[linux] MRTG

Ondrej Ivanic ondrej na kmit.sk
Středa Říjen 1 16:50:54 CEST 2003


Michal Zila wrote:
> mam router s dvomi sietovkami eth0 a eth1. Snazim sa na nich odmerat
> traffic pomocou MRTG. Funguje to tak, ze cfg skript vola dalsi skript,
> ktory meria traffic na danych sietovkach pomocou iptables. Snazim sa
> merat celkovy traffic, ktory bezi z eth0 na eth1 a opacne (forward). To sa mi aj
> dari. Avsak nedari sa mi merat traffic podla jednotlivych MAC adries
> (meranie prenosu dat jednotlivych uzivatelov).
Nepouzivam MRTG, ale RRDTool:

firewall:
for ((I=1; I<255; I++)) ; do
   ${IPTABLES} -A lan2inet_tcp   -s xxx.xxx.xxx.${I} -j RETURN
   ${IPTABLES} -A lan2inet_udp   -s xxx.xxx.xxx.${I} -j RETURN
   ${IPTABLES} -A lan2inet_icmp  -s xxx.xxx.xxx.${I} -j RETURN
   ${IPTABLES} -A lan2inet_all   -s xxx.xxx.xxx.${I} -j RETURN
   ${IPTABLES} -A inet2lan_tcp   -d xxx.xxx.xxx.${I} -j RETURN
   ${IPTABLES} -A inet2lan_udp   -d xxx.xxx.xxx.${I} -j RETURN
   ${IPTABLES} -A inet2lan_icmp  -d xxx.xxx.xxx.${I} -j RETURN
   ${IPTABLES} -A inet2lan_all   -d xxx.xxx.xxx.${I} -j RETURN
done;

a kazdych 5min sa spusta:
#!/bin/sh

IPTABLES="/usr/sbin/iptables"
SOURCES_IN=( inet2lan_tcp inet2lan_udp inet2lan_icmp inet2lan_all )
SOURCES_OUT=( lan2inet_tcp lan2inet_udp lan2inet_icmp lan2inet_all )
INTERFACES_COUNT=${#INTERFACES[@]}
SOURCES_IN_COUNT=${#SOURCES_IN[@]}
SOURCES_OUT_COUNT=${#SOURCES_OUT[@]}
PREFIX=/var/db/

I=0
while [ "$I" -lt "$SOURCES_IN_COUNT" ]
do
   if test ! -e ${PREFIX}${SOURCES_IN[$I]}.rrd ; then
     NAMES=""
     echo -en "Creating RRD (${SOURCES_IN[$I]}.rrd)\n"
     for((J = 65; J < 255; J++)); do
       NAMES="${NAMES} DS:ip_${J}:ABSOLUTE:600:-10000000:10000000"
     done;
     rrdtool create ${PREFIX}${SOURCES_IN[$I]}.rrd -s 60 ${NAMES} 
RRA:AVERAGE:0.5:1:1440
   fi
   DATA=`iptables -xv -Z -L ${SOURCES_IN[$I]} | grep RETURN | awk 
{'print $2'}`
   DATA=`echo ${DATA} | tr " " :`
   echo -en "Updating RRD (${SOURCES_IN[$I]}.rrd)\n"
   rrdtool update ${PREFIX}${SOURCES_IN[$I]}.rrd N:${DATA}
   let "I = $I + 1"
done

I=0
while [ "$I" -lt "$SOURCES_OUT_COUNT" ]
do
   if test ! -e ${PREFIX}${SOURCES_OUT[$I]}.rrd ; then
     NAMES=""
     echo -en "Creating RRD (${SOURCES_OUT[$I]}.rrd)\n"
     for((J = 65; J < 255; J++)); do
       NAMES="${NAMES} DS:ip_${J}:ABSOLUTE:600:-10000000:10000000"
     done;
     rrdtool create ${PREFIX}${SOURCES_OUT[$I]}.rrd -s 60 ${NAMES} 
RRA:AVERAGE:0.5:1:1440
   fi
   DATA=`iptables -xv -Z -L ${SOURCES_OUT[$I]} | grep RETURN | awk 
{'print -$2'}`
   DATA=`echo ${DATA} | tr " " :`
   echo -en "Updating RRD (${SOURCES_OUT[$I]}.rrd)\n"
   rrdtool update ${PREFIX}${SOURCES_OUT[$I]}.rrd N:${DATA}
   let "I = $I + 1"
done

-- 
Ondrej Ivanic
(ondrej na kmit.sk)




Další informace o konferenci linux