root / plugins / network / ipt_accounting_ @ f14628ad
Historique | Voir | Annoter | Télécharger (2,7 ko)
| 1 |
#!/bin/sh |
|---|---|
| 2 |
# |
| 3 |
# iptables Accounting Tool |
| 4 |
# |
| 5 |
# What it does: |
| 6 |
# It accounts data based on the counters of iptables |
| 7 |
# |
| 8 |
# How it works: |
| 9 |
# You have to create a rule like this: |
| 10 |
# iptables -I INPUT -m comment --comment "ACC-Name" ... |
| 11 |
# iptables -I OUTPUT -m comment --comment "ACC-Name" ... |
| 12 |
# |
| 13 |
# You can create custom rules which matches any package which should |
| 14 |
# be accounted. But the comment *must* begin with "ACC-" and a rule |
| 15 |
# should be created for input and output for measuring the direction. |
| 16 |
# |
| 17 |
# Please specify no target on this rule, so it just counts the data. |
| 18 |
# |
| 19 |
# Some Examples: |
| 20 |
# iptables -I INPUT -p udp -d 12.34.56.78 --dport 8767 -m comment --comment "ACC-teamspeak" |
| 21 |
# iptables -I OUTPUT -p udp -s 12.34.56.78 --sport 8767 -m comment --comment "ACC-teamspeak" |
| 22 |
# iptables -I INPUT -p tcp -d 12.34.56.78 --dport 25 -m comment --comment "ACC-mailserver" |
| 23 |
# iptables -I OUTPUT -p tcp -s 12.34.56.78 --sport 25 -m comment --comment "ACC-mailserver" |
| 24 |
# |
| 25 |
# This plugin needs to be run as root for iptables to work! |
| 26 |
# |
| 27 |
# created by Markus Frosch aka lazyfrosch |
| 28 |
# more Information on: http://www.lazyfrosch.de/linux/munin-ipt-accounting |
| 29 |
# based on ip_ by jimmyo |
| 30 |
# |
| 31 |
#$Log$ |
| 32 |
#Revision 0.1 2007/06/13 16:35:00 lazyfrosch |
| 33 |
#First Release |
| 34 |
# |
| 35 |
# Magic markers (optional - used by munin-config and some installation |
| 36 |
# scripts): |
| 37 |
# |
| 38 |
#%# family=auto |
| 39 |
#%# capabilities=autoconf suggest |
| 40 |
|
| 41 |
ACC=`basename $0 | sed 's/^ipt_accounting_//g'` |
| 42 |
|
| 43 |
if [ "$1" = "autoconf" ]; then |
| 44 |
if [ -r /proc/net/dev ]; then |
| 45 |
iptables -L INPUT -v -n -x >/dev/null 2>/dev/null |
| 46 |
if [ $? -gt 0 ]; then |
| 47 |
echo "no (could not run iptables as user `whoami`)" |
| 48 |
exit 1 |
| 49 |
else |
| 50 |
echo yes |
| 51 |
exit 0 |
| 52 |
fi |
| 53 |
else |
| 54 |
echo "no (/proc/net/dev not found)" |
| 55 |
exit 1 |
| 56 |
fi |
| 57 |
fi |
| 58 |
|
| 59 |
if [ "$1" = "suggest" ]; then |
| 60 |
iptables -L INPUT -v -x -n 2>/dev/null | sed -n 's/^.*\/\* ACC\-\([a-zA-Z]*\) \*\/.*$/\1/p' |
| 61 |
exit 0 |
| 62 |
fi |
| 63 |
|
| 64 |
if [ "$1" = "config" ]; then |
| 65 |
|
| 66 |
echo "graph_order out in" |
| 67 |
echo "graph_title iptables traffic for $ACC" |
| 68 |
echo 'graph_args --base 1000' |
| 69 |
echo 'graph_vlabel bits per ${graph_period}'
|
| 70 |
echo 'graph_category network' |
| 71 |
echo 'out.label sent' |
| 72 |
echo 'out.type DERIVE' |
| 73 |
echo 'out.min 0' |
| 74 |
echo 'out.cdef out,8,*' |
| 75 |
echo 'in.label received' |
| 76 |
echo 'in.type DERIVE' |
| 77 |
echo 'in.min 0' |
| 78 |
echo 'in.cdef in,8,*' |
| 79 |
exit 0 |
| 80 |
fi; |
| 81 |
|
| 82 |
iptables -L INPUT -v -n -x | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"in.value \" \$2 }"
|
| 83 |
iptables -L OUTPUT -v -n -x | grep -m1 "\/\* ACC\-"$ACC" \*\/" | awk "{ print \"out.value \" \$2 }"
|