Révision 8ea0ef82
make the graphs more like the if_ plugin
Show traffic in bits instead of bytes, use negative values for
incoming traffic, improve wording, simplify authentication, add
documentation.
| plugins/other/tor-bandwidth-usage | ||
|---|---|---|
| 1 | 1 |
#!/usr/bin/perl -w |
| 2 | 2 |
# |
| 3 |
# tor_bandwidth_acct - munin plugin to monitor Tor routers traffic
|
|
| 3 |
# tor-bandwidth-usage - munin plugin to monitor Tor traffic
|
|
| 4 | 4 |
# |
| 5 | 5 |
# To use this plugin you need the following: |
| 6 | 6 |
# o Enable accounting on torrc configuration file (even if you dont want to limit bandwidth usage, |
| ... | ... | |
| 9 | 9 |
# AccountingStart day 12:00 |
| 10 | 10 |
# AccountingMax 100 GB |
| 11 | 11 |
# o Enable CookieAuthentication (CookieAuthentication 1 in torrc) or define a HashedControlPassword |
| 12 |
# o Add something like the following to /etc/munin/plugin-conf.d/munin-node: |
|
| 13 |
# [tor-bandwidth-usage] |
|
| 14 |
# user debian-tor |
|
| 15 |
# env.cookiefile /var/run/tor/control.authcookie |
|
| 12 | 16 |
# |
| 13 |
# tested with Tor releases: 0.2.1.28, 0.2.1.29 |
|
| 14 | 17 |
# |
| 15 |
# Author: tazoi <dev AT tazoi DOT it>, based on a plugin by Ævar Arnfjörð Bjarmason <avarab@gmail.com |
|
| 18 |
# tested with Tor releases: 0.2.1.28, 0.2.1.29, 0.2.2.35 |
|
| 19 |
# |
|
| 20 |
# Author: tazoi <dev AT tazoi DOT it>, based on a plugin by Ævar Arnfjörð Bjarmason <avarab@gmail.com> |
|
| 16 | 21 |
# |
| 17 | 22 |
# Parameters understood (defined in file /etc/munin/plugin-conf.d/munin-node or in environment) |
| 18 |
# host - Change which host to graph (default localhost)
|
|
| 19 |
# port - Change which port to connect to (default 9051)
|
|
| 23 |
# host - Change which host to graph (default localhost)
|
|
| 24 |
# port - Change which port to connect to (default 9051)
|
|
| 20 | 25 |
# password - Plain-text control channel password (see torrc |
| 21 |
# HashedControlPassword parameter)
|
|
| 26 |
# HashedControlPassword parameter)
|
|
| 22 | 27 |
# cookiefile - Name of the file containing the control channel cookie |
| 23 |
# (see torrc CookieAuthentication parameter) |
|
| 24 |
# |
|
| 25 |
# Using HashedControlPassword authentication has the problem that you must |
|
| 26 |
# include the plain-text password in the munin config file. To have any |
|
| 27 |
# effect, that file shouldn't be world-readable. |
|
| 28 |
# If you're using CookieAuthentication, you should run this plugin as a user |
|
| 29 |
# which has read access to the tor datafiles. Also note that bugs in versions |
|
| 30 |
# upto and including 0.1.1.20 prevent CookieAuthentication from working. |
|
| 31 |
# |
|
| 32 |
# Usage: place in /etc/munin/node.d/ or in /etc/munin/plugins (or link it there using ln -s) |
|
| 28 |
# (see torrc CookieAuthentication parameter) |
|
| 33 | 29 |
# |
| 34 |
# Parameters understood:
|
|
| 35 |
# config (required)
|
|
| 36 |
# autoconf (optional - used by munin-config)
|
|
| 30 |
# Using HashedControlPassword authentication has the problem that you
|
|
| 31 |
# must include the plain-text password in the munin config file. To
|
|
| 32 |
# have any effect, that file shouldn't be world-readable.
|
|
| 37 | 33 |
# |
| 38 |
# todo: |
|
| 39 |
# try using "graph_period" option "to make graph_sums usable" |
|
| 34 |
# If you're using CookieAuthentication, you should run this plugin as |
|
| 35 |
# a user which has read access to the tor datafiles. Also note that |
|
| 36 |
# bugs in versions upto and including 0.1.1.20 prevent |
|
| 37 |
# CookieAuthentication from working. |
|
| 40 | 38 |
# |
| 41 |
# Magic markers - optional - used by installation scripts and |
|
| 42 |
# munin-config: |
|
| 39 |
# Usage: place in /etc/munin/plugins (or link it there using ln -s) |
|
| 43 | 40 |
# |
| 44 | 41 |
#%# family=contrib |
| 45 | 42 |
#%# capabilities=autoconf |
| 46 | 43 |
|
| 47 | 44 |
use strict; |
| 45 |
use feature ':5.10'; |
|
| 48 | 46 |
use IO::Socket::INET; |
| 47 |
use Munin::Plugin; |
|
| 49 | 48 |
|
| 50 | 49 |
# Config |
| 51 |
our $address = $ENV{host} || "localhost"; # Default: localhost
|
|
| 52 |
our $port = $ENV{port} || 9051; # Default: 9051
|
|
| 50 |
my $address = $ENV{host} || "localhost";
|
|
| 51 |
my $port = $ENV{port} || 9051;
|
|
| 53 | 52 |
|
| 54 | 53 |
# Don't edit below this line |
| 55 | 54 |
|
| 56 | 55 |
sub Authenticate |
| 57 | 56 |
{
|
| 58 |
my ($socket) = @_; |
|
| 59 |
my $authline = "AUTHENTICATE"; |
|
| 60 |
if (defined($ENV{cookiefile})) {
|
|
| 61 |
if (open(COOKIE, "<$ENV{cookiefile}")) {
|
|
| 62 |
binmode COOKIE; |
|
| 63 |
my $cookie; |
|
| 64 |
$authline .= " "; |
|
| 65 |
while (read(COOKIE, $cookie, 32)) {
|
|
| 66 |
foreach my $byte (unpack "C*", $cookie) {
|
|
| 67 |
$authline .= sprintf "%02x", $byte; |
|
| 68 |
} |
|
| 69 |
} |
|
| 70 |
close COOKIE; |
|
| 71 |
} |
|
| 72 |
} elsif (defined($ENV{password})) {
|
|
| 73 |
$authline .= ' "' . $ENV{password} . '"';
|
|
| 74 |
} |
|
| 75 |
print $socket "$authline\r\n"; |
|
| 76 |
my $replyline = <$socket>; |
|
| 77 |
if (substr($replyline, 0, 1) != '2') {
|
|
| 78 |
$replyline =~ s/\s*$//; |
|
| 79 |
return "Failed to authenticate: $replyline"; |
|
| 80 |
} |
|
| 81 |
|
|
| 82 |
return; |
|
| 57 |
my ($socket) = @_; |
|
| 58 |
my $authline = "AUTHENTICATE"; |
|
| 59 |
if (defined($ENV{cookiefile})) {
|
|
| 60 |
if (open(COOKIE, "<$ENV{cookiefile}")) {
|
|
| 61 |
my $cookie; |
|
| 62 |
binmode COOKIE; |
|
| 63 |
read(COOKIE, $cookie, 32); |
|
| 64 |
close COOKIE; |
|
| 65 |
$authline .= ' "' . $cookie . '"'; |
|
| 66 |
} |
|
| 67 |
} elsif (defined($ENV{password})) {
|
|
| 68 |
$authline .= ' "' . $ENV{password} . '"';
|
|
| 69 |
} |
|
| 70 |
say $socket "$authline"; |
|
| 71 |
my $replyline = <$socket>; |
|
| 72 |
if (substr($replyline, 0, 1) != '2') {
|
|
| 73 |
$replyline =~ s/\s*$//; |
|
| 74 |
return "Failed to authenticate: $replyline"; |
|
| 75 |
} |
|
| 76 |
|
|
| 77 |
return; |
|
| 83 | 78 |
} |
| 84 | 79 |
|
| 85 | 80 |
if ($ARGV[0] and $ARGV[0] eq "autoconf") {
|
| 86 |
# Try to connect to the daemon |
|
| 87 |
my $socket = IO::Socket::INET->new("$address:$port")
|
|
| 88 |
or my $failed = 1; |
|
| 89 |
|
|
| 90 |
if ($failed) {
|
|
| 91 |
print "no (failed to connect to $address port $port)\n"; |
|
| 92 |
exit 1; |
|
| 93 |
} |
|
| 94 |
|
|
| 95 |
my $msg = Authenticate($socket); |
|
| 96 |
if (defined($msg)) {
|
|
| 97 |
print $socket "QUIT\r\n"; |
|
| 98 |
close($socket); |
|
| 99 |
print "no ($msg)\n"; |
|
| 100 |
exit 1; |
|
| 101 |
} |
|
| 102 |
|
|
| 103 |
print $socket "QUIT\r\n"; |
|
| 104 |
close($socket); |
|
| 105 |
print "yes\n"; |
|
| 106 |
exit 0; |
|
| 81 |
# Try to connect to the daemon |
|
| 82 |
my $socket = IO::Socket::INET->new("$address:$port") or my $failed = 1;
|
|
| 83 |
|
|
| 84 |
if ($failed) {
|
|
| 85 |
say "no (failed to connect to $address port $port)"; |
|
| 86 |
exit 1; |
|
| 87 |
} |
|
| 88 |
|
|
| 89 |
my $msg = Authenticate($socket); |
|
| 90 |
if (defined($msg)) {
|
|
| 91 |
say $socket "QUIT"; |
|
| 92 |
close($socket); |
|
| 93 |
say "no ($msg)"; |
|
| 94 |
exit 1; |
|
| 95 |
} |
|
| 96 |
|
|
| 97 |
say $socket "QUIT"; |
|
| 98 |
close($socket); |
|
| 99 |
say "yes"; |
|
| 100 |
exit 0; |
|
| 107 | 101 |
} |
| 108 | 102 |
|
| 109 | 103 |
if ($ARGV[0] and $ARGV[0] eq "config") {
|
| 110 |
print "graph_title Tor bandwidth usage (in/out)\n"; |
|
| 111 |
print "graph_args --base 1000\n"; |
|
| 112 |
print "graph_vlabel bytes/sec\n"; |
|
| 113 |
print "graph_category Tor\n"; |
|
| 114 |
print "graph_info This graph shows the flowing incoming/outgoing bytes on a Tor node\n"; |
|
| 115 |
print "down.label Download\n"; |
|
| 116 |
print "down.type DERIVE\n"; |
|
| 117 |
print "down.min 0\n"; |
|
| 118 |
print "up.label Upload\n"; |
|
| 119 |
print "up.type DERIVE\n"; |
|
| 120 |
print "up.min 0\n"; |
|
| 121 |
|
|
| 122 |
exit 0; |
|
| 104 |
say "graph_order down up"; |
|
| 105 |
say "graph_title Tor traffic"; |
|
| 106 |
say "graph_args --base 1000"; |
|
| 107 |
say "graph_vlabel bits in (-) / out (+) per \${graph_period}";
|
|
| 108 |
say "graph_category network"; |
|
| 109 |
say "graph_info This graph shows the traffic through this Tor node."; |
|
| 110 |
say "down.label received"; |
|
| 111 |
say "down.type DERIVE"; |
|
| 112 |
say 'down.graph no'; |
|
| 113 |
say "down.cdef down,8,*"; |
|
| 114 |
say "down.min 0"; |
|
| 115 |
say "up.label b/s"; |
|
| 116 |
say "up.type DERIVE"; |
|
| 117 |
say "up.negative down"; |
|
| 118 |
say "up.cdef up,8,*"; |
|
| 119 |
say "up.min 0"; |
|
| 120 |
|
|
| 121 |
exit 0; |
|
| 123 | 122 |
} |
| 124 | 123 |
|
| 125 | 124 |
my $socket = IO::Socket::INET->new("$address:$port")
|
| 126 |
or die("Couldn't connect to $address port $port: $!");
|
|
| 125 |
or die("Couldn't connect to $address port $port: $!");
|
|
| 127 | 126 |
|
| 128 | 127 |
my $msg = Authenticate($socket); |
| 129 | 128 |
if (defined($msg)) {
|
| 130 |
print $socket "QUIT\r\n";
|
|
| 131 |
close($socket);
|
|
| 132 |
die "$msg\n";
|
|
| 129 |
say $socket "QUIT";
|
|
| 130 |
close($socket);
|
|
| 131 |
die "$msg\n";
|
|
| 133 | 132 |
} |
| 134 | 133 |
|
| 135 |
print $socket "GETINFO accounting/bytes\r\n";
|
|
| 134 |
say $socket "GETINFO accounting/bytes";
|
|
| 136 | 135 |
my $down = 0; |
| 137 | 136 |
my $up = 0; |
| 138 | 137 |
my $replyline = <$socket>; |
| 139 | 138 |
chomp($replyline); |
| 140 |
if ( $replyline =~ /^250-accounting\/bytes=(\d+)\s(\d+)\r$/ ) {
|
|
| 141 |
$down = $1;
|
|
| 142 |
$up = $2;
|
|
| 139 |
if ($replyline =~ /^250-accounting\/bytes=(\d+)\s(\d+)/) {
|
|
| 140 |
$down = $1;
|
|
| 141 |
$up = $2;
|
|
| 143 | 142 |
} else {
|
| 144 |
die "Failed to get accounting info: $replyline\n";
|
|
| 143 |
die "Failed to get accounting info: $replyline\n";
|
|
| 145 | 144 |
} |
| 146 | 145 |
|
| 147 |
print $socket "QUIT\r\n";
|
|
| 146 |
say $socket "QUIT";
|
|
| 148 | 147 |
close($socket); |
| 149 | 148 |
|
| 150 |
print "down.value $down\n";
|
|
| 151 |
print "up.value $up\n";
|
|
| 149 |
say "down.value $down";
|
|
| 150 |
say "up.value $up";
|
|
| 152 | 151 |
|
| 153 | 152 |
exit 0; |
Formats disponibles : Unified diff