I} -j RETURN
done;
a kazdych 5min sa spusta:
#!/bin/sh
IPTABLES="/usr/sbin/iptables"
SOURCES_IN=( inet2lan_tcp inet2lan_udp inet2lan_icmp inet2lan_all )
SOURCES_OUT=( lan2inet_tcp lan2inet_udp lan2inet_icmp lan2inet_all )
INTERFACES_COUNT=${#INTERFACES[@]}
SOURCES_IN_COUNT=${#SOURCES_IN[@]}
SOURCES_OUT_COUNT=${#SOURCES_OUT[@]}
PREFIX=/var/db/
I=0
while [ "$I" -lt "$SOURCES_IN_COUNT" ]
do
if test ! -e ${PREFIX}${SOURCES_IN[$I]}.rrd ; then
NAMES=""
echo -en "Creating RRD (${SOURCES_IN[$I]}.rrd)\n"
for((J = 65; J < 255; J++)); do
NAMES="${NAMES} DS:ip_${J}:ABSOLUTE:600:-10000000:10000000"
done;
rrdtool create ${PREFIX}${SOURCES_IN[$I]}.rrd -s 60 ${NAMES}
RRA:AVERAGE:0.5:1:1440
fi
DATA=`iptables -xv -Z -L ${SOURCES_IN[$I]} | grep RETURN | awk
{'print $2'}`
DATA=`echo ${DATA} | tr " " :`
echo -en "Updating RRD (${SOURCES_IN[$I]}.rrd)\n"
rrdtool update ${PREFIX}${SOURCES_IN[$I]}.rrd N:${DATA}
let "I = $I + 1"
done
I=0
while [ "$I" -lt "$SOURCES_OUT_COUNT" ]
do
if test ! -e ${PREFIX}${SOURCES_OUT[$I]}.rrd ; then
NAMES=""
echo -en "Creating RRD (${SOURCES_OUT[$I]}.rrd)\n"
for((J = 65; J < 255; J++)); do
NAMES="${NAMES} DS:ip_${J}:ABSOLUTE:600:-10000000:10000000"
done;
rrdtool create ${PREFIX}${SOURCES_OUT[$I]}.rrd -s 60 ${NAMES}
RRA:AVERAGE:0.5:1:1440
fi
DATA=`iptables -xv -Z -L ${SOURCES_OUT[$I]} | grep RETURN | awk
{'print -$2'}`
DATA=`echo ${DATA} | tr " " :`
echo -en "Updating RRD (${SOURCES_OUT[$I]}.rrd)\n"
rrdtool update ${PREFIX}${SOURCES_OUT[$I]}.rrd N:${DATA}
let "I = $I + 1"
done
--
Ondrej Ivanic
(ondrej na kmit.sk)
Další informace o konferenci linux