Ad blocker detected: Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker on our website.
#!/usr/bin/perl
##
## This is a quick perl script to
## pull bandwidth usage from iptables chains
##
## If you use/optimize this script, please let me know.
## Brian Stanback : brian [at] stanback [dot] net
#
## Example iptables rule for web bandwidth usage:
## > iptables -N WWW
## > iptables -A WWW -j ACCEPT
## > iptables -A INPUT -p tcp -m tcp --dport 80 -j WWW
## > iptables -A OUTPUT -p tcp -m tcp --sport 80 -j WWW
##
## Run "iptables.pl WWW" as root to test, note that you can
## combine more than one protocol into a single chain.
##
## Sudo Configuration (/etc/sudoers)
## > www-data ALL = NOPASSWD: /usr/share/cacti/scripts/iptables.pl
##
## The Input String should be set to "sudo <path_cacti>/scripts/iptables.pl <chain>"
## and you will need to setup an input field so that the <chain> argument can be passed.
##
## The data input type should be set to COUNTER
##
#
#
# modified by: Paul Campbell <forums@campbell-multimedia.co.uk>
# Now returns a seperate entry for each rule. Output for a
# 3 rule chain might now be:
# rule1:123 rule2:456 rule3:789
if ($ARGV[0]) {
$chains = `/sbin/iptables --line-number -xnvL $ARGV[0]`;
@chains = split(/\n/, $chains);
shift(@chains);
shift(@chains);
foreach( @chains ) {
/(\d+)\W+[0-9]+\W+([0-9]+)\W+/;
print " rule$1:$2";
}
print "\n";
#$chains[2] =~ /[\W+]?[0-9]+\W+([0-9]+)\W+/;
} else {
print "Usage: $0 Chain\n";
}
It looks great! I really appreciate seeing scripts like this. The whole point of graphing is to be able to tell a story. The more chapters you add, the better the story will be!!!
Can you post the template xml for the graphs/data sources? This looks really cool and is very helpful. I've been looking for something like this for a while.
I'd love to, but as I haven't figured out how to use the template system on Cacti, I don't have a template.
The process to create the graphs was...
Add iptables rules to mark traffic in the "mangle" FORWARD chain. Use a bit flag structure, so you can match on AND masks later for the counters.
In my case these same marks are used to filter traffic into HTB classes and queues for QoS, but need not be for the graphs.
Then put your COUNTERS chain into the default FORWARD chain to match on bit masks for each type of traffic, or each user. In my case,
Bits 1, 2 and 4 are the 3 user sets. Me, my bro and the web server.
Bits 8, 16, 32 are high mid low priority traffic respectively.
Bit 64 is "outbound" selector.
Therefore:
--match mark --mark 1/1
Matches all my traffic and only my traffic.
mark 1/65
Would match all my inbound traffic. if the result of MARK AND 65 is 1, then 1 is set and 64 is not.
You "could" just not bother with the marking stuff, especially if you aren't going to use it for traffic control, but just accounting and make do with generic rules in the COUNTERS chain.
Next step was to put the iptables.pl script into SNMP.conf and create a <cacti_path>/scripts/iptables-snmp.pl script to parse the multiple values from the one SNMP response and set that up for the Input Method in cacti. ( I couldn't figure out how to graph more than one value from one snmp query). The script simply dumped the filtered reply to "snmpwalk -c public -v 2c routerinner.domain.com OID"
Then define the data sources to graph each of the rules.
Finally define a graph or graphs to show the data sources as you want them.
I'll certainly help you more, and if anyone can explain the template system to me, then I'd maybe give that a go if I can find the time.
venquessa wrote:
Next step was to put the iptables.pl script into SNMP.conf and create a <cacti_path>/scripts/iptables-snmp.pl script to parse the multiple values from the one SNMP response and set that up for the Input Method in cacti. ( I couldn't figure out how to graph more than one value from one snmp query). The script simply dumped the filtered reply to "snmpwalk -c public -v 2c routerinner.domain.com OID"
Is there any chance you could make available your iptables-snmp.pl script please?
I currently graph all bandwidth usage usage one snmp query each time and am trying to the one query process working. I use your iptables.pl script fine and get all the rules listed I want, just I can't post-process this file as you say:
The script simply dumped the filtered reply to "snmpwalk -c public -v 2c routerinner.domain.com OID"