#!/bin/bash # -*- bash -*- : << =cut =head1 NAME traffic - Plugin to monitor the traffic (throughput) by IP protocols. =head1 CONFIGURATION To make this plugin work, you need to add rules to your firewall. They are empty rules, we only use them to count traffic, not do anything with them. To make this plugin work correctly, these rules have to in the beginning of the chain(s), or else traffic that matches rules above will not be counted (you can use this to your advantage of course). The rules can be added with: iptables -I INPUT iptables -I OUTPUT ip6tables -I INPUT ip6tables -I OUTPUT If trouble reading output, use: [traffic_ipt] user root =head1 AUTHORS =over =item 2012.09.20: Initial version by Arturo Borrero Gonzalez =item 2013.01.12: Added percentage graphing by Michiel Holtkamp =item 2013.02.03: Converted to use iptables/ip6tables by Michiel Holtkamp =item 2015.01.25: Fixed regexp and make use of a status file by Pierre Schweitzer =back =head1 LICENSE GPLv2 =head1 MAGIC MARKERS #%# family=auto #%# capabilities=autoconf =cut if [ "$1" == "config" ] then cat <<'EOF' multigraph traffic_ipt graph_title Throughput by IP protocol graph_vlabel bits per ${graph_period} graph_category network graph_args --base 1000 --upper-limit 100 -l 0 IPv4.label IPv4 bps IPv4.min 0 IPv4.type DERIVE IPv4.draw AREA IPv6.label IPv6 bps IPv6.min 0 IPv6.type DERIVE IPv6.draw STACK total.label Total bps total.min 0 total.type DERIVE total.draw LINE1 EOF # Adapted from http://munin-monitoring.org/wiki/PercentGraphHowto cat << 'EOF' multigraph traffic_ipt_percent update no graph_category network graph_args --base 1000 -l 0 -u 100 -r graph_scale no graph_title Throughput of IP protocols by percentage graph_vlabel Percentage graph_order IPv4=traffic_ipt.IPv4 IPv6=traffic_ipt.IPv6 total=traffic_ipt.total IPv4_percent=traffic_ipt.total IPv6_percent=traffic_ipt.total IPv4.graph no IPv6.graph no total.graph no total.cdef IPv4,IPv6,0.00001,+,+ IPv4_percent.cdef IPv4,total,/,100,* IPv4_percent.label IPv4 IPv4_percent.draw AREASTACK IPv6_percent.cdef IPv6,total,/,100,* IPv6_percent.label IPv6 IPv6_percent.draw AREASTACK EOF exit 0 fi if [ ! -r $MUNIN_STATEFILE ]; then oldv4=0 oldv6=0 else oldv4=$(grep IPv4 $MUNIN_STATEFILE | cut -f2 -d '=') oldv6=$(grep IPv6 $MUNIN_STATEFILE | cut -f2 -d '=') fi ipv4=0 ipv6=0 diffv4=0 diffv6=0 IPv4_bytes=$(iptables -L -n -v -x | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+--\W+\*\W+\*\W+0.0.0.0/0\W+0.0.0.0/0\W*$' | while read pkts bytes rest; do echo $bytes; done) if [ -z "$IPv4_bytes" ]; then echo "W: Unable to read rule from iptables, please add rules" >&2 else ipv4=$(echo $IPv4_bytes | sed -e 's/ / + /' | bc -l) fi IPv6_bytes=$(ip6tables -L -n -v -x | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+\*\W+\*\W+::/0\W+::/0\W*$' | while read pkts bytes rest; do echo $bytes; done) if [ -z "$IPv6_bytes" ]; then echo "W: Unable to read rule from ip6tables, please add rules" >&2 else ipv6=$(echo $IPv6_bytes | sed -e 's/ / + /' | bc -l) fi if [ $ipv4 -ge $oldv4 ]; then diffv4=$(($ipv4 - $oldv4)) else diffv4=$ipv4 fi if [ $ipv6 -ge $oldv6 ]; then diffv6=$(($ipv6 - $oldv6)) else diffv6=$ipv6 fi echo "IPv4=$ipv4" > $MUNIN_STATEFILE echo "IPv6=$ipv6" >> $MUNIN_STATEFILE echo "IPv4.value $diffv4" echo "IPv6.value $diffv6" echo "total.value $( echo $diffv4 + $diffv6 | bc )" exit 0