2
0
mirror of https://github.com/munin-monitoring/contrib.git synced 2018-11-08 00:59:34 +01:00
contrib-munin/plugins/network/traffic_ipt
Lars Kruse c9157be3fe iptables-related plugins: use "-w" for consistent results
The parameter "-w" forces iptables to wait for a lock before
printing data.

The parameter requires iptables 1.6 (released 2015).

See https://github.com/munin-monitoring/munin/issues/586
2018-02-24 22:58:50 +01:00

151 lines
3.4 KiB
Bash
Executable File

#!/bin/bash
# -*- bash -*-
: << =cut
=head1 NAME
traffic - Plugin to monitor the traffic (throughput) by IP protocols.
=head1 CONFIGURATION
To make this plugin work, you need to add rules to your firewall.
They are empty rules, we only use them to count traffic, not do anything
with them. To make this plugin work correctly, these rules have to
in the beginning of the chain(s), or else traffic that matches rules
above will not be counted (you can use this to your advantage of course).
The rules can be added with:
iptables -I INPUT
iptables -I OUTPUT
ip6tables -I INPUT
ip6tables -I OUTPUT
If trouble reading output, use:
[traffic_ipt]
user root
=head1 AUTHORS
=over
=item 2012.09.20: Initial version by Arturo Borrero Gonzalez <aborrero@cica.es>
=item 2013.01.12: Added percentage graphing by Michiel Holtkamp <michiel@supermind.nl>
=item 2013.02.03: Converted to use iptables/ip6tables by Michiel Holtkamp <michiel@supermind.nl>
=item 2015.01.25: Fixed regexp and make use of a status file by Pierre Schweitzer <pierre@reactos.org>
=back
=head1 LICENSE
GPLv2
=head1 MAGIC MARKERS
#%# family=auto
#%# capabilities=autoconf
=cut
if [ "$1" == "config" ]
then
cat <<'EOF'
multigraph traffic_ipt
graph_title Throughput by IP protocol
graph_vlabel bits per ${graph_period}
graph_category network
graph_args --base 1000 --upper-limit 100 -l 0
IPv4.label IPv4 bps
IPv4.min 0
IPv4.type DERIVE
IPv4.draw AREA
IPv6.label IPv6 bps
IPv6.min 0
IPv6.type DERIVE
IPv6.draw STACK
total.label Total bps
total.min 0
total.type DERIVE
total.draw LINE1
EOF
# Adapted from http://munin-monitoring.org/wiki/PercentGraphHowto
cat << 'EOF'
multigraph traffic_ipt_percent
update no
graph_category network
graph_args --base 1000 -l 0 -u 100 -r
graph_scale no
graph_title Throughput of IP protocols by percentage
graph_vlabel Percentage
graph_order IPv4=traffic_ipt.IPv4 IPv6=traffic_ipt.IPv6 total=traffic_ipt.total IPv4_percent=traffic_ipt.total IPv6_percent=traffic_ipt.total
IPv4.graph no
IPv6.graph no
total.graph no
total.cdef IPv4,IPv6,0.00001,+,+
IPv4_percent.cdef IPv4,total,/,100,*
IPv4_percent.label IPv4
IPv4_percent.draw AREASTACK
IPv6_percent.cdef IPv6,total,/,100,*
IPv6_percent.label IPv6
IPv6_percent.draw AREASTACK
EOF
exit 0
fi
if [ ! -r $MUNIN_STATEFILE ]; then
oldv4=0
oldv6=0
else
oldv4=$(grep IPv4 $MUNIN_STATEFILE | cut -f2 -d '=')
oldv6=$(grep IPv6 $MUNIN_STATEFILE | cut -f2 -d '=')
fi
ipv4=0
ipv6=0
diffv4=0
diffv6=0
IPv4_bytes=$(iptables -L -n -v -x -w | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+--\W+\*\W+\*\W+0.0.0.0/0\W+0.0.0.0/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
if [ -z "$IPv4_bytes" ];
then
echo "W: Unable to read rule from iptables, please add rules" >&2
else
ipv4=$(echo $IPv4_bytes | sed -e 's/ / + /' | bc -l)
fi
IPv6_bytes=$(ip6tables -L -n -v -x -w | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+\*\W+\*\W+::/0\W+::/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
if [ -z "$IPv6_bytes" ];
then
echo "W: Unable to read rule from ip6tables, please add rules" >&2
else
ipv6=$(echo $IPv6_bytes | sed -e 's/ / + /' | bc -l)
fi
if [ $ipv4 -ge $oldv4 ];
then
diffv4=$(($ipv4 - $oldv4))
else
diffv4=$ipv4
fi
if [ $ipv6 -ge $oldv6 ];
then
diffv6=$(($ipv6 - $oldv6))
else
diffv6=$ipv6
fi
echo "IPv4=$ipv4" > $MUNIN_STATEFILE
echo "IPv6=$ipv6" >> $MUNIN_STATEFILE
echo "IPv4.value $diffv4"
echo "IPv6.value $diffv6"
echo "total.value $( echo $diffv4 + $diffv6 | bc )"
exit 0