/plugins/accounting/accounting_ - Annoter - Munin contributed plugins - Koumbit's Redmine

12316120

thalic

#!/bin/bash

2

# -*- sh -*-

3

: <<=cut

4

5

=head1 NAME

6

7

accounting_ - Wildcard-plugin for tcp, udp and icmp traffic-accounting (IPv4 or IPv6) through iptables.

8

9

=head1 CONFIGURATION

10

11

This plugin needs to be run as root for iptables to work.

12

  [accounting_*]

13

    user root

14

15

=head2 ENVIRONMENT VARIABLES

16

17

This plugin does not use environment variables.

18

19

=head2 WILDCARD PLUGIN

20

21

This is a wildcard plugin.  To monitor traffic going through your iptables,link

22

accounting_<ipv4|ipv6>_<accountingname> to this file.

23

24

For example,

25

  ln -s /opt/munin/lib/plugins/accounting_ /etc/opt/munin/plugins/accounting_ipv4_subnet1

26

27

will monitor the tcp, udp and icmp traffic for the accounting named subnet1.

28

29

30

=head2 IPTABLES

31

32

You will need to set up iptables rules to create packet counters for

33

incoming and outgoing traffic.  The examples here cover how to create

34

the rules. Add these lines at the top of your firewall-script.

35

36

=head3 Accounting for single ip

37

38

If you want to monitor the traffic from the IP 192.168.0.1, you need to add the following

39

lines (replace iptables with ip6tables if needed):

40

  iptables -I INPUT -d 192.168.0.1 -p icmp -m comment --comment ACCT-accountingname-icmp-in

41

  iptables -I INPUT -d 192.168.0.1 -p udp -m comment --comment ACCT-accountingname-udp-in

42

  iptables -I INPUT -d 192.168.0.1 -p tcp -m comment --comment ACCT-accountingname-tcp-in

43

  iptables -I OUTPUT -s 192.168.0.1 -p icmp -m comment --comment ACCT-accountingname-icmp-out

44

  iptables -I OUTPUT -s 192.168.0.1 -p udp -m comment --comment ACCT-accountingname-udp-out

45

  iptables -I OUTPUT -s 192.168.0.1 -p tcp -m comment --comment ACCT-accountingname-tcp-out

46

47

Only the IP itself (192.168.0.1) and the accounting-name (accountingname) need to be replaced by your values.

48

 iptables -I <INPUT|OUTPUT> -d <yourip> -p <tcp|udp|icmp> -m comment --comment ACCT-<yourname>-<tcp|udp|icmp>-in

49

50

Then add the plugin to your munin configuration:

51

  ln -s /opt/munin/lib/plugins/accounting_ /etc/opt/munin/plugins/accounting_ipv4_accountingname

52

53

54

=head3 Accounting for subnets

55

56

If you want to monitor the traffic from the subnet 192.168.0.1/24, you need to add the following

57

lines (replace iptables with ip6tables if needed):

58

59

  iptables -I INPUT -d 192.168.0.1/24 -p icmp -m comment --comment ACCT-subnet1-icmp-in

60

  iptables -I INPUT -d 192.168.0.1/24 -p udp -m comment --comment ACCT-subnet1-udp-in

61

  iptables -I INPUT -d 192.168.0.1/24 -p tcp -m comment --comment ACCT-subnet1-tcp-in

62

  iptables -I OUTPUT -s 192.168.0.1/24 -p icmp -m comment --comment ACCT-subnet1-icmp-out

63

  iptables -I OUTPUT -s 192.168.0.1/24 -p udp -m comment --comment ACCT-subnet1-udp-out

64

  iptables -I OUTPUT -s 192.168.0.1/24 -p tcp -m comment --comment ACCT-subnet1-tcp-out

65

66

Then add the plugin to your munin configuration:

67

  ln -s /opt/munin/lib/plugins/accounting_ /etc/opt/munin/plugins/accounting_ipv4_subnet1

68

69

=head1 BUGS

70

71

Accounting-names should not contain underline "_" in the name. So instead of "This_Is_A_Cool_Name" use "This-Is-A-Cool-Name".

72

73

=head1 NOTES

74

75

This plugin is based on the ip_ plugin.

76

77

=head1 MAGIC MARKERS

78

79

  #%# family=auto

80

  #%# capabilities=autoconf suggest

81

82

=head1 VERSION

83

84

1.0

85

86

=head1 HISTORY

87

88

2013-06-29: initial release

89

90

=head1 AUTHOR

91

92

Thomas Frey <thomas.frey-munin@hugga.org>

93

94

=head1 LICENSE

95

96

GPLv2

97

98

=cut

99

100

101

PARAM=${0##*accounting_}

102

SUBCHAIN=$(echo $PARAM | cut -d '_' -f 2)

103

PROTO=$(echo $PARAM | cut -d '_' -f 1)

104

105

if [ $PROTO = "ipv4" ]; then

106

  IPTABLES="/sbin/iptables"

107

elif [ $PROTO == "ipv6" ]; then

108

  IPTABLES="/sbin/ip6tables"

109

else

110

  echo "Configuration error: invalid protocol name: not ipv4 or ipv6."

111

  echo "Use accounting_<ipv4|ipv6>_accountingname."

112

	exit 1

113

fi

114

115

116

if [ "$1" == "autoconf" ]; then

117

	if [ -r /proc/net/dev ]; then

118

		$IPTABLES -L INPUT -v -n -x >/dev/null 2>/dev/null

119

			if [ $? -gt 0 ]; then

120

				echo "no (could not run iptables as user `whoami`)"

121

				exit 1

122

			else

123

				echo yes

124

			exit 0

125

fi

126

	else

127

		echo "no (/proc/net/dev not found)"

128

		exit 1

129

fi

130

fi

131

132

if [ "$1" = "suggest" ]; then

133

134

	if [ $PROTO = "ipv4" ]; then

135

	  $IPTABLES -L INPUT -v -x -n 2>/dev/null | sed -n 's/^.*\/\* ACCT\-\([a-zA-Z\-]*\) \*\/.*$/\ipv4_\1/p'

136

  	$IPTABLES -L OUTPUT -v -x -n 2>/dev/null | sed -n 's/^.*\/\* ACCT\-\([a-zA-Z\-]*\) \*\/.*$/\ipv4_\1/p'

137

	elif [ $PROTO == "ipv6" ]; then

138

	  $IPTABLES -L INPUT -v -x -n 2>/dev/null | sed -n 's/^.*\/\* ACCT\-\([a-zA-Z\-]*\) \*\/.*$/\ipv6_\1/p'

139

	  $IPTABLES -L OUTPUT -v -x -n 2>/dev/null | sed -n 's/^.*\/\* ACCT\-\([a-zA-Z\-]*\) \*\/.*$/\ipv6_\1/p'

140

fi

141

142

	exit 0

143

fi

144

145

146

if [ "$1" = "config" ]; then

147

148

	echo 'multigraph '${0##*/}'_in'

150

12316120

thalic

	echo 'graph_args --base 1024 -l 0'

151

	echo 'graph_vlabel bytes per ${graph_period}'

152

	echo 'graph_order tcpIN udpIN icmpIN'

154

12316120

thalic

	echo 'tcpIN.label tcp received'

155

  echo 'tcpIN.cdef tcpIN,8,*'

156

	echo 'tcpIN.type DERIVE'

157

  echo 'tcpIN.draw AREA'

158

	echo 'tcpIN.min 0'

159

  echo 'udpIN.label udp received'

160

  echo 'udpIN.cdef udpIN,8,*'

161

  echo 'udpIN.type DERIVE'

162

  echo 'udpIN.draw STACK'

163

  echo 'udpIN.min 0'

164

  echo 'icmpIN.label icmp received'

165

  echo 'icmpIN.cdef icmpIN,8,*'

166

  echo 'icmpIN.type DERIVE'

167

  echo 'icmpIN.draw STACK'

168

  echo 'icmpIN.min 0'

169

170

  echo 'multigraph '${0##*/}'_out'

171

  echo 'graph_title '$SUBCHAIN' traffic outgoing ('$PROTO')'

172

  echo 'graph_args --base 1024 -l 0'

173

  echo 'graph_vlabel bytes per ${graph_period}'

174

  echo 'graph_order tcpOUT udpOUT icmpOUT'

176

12316120

thalic

  echo 'tcpOUT.label tcp sent'

177

  echo 'tcpOUT.cdef tcpOUT,8,*'

178

  echo 'tcpOUT.type DERIVE'

179

  echo 'tcpOUT.draw AREA'

180

  echo 'tcpOUT.min 0'

181

  echo 'udpOUT.label udp sent'

182

  echo 'udpOUT.cdef udpOUT,8,*'

183

  echo 'udpOUT.type DERIVE'

184

  echo 'udpOUT.draw STACK'

185

  echo 'udpOUT.min 0'

186

  echo 'icmpOUT.label icmp sent'

187

  echo 'icmpOUT.cdef icmpOUT,8,*'

188

  echo 'icmpOUT.type DERIVE'

189

  echo 'icmpOUT.draw STACK'

190

  echo 'icmpOUT.min 0'

191

	exit 0

192

fi;

193

194

echo 'multigraph '${0##*/}'_in'

195

$IPTABLES -L INPUT -v -n -x | grep  "\/\* ACCT\-"$SUBCHAIN"\-tcp\-in \*\/" | tr -s '*' '-' | awk "{ print \"tcpIN.value \" \$2 }"

196

$IPTABLES -L INPUT -v -n -x | grep  "\/\* ACCT\-"$SUBCHAIN"\-udp\-in \*\/" | tr -s '*' '-' | awk "{ print \"udpIN.value \" \$2 }"

197

$IPTABLES -L INPUT -v -n -x | grep  "\/\* ACCT\-"$SUBCHAIN"\-icmp\-in \*\/" | tr -s '*' '-' | awk "{ print \"icmpIN.value \" \$2 }"

198

echo

199

echo 'multigraph '${0##*/}'_out'

200

$IPTABLES -L OUTPUT -v -n -x | grep  "\/\* ACCT\-"$SUBCHAIN"\-tcp\-out \*\/" | tr -s '*' '-' | awk "{ print \"tcpOUT.value \" \$2 }"

201

$IPTABLES -L OUTPUT -v -n -x | grep  "\/\* ACCT\-"$SUBCHAIN"\-udp\-out \*\/" | tr -s '*' '-' | awk "{ print \"udpOUT.value \" \$2 }"

202

$IPTABLES -L OUTPUT -v -n -x | grep  "\/\* ACCT\-"$SUBCHAIN"\-icmp\-out \*\/" | tr -s '*' '-' | awk "{ print \"icmpOUT.value \" \$2 }"

Projet

Général

Profil

Munin contributed plugins

root / plugins / accounting / accounting_ @ 29bdf34e