root / plugins / other / ipt_accounting_ @ 4eb89df7
Historique | Voir | Annoter | Télécharger (2,7 ko)
| 1 | e908d2d2 | Markus Frosch | #!/bin/sh |
|---|---|---|---|
| 2 | # |
||
| 3 | # iptables Accounting Tool |
||
| 4 | # |
||
| 5 | # What it does: |
||
| 6 | # It accounts data based on the counters of iptables |
||
| 7 | # |
||
| 8 | # How it works: |
||
| 9 | # You have to create a rule like this: |
||
| 10 | # iptables -I INPUT -m comment --comment "ACC-Name" ... |
||
| 11 | # iptables -I OUTPUT -m comment --comment "ACC-Name" ... |
||
| 12 | # |
||
| 13 | # You can create custom rules which matches any package which should |
||
| 14 | # be accounted. But the comment *must* begin with "ACC-" and a rule |
||
| 15 | # should be created for input and output for measuring the direction. |
||
| 16 | # |
||
| 17 | # Please specify no target on this rule, so it just counts the data. |
||
| 18 | # |
||
| 19 | # Some Examples: |
||
| 20 | # iptables -I INPUT -p udp -d 12.34.56.78 --dport 8767 -m comment --comment "ACC-teamspeak" |
||
| 21 | # iptables -I OUTPUT -p udp -s 12.34.56.78 --sport 8767 -m comment --comment "ACC-teamspeak" |
||
| 22 | # iptables -I INPUT -p tcp -d 12.34.56.78 --dport 25 -m comment --comment "ACC-mailserver" |
||
| 23 | # iptables -I OUTPUT -p tcp -s 12.34.56.78 --sport 25 -m comment --comment "ACC-mailserver" |
||
| 24 | # |
||
| 25 | # This plugin needs to be run as root for iptables to work! |
||
| 26 | # |
||
| 27 | # created by Markus Frosch aka lazyfrosch |
||
| 28 | # more Information on: http://www.lazyfrosch.de/linux/munin-ipt-accounting |
||
| 29 | # based on ip_ by jimmyo |
||
| 30 | # |
||
| 31 | #$Log$ |
||
| 32 | #Revision 0.1 2007/06/13 16:35:00 lazyfrosch |
||
| 33 | #First Release |
||
| 34 | # |
||
| 35 | # Magic markers (optional - used by munin-config and some installation |
||
| 36 | # scripts): |
||
| 37 | # |
||
| 38 | #%# family=auto |
||
| 39 | #%# capabilities=autoconf suggest |
||
| 40 | |||
| 41 | ACC=`basename $0 | sed 's/^ipt_accounting_//g'` |
||
| 42 | |||
| 43 | if [ "$1" = "autoconf" ]; then |
||
| 44 | if [ -r /proc/net/dev ]; then |
||
| 45 | iptables -L INPUT -v -n -x >/dev/null 2>/dev/null |
||
| 46 | if [ $? -gt 0 ]; then |
||
| 47 | echo "no (could not run iptables as user `whoami`)" |
||
| 48 | exit 1 |
||
| 49 | else |
||
| 50 | echo yes |
||
| 51 | exit 0 |
||
| 52 | fi |
||
| 53 | else |
||
| 54 | echo "no (/proc/net/dev not found)" |
||
| 55 | exit 1 |
||
| 56 | fi |
||
| 57 | fi |
||
| 58 | |||
| 59 | if [ "$1" = "suggest" ]; then |
||
| 60 | iptables -L INPUT -v -x -n 2>/dev/null | sed -n 's/^.*\/\* ACC\-\([a-zA-Z]*\) \*\/.*$/\1/p' |
||
| 61 | exit 0 |
||
| 62 | fi |
||
| 63 | |||
| 64 | if [ "$1" = "config" ]; then |
||
| 65 | |||
| 66 | echo "graph_order out in" |
||
| 67 | echo "graph_title iptables traffic for $ACC" |
||
| 68 | echo 'graph_args --base 1000' |
||
| 69 | echo 'graph_vlabel bits per ${graph_period}'
|
||
| 70 | echo 'graph_category network' |
||
| 71 | echo 'out.label sent' |
||
| 72 | echo 'out.type DERIVE' |
||
| 73 | echo 'out.min 0' |
||
| 74 | echo 'out.cdef out,8,*' |
||
| 75 | echo 'in.label received' |
||
| 76 | echo 'in.type DERIVE' |
||
| 77 | echo 'in.min 0' |
||
| 78 | echo 'in.cdef in,8,*' |
||
| 79 | exit 0 |
||
| 80 | fi; |
||
| 81 | |||
| 82 | iptables -L INPUT -v -n -x | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"in.value \" \$2 }"
|
||
| 83 | iptables -L OUTPUT -v -n -x | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"out.value \" \$2 }" |