From 065088679105d641953739b8b77b4dcda45f7e27 Mon Sep 17 00:00:00 2001
From: Tanguy Pruvot <unknown@munin-monitoring.org>
Date: Sat, 30 Aug 2008 22:03:53 +0200
Subject: [PATCH] Initial version

---
 plugins/other/shorewall_ | 81 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100755 plugins/other/shorewall_

diff --git a/plugins/other/shorewall_ b/plugins/other/shorewall_
new file mode 100755
index 00000000..a48f8007
--- /dev/null
+++ b/plugins/other/shorewall_
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+# shorewall_ v2.0 - 30 Aug 2008 - Tanguy Pruvot <tanguy.pruvot@gmail.com>
+# 
+# A munin plugin for tracking traffic as recorded by shorewall accounting rules
+# 
+# ex: ln -s /usr/share/munin/plugins/shorewall_ /etc/munin/plugins/shorewall_ftp
+# will log ftp* rules like ftp, ftp_input, ftp_output etc...
+# 
+# Basic Concept by Chris AtLee <chris@atlee.ca> Released under the GPL v2
+
+import sys, commands, re
+from sys import argv
+from os.path import split
+
+path,script_name = split(argv[0])
+FilterExp = re.compile(r"^shorewall_(.*)$")
+m = FilterExp.match(script_name)
+if m is not None:
+    filterName = " " + m.group(1)
+    rFilter    = r"^" + m.group(1) + ".*$"
+else:
+    filterName = ""
+    rFilter    = r"^.*$"
+
+FilterExp = re.compile(rFilter)
+
+# regex for "shorewall show xxxx" output lines
+accountingLineExp = re.compile(r"^\s*\d+[KMG]*\s+(\d+)([KMGT]*)\s+(\w+).*$")
+
+def getBytesByChain():
+    trafficCmd = "shorewall"
+    status, output = commands.getstatusoutput("/sbin/shorewall show accounting 2>/dev/null")
+    if status != 0:
+        raise OSError("Error running command (%s)[%i]: %s" % (trafficCmd, status, output))
+    chains = {}
+    for line in output.split("\n"):
+        m = accountingLineExp.match(line)
+        if m is not None:
+            target = m.group(3)
+            bytes = int(m.group(1))
+
+            f = FilterExp.match(target)
+            if f is not None:
+                if m.group(2) == "K":
+                    bytes *= 1024
+                elif m.group(2) == "M":
+                    bytes *= 1024 * 1024
+                elif m.group(2) == "G":
+                    bytes *= 1024 * 1024 * 1024
+                elif m.group(2) == "T":
+                    bytes *= 1024 * 1024 * 1024 * 1024
+
+                if target in chains:
+                    chains[target] += bytes
+                else:
+                    chains[target] = bytes
+
+    retval = []
+    chainNames = chains.keys()
+    chainNames.sort()
+    for name in chainNames:
+        retval.append((name, chains[name]))
+    return retval
+ 
+if len(sys.argv) > 1:
+    if sys.argv[1] == "autoconf":
+        print "yes"
+        sys.exit(0)
+    elif sys.argv[1] == "config":
+        print "graph_title Shorewall accounting%s" % filterName
+        print "graph_category network"
+        print "graph_vlabel bits per ${graph_period}"
+        for chain,bytes in getBytesByChain():
+            print "%s.min 0" % chain
+            print "%s.type DERIVE" % chain
+            print "%s.label %s" % (chain, chain)
+            print "%s.cdef %s,8,*" % (chain, chain)
+        sys.exit(0)
+ 
+for chain, bytes in getBytesByChain():
+    print "%s.value %i" % (chain, bytes)
\ No newline at end of file