mirror of
https://github.com/munin-monitoring/contrib.git
synced 2018-11-08 00:59:34 +01:00
c9157be3fe
The parameter "-w" forces iptables to wait for a lock before printing data. The parameter requires iptables 1.6 (released 2015). See https://github.com/munin-monitoring/munin/issues/586
151 lines
3.4 KiB
Bash
Executable File
151 lines
3.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# -*- bash -*-
|
|
|
|
: << =cut
|
|
|
|
=head1 NAME
|
|
|
|
traffic - Plugin to monitor the traffic (throughput) by IP protocols.
|
|
|
|
=head1 CONFIGURATION
|
|
|
|
To make this plugin work, you need to add rules to your firewall.
|
|
They are empty rules, we only use them to count traffic, not do anything
|
|
with them. To make this plugin work correctly, these rules have to
|
|
in the beginning of the chain(s), or else traffic that matches rules
|
|
above will not be counted (you can use this to your advantage of course).
|
|
|
|
The rules can be added with:
|
|
iptables -I INPUT
|
|
iptables -I OUTPUT
|
|
ip6tables -I INPUT
|
|
ip6tables -I OUTPUT
|
|
|
|
If trouble reading output, use:
|
|
|
|
[traffic_ipt]
|
|
user root
|
|
|
|
=head1 AUTHORS
|
|
|
|
=over
|
|
|
|
=item 2012.09.20: Initial version by Arturo Borrero Gonzalez <aborrero@cica.es>
|
|
|
|
=item 2013.01.12: Added percentage graphing by Michiel Holtkamp <michiel@supermind.nl>
|
|
|
|
=item 2013.02.03: Converted to use iptables/ip6tables by Michiel Holtkamp <michiel@supermind.nl>
|
|
|
|
=item 2015.01.25: Fixed regexp and make use of a status file by Pierre Schweitzer <pierre@reactos.org>
|
|
|
|
=back
|
|
|
|
=head1 LICENSE
|
|
|
|
GPLv2
|
|
|
|
=head1 MAGIC MARKERS
|
|
|
|
#%# family=auto
|
|
#%# capabilities=autoconf
|
|
|
|
=cut
|
|
|
|
if [ "$1" == "config" ]
|
|
then
|
|
cat <<'EOF'
|
|
multigraph traffic_ipt
|
|
graph_title Throughput by IP protocol
|
|
graph_vlabel bits per ${graph_period}
|
|
graph_category network
|
|
graph_args --base 1000 --upper-limit 100 -l 0
|
|
IPv4.label IPv4 bps
|
|
IPv4.min 0
|
|
IPv4.type DERIVE
|
|
IPv4.draw AREA
|
|
IPv6.label IPv6 bps
|
|
IPv6.min 0
|
|
IPv6.type DERIVE
|
|
IPv6.draw STACK
|
|
total.label Total bps
|
|
total.min 0
|
|
total.type DERIVE
|
|
total.draw LINE1
|
|
EOF
|
|
|
|
# Adapted from http://munin-monitoring.org/wiki/PercentGraphHowto
|
|
cat << 'EOF'
|
|
multigraph traffic_ipt_percent
|
|
update no
|
|
graph_category network
|
|
graph_args --base 1000 -l 0 -u 100 -r
|
|
graph_scale no
|
|
graph_title Throughput of IP protocols by percentage
|
|
graph_vlabel Percentage
|
|
graph_order IPv4=traffic_ipt.IPv4 IPv6=traffic_ipt.IPv6 total=traffic_ipt.total IPv4_percent=traffic_ipt.total IPv6_percent=traffic_ipt.total
|
|
IPv4.graph no
|
|
IPv6.graph no
|
|
total.graph no
|
|
total.cdef IPv4,IPv6,0.00001,+,+
|
|
IPv4_percent.cdef IPv4,total,/,100,*
|
|
IPv4_percent.label IPv4
|
|
IPv4_percent.draw AREASTACK
|
|
IPv6_percent.cdef IPv6,total,/,100,*
|
|
IPv6_percent.label IPv6
|
|
IPv6_percent.draw AREASTACK
|
|
EOF
|
|
exit 0
|
|
fi
|
|
|
|
if [ ! -r $MUNIN_STATEFILE ]; then
|
|
oldv4=0
|
|
oldv6=0
|
|
else
|
|
oldv4=$(grep IPv4 $MUNIN_STATEFILE | cut -f2 -d '=')
|
|
oldv6=$(grep IPv6 $MUNIN_STATEFILE | cut -f2 -d '=')
|
|
fi
|
|
|
|
ipv4=0
|
|
ipv6=0
|
|
diffv4=0
|
|
diffv6=0
|
|
|
|
IPv4_bytes=$(iptables -L -n -v -x -w | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+--\W+\*\W+\*\W+0.0.0.0/0\W+0.0.0.0/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
|
|
if [ -z "$IPv4_bytes" ];
|
|
then
|
|
echo "W: Unable to read rule from iptables, please add rules" >&2
|
|
else
|
|
ipv4=$(echo $IPv4_bytes | sed -e 's/ / + /' | bc -l)
|
|
fi
|
|
|
|
IPv6_bytes=$(ip6tables -L -n -v -x -w | egrep '^\W*[0-9]+\W+[0-9]+\W+all\W+\*\W+\*\W+::/0\W+::/0\W*$' | while read pkts bytes rest; do echo $bytes; done)
|
|
if [ -z "$IPv6_bytes" ];
|
|
then
|
|
echo "W: Unable to read rule from ip6tables, please add rules" >&2
|
|
else
|
|
ipv6=$(echo $IPv6_bytes | sed -e 's/ / + /' | bc -l)
|
|
fi
|
|
|
|
if [ $ipv4 -ge $oldv4 ];
|
|
then
|
|
diffv4=$(($ipv4 - $oldv4))
|
|
else
|
|
diffv4=$ipv4
|
|
fi
|
|
|
|
if [ $ipv6 -ge $oldv6 ];
|
|
then
|
|
diffv6=$(($ipv6 - $oldv6))
|
|
else
|
|
diffv6=$ipv6
|
|
fi
|
|
|
|
echo "IPv4=$ipv4" > $MUNIN_STATEFILE
|
|
echo "IPv6=$ipv6" >> $MUNIN_STATEFILE
|
|
|
|
echo "IPv4.value $diffv4"
|
|
echo "IPv6.value $diffv6"
|
|
echo "total.value $( echo $diffv4 + $diffv6 | bc )"
|
|
|
|
exit 0
|