Merge pull request #650 from lduchosal/master

pf_tables : Munin plugin to monitor pf tables.

plugins/network/arp_bsd_

@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# Wildcard-plugin to monitor arp on interfaces. To monitor an
+# interface, link arp_bsd_<interface> to this file. E.g.
+#
+#    ln -s /usr/local/share/munin/plugins/arp_bsd_ /usr/local/etc/munin/plugins/arp_bsd_vlanX
+#
+# ...will monitor arp on interface vlanX.
+#
+# Any device found in /sbin/ifconfig can be monitored.
+#
+# Bugs : This plugins has been tested extensively on FreeBSD only
+#
+# Author : Luc Duchosal <luc.duchosal (at) arcantel (dot) ch>
+#
+# Magic markers (optional - used by munin-config and some installation
+# scripts):
+#
+#%# family=auto
+#%# capabilities=autoconf suggest
+
+
+INTERFACE=`basename $0 | sed 's/^arp_bsd_//g'`
+
+if [ "$1" = "autoconf" ]; then
+        if [ -x /sbin/ifconfig ]; then
+                echo yes
+                exit 0
+        else
+                echo "no (/sbin/ifconfig not found)"
+                exit 0
+        fi
+fi
+
+if [ "$1" = "suggest" ]; then
+        if [ -x /sbin/ifconfig ]; then
+                /sbin/ifconfig -a | /usr/bin/grep -E '^[a-z]' | /usr/bin/awk -F\: '{print $1;}'
+                exit 0
+        else
+                exit 1
+        fi
+fi
+
+if [ "$1" = "config" ]; then
+
+        echo "graph_title $INTERFACE arp"
+        echo 'graph_args --base 1000'
+        echo 'graph_vlabel arp per ${graph_period}'
+        echo 'graph_category network'
+        echo 'arp.label arp'
+        exit 0
+fi
+
+/usr/sbin/arp -an | /usr/bin/grep $INTERFACE  | /usr/bin/wc -l | /usr/bin/awk '{ print "arp.value", $1;}'

plugins/network/pf_tables_

@@ -0,0 +1,252 @@
+#!/usr/bin/perl -w
+# -*- perl -*-
+
+=head1 NAME
+
+pf_tables : Munin plugin to monitor pf tables.
+Inout: bandwidth usage for table
+Addresses: number of entries in table
+
+
+=head1 APPLICABLE SYSTEMS
+
+Should work on any BSD that has pf(4).
+
+Examples:
+
+=over
+
+=item pf_tables_inout_tablename
+
+=item pf_tables_addresses_authenticated
+
+=item pf_tables_addresses_badboys
+
+
+=head1 CONFIGURATION
+
+[pf_tables_*]
+user root
+
+=head1 INTERPRETATION
+
+The plugin simply runs the pfctl -sTables -vvv command and counts the number of
+Addresses and InBytes/OutBytes in each table.
+
+=head1 BUGS
+
+Only tested extensively on FreeBSD.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf suggest
+
+=head1 VERSION
+
+  $Id$
+
+=head1 AUTHOR
+
+Copyright (C) 2015.
+
+Original version by Luc Duchosal (at) arcantel (dot) ch.
+Created by Luc Duchosal, 2015
+
+=head1 LICENSE
+
+BSD
+
+=cut
+
+
+use strict;
+use Munin::Plugin;
+
+$0 =~ /pf_tables_(addresses|inout)_(.+)$/;
+my $name = $2;
+my $operation = $1;
+
+if ( defined($ARGV[0])) {
+    if ($ARGV[0] eq 'autoconf') {
+        print "yes\n";
+        exit 0;
+    }
+
+    if ($ARGV[0] eq "config") {
+
+        if (!defined($name)) {
+            print "Unknown table\n";
+            exit 0;
+        }
+
+        if (!defined($operation)) {
+            print "Unknown operation\n";
+            exit 0;
+        }
+
+        if ($operation =~ m/addresses/) {
+
+            print "graph_title Connected users ($name)\n";
+            print "graph_args --base 1000 -l 0\n";
+            print "graph_vlabel Users\n";
+            print "graph_scale no\n";
+            print "graph_category pf\n";
+            print "graph_printf %3.0lf\n";
+
+            print "users.label users\n";
+            print "users.draw AREASTACK\n";
+            print "users.colour 00C000\n";
+            foreach my $field (qw(users)) {
+                print_thresholds($field);
+            }
+        }
+
+        if ($operation =~ m/inout/) {
+
+            print "graph_title Network bandwidth ($name)\n";
+            print "graph_args --base 1024 -l 0\n";
+            print "graph_vlabel Bandwidth\n";
+            print "graph_scale yes\n";
+            print "graph_category pf\n";
+#            print "graph_printf %3.0lf\n";
+
+            print "in.label in\n";
+            print "in.type DERIVE\n";
+            print "in.draw AREASTACK\n";
+            print "in.colour C00000\n";
+            print "in.cdef in,8,*\n";
+            print "in.min 0\n";
+            print "in.graph no\n";
+            print "out.label out\n";
+            print "out.type DERIVE\n";
+            print "out.negative in\n";
+            print "out.draw AREASTACK\n";
+            print "out.colour 0000C0\n";
+            print "out.cdef out,8,*\n";
+            print "out.min 0\n";
+            print "out.graph no\n";
+
+            foreach my $field (qw(in out)) {
+                print_thresholds($field);
+            }
+
+        }
+        exit 0;
+    }
+
+    if ($ARGV[0] eq "suggest") {
+        my %tables = &tables();
+        foreach my $key (keys(%tables)) {
+            print "addresses_$key\n";
+            print "inout_$key\n";
+        }
+        exit 0;
+    }
+
+}
+
+if (!defined($name)) {
+    print "Usage: pf_tables_addresses_tablename or pf_tables_inout_tablename\n";
+    exit 1;
+}
+
+my %tables = &tables();
+if (!exists $tables{$name}) {
+   print "Unknown table name $name\n";
+   exit 2;
+}
+
+if ($operation =~ m/addresses/) {
+    my $users = $tables{$name}->{"addresses"};
+    print "users.value $users\n";
+}
+
+if ($operation =~ m/inout/) {
+    my $in = $tables{$name}->{"inpassbytes"};
+    my $out = $tables{$name}->{"outpassbytes"};
+    print "in.value $in\n";
+    print "out.value $out\n";
+}
+
+
+sub tables {
+
+    # # pfctl -s Tables -vv
+    # -pa-r-- auth
+    #         Addresses:   0
+    #         Cleared:     Fri Sep 18 17:34:42 2015
+    #         References:  [ Anchors: 0                  Rules: 14                 ]
+    #         Evaluations: [ NoMatch: 43624              Match: 788                ]
+    #         In/Block:    [ Packets: 0                  Bytes: 0                  ]
+    #         In/Pass:     [ Packets: 30908              Bytes: 2704516            ]
+    #         In/XPass:    [ Packets: 124                Bytes: 7897               ]
+    #         Out/Block:   [ Packets: 0                  Bytes: 0                  ]
+    #         Out/Pass:    [ Packets: 30288              Bytes: 26313114           ]
+    #         Out/XPass:   [ Packets: 89                 Bytes: 21166              ]
+
+    my $output = `/sbin/pfctl -s Tables -vv 2> /dev/null`;
+    my %tables;
+    my $name;
+
+    foreach (split(/\n/, $output)) {
+
+       if (m|^[cpairhC\-]{7}\s+(\w+)$|) {
+          $name = $1;
+          $tables{$name}->{"name"} = $1;
+          next;
+       }
+
+       if (m|Addresses:\s+([0-9]+)$|) {
+          $tables{$name}->{"addresses"} = $1;
+          next;
+       }
+
+       if (m|Cleared:\s+(.+)$|) {
+          $tables{$name}->{"cleared"} = $1;
+          next;
+       }
+
+       if (m|In/Block:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"inblockpackets"} = $1;
+          $tables{$name}->{"inblockbytes"} = $2;
+          next;
+       }
+
+       if (m|In/Pass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"inpasspackets"} = $1;
+          $tables{$name}->{"inpassbytes"} = $2;
+          next;
+       }
+
+       if (m|In/XPass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"inxpasspackets"} = $1;
+          $tables{$name}->{"inxpassbytes"} = $2;
+          next;
+       }
+
+       if (m|Out/Block:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"outblockpackets"} = $1;
+          $tables{$name}->{"outblockbytes"} = $2;
+          next;
+       }
+
+       if (m|Out/Pass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"outpasspackets"} = $1;
+          $tables{$name}->{"outpassbytes"} = $2;
+          next;
+       }
+
+       if (m|Out/XPass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"outxpasspackets"} = $1;
+          $tables{$name}->{"outxpassbytes"} = $2;
+          next;
+       }
+
+    }
+
+    return %tables;
+
+}
+
+# vim:syntax=perl