root / plugins / pf / pf_tables_ @ 09b88141
Historique | Voir | Annoter | Télécharger (6,08 ko)
| 1 | d153fc8a | lduchosal | #!/usr/bin/perl -w |
|---|---|---|---|
| 2 | # -*- perl -*- |
||
| 3 | |||
| 4 | =head1 NAME |
||
| 5 | |||
| 6 | pf_tables : Munin plugin to monitor pf tables. |
||
| 7 | Inout: bandwidth usage for table |
||
| 8 | Addresses: number of entries in table |
||
| 9 | |||
| 10 | |||
| 11 | =head1 APPLICABLE SYSTEMS |
||
| 12 | |||
| 13 | Should work on any BSD that has pf(4). |
||
| 14 | |||
| 15 | Examples: |
||
| 16 | |||
| 17 | =over |
||
| 18 | |||
| 19 | =item pf_tables_inout_tablename |
||
| 20 | |||
| 21 | =item pf_tables_addresses_authenticated |
||
| 22 | |||
| 23 | =item pf_tables_addresses_badboys |
||
| 24 | |||
| 25 | |||
| 26 | =head1 CONFIGURATION |
||
| 27 | |||
| 28 | 09b88141 | Lars Kruse | [pf_tables_*] |
| 29 | user root |
||
| 30 | d153fc8a | lduchosal | |
| 31 | =head1 INTERPRETATION |
||
| 32 | |||
| 33 | The plugin simply runs the pfctl -sTables -vvv command and counts the number of |
||
| 34 | Addresses and InBytes/OutBytes in each table. |
||
| 35 | |||
| 36 | =head1 BUGS |
||
| 37 | |||
| 38 | Only tested extensively on FreeBSD. |
||
| 39 | |||
| 40 | =head1 MAGIC MARKERS |
||
| 41 | |||
| 42 | #%# family=auto |
||
| 43 | #%# capabilities=autoconf suggest |
||
| 44 | |||
| 45 | =head1 VERSION |
||
| 46 | |||
| 47 | $Id$ |
||
| 48 | |||
| 49 | =head1 AUTHOR |
||
| 50 | |||
| 51 | Copyright (C) 2015. |
||
| 52 | |||
| 53 | Original version by Luc Duchosal (at) arcantel (dot) ch. |
||
| 54 | Created by Luc Duchosal, 2015 |
||
| 55 | |||
| 56 | =head1 LICENSE |
||
| 57 | |||
| 58 | BSD |
||
| 59 | |||
| 60 | =cut |
||
| 61 | |||
| 62 | |||
| 63 | use strict; |
||
| 64 | use Munin::Plugin; |
||
| 65 | |||
| 66 | $0 =~ /pf_tables_(addresses|inout)_(.+)$/; |
||
| 67 | my $name = $2; |
||
| 68 | my $operation = $1; |
||
| 69 | |||
| 70 | if ( defined($ARGV[0])) {
|
||
| 71 | if ($ARGV[0] eq 'autoconf') {
|
||
| 72 | print "yes\n"; |
||
| 73 | exit 0; |
||
| 74 | } |
||
| 75 | |||
| 76 | if ($ARGV[0] eq "config") {
|
||
| 77 | |||
| 78 | if (!defined($name)) {
|
||
| 79 | print "Unknown table\n"; |
||
| 80 | exit 0; |
||
| 81 | } |
||
| 82 | |||
| 83 | if (!defined($operation)) {
|
||
| 84 | print "Unknown operation\n"; |
||
| 85 | exit 0; |
||
| 86 | } |
||
| 87 | |||
| 88 | if ($operation =~ m/addresses/) {
|
||
| 89 | |||
| 90 | print "graph_title Connected users ($name)\n"; |
||
| 91 | print "graph_args --base 1000 -l 0\n"; |
||
| 92 | print "graph_vlabel Users\n"; |
||
| 93 | print "graph_scale no\n"; |
||
| 94 | c0568802 | dipohl | print "graph_category network\n"; |
| 95 | d153fc8a | lduchosal | print "graph_printf %3.0lf\n"; |
| 96 | |||
| 97 | print "users.label users\n"; |
||
| 98 | print "users.draw AREASTACK\n"; |
||
| 99 | print "users.colour 00C000\n"; |
||
| 100 | foreach my $field (qw(users)) {
|
||
| 101 | print_thresholds($field); |
||
| 102 | } |
||
| 103 | } |
||
| 104 | |||
| 105 | if ($operation =~ m/inout/) {
|
||
| 106 | |||
| 107 | print "graph_title Network bandwidth ($name)\n"; |
||
| 108 | print "graph_args --base 1024 -l 0\n"; |
||
| 109 | print "graph_vlabel Bandwidth\n"; |
||
| 110 | print "graph_scale yes\n"; |
||
| 111 | c0568802 | dipohl | print "graph_category network\n"; |
| 112 | d153fc8a | lduchosal | # print "graph_printf %3.0lf\n"; |
| 113 | |||
| 114 | print "in.label in\n"; |
||
| 115 | print "in.type DERIVE\n"; |
||
| 116 | 1724ae25 | Babak Farrokhi | print "in.draw AREA\n"; |
| 117 | d153fc8a | lduchosal | print "in.colour C00000\n"; |
| 118 | print "in.cdef in,8,*\n"; |
||
| 119 | print "in.min 0\n"; |
||
| 120 | print "in.graph no\n"; |
||
| 121 | 1724ae25 | Babak Farrokhi | print "out.label bps\n"; |
| 122 | d153fc8a | lduchosal | print "out.type DERIVE\n"; |
| 123 | print "out.negative in\n"; |
||
| 124 | 1724ae25 | Babak Farrokhi | print "out.draw AREA\n"; |
| 125 | print "out.colour COLOUR18\n"; |
||
| 126 | d153fc8a | lduchosal | print "out.cdef out,8,*\n"; |
| 127 | print "out.min 0\n"; |
||
| 128 | |||
| 129 | foreach my $field (qw(in out)) {
|
||
| 130 | print_thresholds($field); |
||
| 131 | } |
||
| 132 | |||
| 133 | } |
||
| 134 | exit 0; |
||
| 135 | } |
||
| 136 | |||
| 137 | if ($ARGV[0] eq "suggest") {
|
||
| 138 | my %tables = &tables(); |
||
| 139 | foreach my $key (keys(%tables)) {
|
||
| 140 | print "addresses_$key\n"; |
||
| 141 | print "inout_$key\n"; |
||
| 142 | } |
||
| 143 | exit 0; |
||
| 144 | } |
||
| 145 | |||
| 146 | } |
||
| 147 | |||
| 148 | if (!defined($name)) {
|
||
| 149 | print "Usage: pf_tables_addresses_tablename or pf_tables_inout_tablename\n"; |
||
| 150 | exit 1; |
||
| 151 | } |
||
| 152 | |||
| 153 | my %tables = &tables(); |
||
| 154 | if (!exists $tables{$name}) {
|
||
| 155 | print "Unknown table name $name\n"; |
||
| 156 | exit 2; |
||
| 157 | } |
||
| 158 | |||
| 159 | if ($operation =~ m/addresses/) {
|
||
| 160 | my $users = $tables{$name}->{"addresses"};
|
||
| 161 | print "users.value $users\n"; |
||
| 162 | } |
||
| 163 | |||
| 164 | if ($operation =~ m/inout/) {
|
||
| 165 | my $in = $tables{$name}->{"inpassbytes"};
|
||
| 166 | my $out = $tables{$name}->{"outpassbytes"};
|
||
| 167 | print "in.value $in\n"; |
||
| 168 | print "out.value $out\n"; |
||
| 169 | } |
||
| 170 | |||
| 171 | |||
| 172 | sub tables {
|
||
| 173 | |||
| 174 | # # pfctl -s Tables -vv |
||
| 175 | # -pa-r-- auth |
||
| 176 | # Addresses: 0 |
||
| 177 | # Cleared: Fri Sep 18 17:34:42 2015 |
||
| 178 | # References: [ Anchors: 0 Rules: 14 ] |
||
| 179 | # Evaluations: [ NoMatch: 43624 Match: 788 ] |
||
| 180 | # In/Block: [ Packets: 0 Bytes: 0 ] |
||
| 181 | # In/Pass: [ Packets: 30908 Bytes: 2704516 ] |
||
| 182 | # In/XPass: [ Packets: 124 Bytes: 7897 ] |
||
| 183 | # Out/Block: [ Packets: 0 Bytes: 0 ] |
||
| 184 | # Out/Pass: [ Packets: 30288 Bytes: 26313114 ] |
||
| 185 | # Out/XPass: [ Packets: 89 Bytes: 21166 ] |
||
| 186 | |||
| 187 | my $output = `/sbin/pfctl -s Tables -vv 2> /dev/null`; |
||
| 188 | my %tables; |
||
| 189 | my $name; |
||
| 190 | |||
| 191 | foreach (split(/\n/, $output)) {
|
||
| 192 | |||
| 193 | 1724ae25 | Babak Farrokhi | if (m|^[cpairhC\-]{7}\s+(\S+)$|) {
|
| 194 | d153fc8a | lduchosal | $name = $1; |
| 195 | 1724ae25 | Babak Farrokhi | $name =~ s/\-/_/; |
| 196 | $tables{$name}->{"name"} = $name;
|
||
| 197 | d153fc8a | lduchosal | next; |
| 198 | } |
||
| 199 | |||
| 200 | if (m|Addresses:\s+([0-9]+)$|) {
|
||
| 201 | $tables{$name}->{"addresses"} = $1;
|
||
| 202 | next; |
||
| 203 | } |
||
| 204 | |||
| 205 | if (m|Cleared:\s+(.+)$|) {
|
||
| 206 | $tables{$name}->{"cleared"} = $1;
|
||
| 207 | next; |
||
| 208 | } |
||
| 209 | |||
| 210 | if (m|In/Block:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
|
||
| 211 | $tables{$name}->{"inblockpackets"} = $1;
|
||
| 212 | $tables{$name}->{"inblockbytes"} = $2;
|
||
| 213 | next; |
||
| 214 | } |
||
| 215 | |||
| 216 | if (m|In/Pass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
|
||
| 217 | $tables{$name}->{"inpasspackets"} = $1;
|
||
| 218 | $tables{$name}->{"inpassbytes"} = $2;
|
||
| 219 | next; |
||
| 220 | } |
||
| 221 | |||
| 222 | if (m|In/XPass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
|
||
| 223 | $tables{$name}->{"inxpasspackets"} = $1;
|
||
| 224 | $tables{$name}->{"inxpassbytes"} = $2;
|
||
| 225 | next; |
||
| 226 | } |
||
| 227 | |||
| 228 | if (m|Out/Block:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
|
||
| 229 | $tables{$name}->{"outblockpackets"} = $1;
|
||
| 230 | $tables{$name}->{"outblockbytes"} = $2;
|
||
| 231 | next; |
||
| 232 | } |
||
| 233 | |||
| 234 | if (m|Out/Pass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
|
||
| 235 | $tables{$name}->{"outpasspackets"} = $1;
|
||
| 236 | $tables{$name}->{"outpassbytes"} = $2;
|
||
| 237 | next; |
||
| 238 | } |
||
| 239 | |||
| 240 | if (m|Out/XPass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
|
||
| 241 | $tables{$name}->{"outxpasspackets"} = $1;
|
||
| 242 | $tables{$name}->{"outxpassbytes"} = $2;
|
||
| 243 | next; |
||
| 244 | } |
||
| 245 | |||
| 246 | } |
||
| 247 | |||
| 248 | return %tables; |
||
| 249 | |||
| 250 | } |
||
| 251 | |||
| 252 | # vim:syntax=perl |