setting up MRTG to monitor ethernet traffic
Serial # 19781010
I'd like to monitor the traffic on my rl0 ethernet device, as my Cable
modem is hooked to this device. (I want to see how much internet
traffic passes my FreeBSD 3.2 box).
I was looking at MRTG but can't really figure out how this could track
traffic from my ethernet device. Finally I found an snmp package that
can be installed under FreeBSD (uds-snmp) but I have no clue how SNMP
works.
Does anybody know of the existence of any tutorial or 'how_to' for
FreeBSD traffic monitoring with MRTG?
Thanks,
Luke
Doug Hardie
(Serial # 19781010) wrote:
I don't know of any tutorials, but I had no problem setting that up. Get
ucd-snmp package and compile it. There are two programs in the package.
You want snmpd. Start it up as root. Its a server so you should start it
up during boot. Then get mrtg up and running. Use the utility program
cfgmaker to build the heart of the mrtg config file. It will build config
sections for all ports on the box. Delete those you don't want and then
run mrtg a couple of times by hand and then put it in cron. The
instructions with mrtg and ucd-snmp are reasonable. Follow the simple
instructions the first time. Then play with the advanced features later.
Pat Sojay
> (Serial # 19781010) wrote:
> >
> > Does anybody know of the existence of any tutorial or 'how_to' for
> > FreeBSD traffic monitoring with MRTG?
> >
Not a HOWTO, but there's an article at
Philip Hallstrom
Serial # 19781010 <lu...@roberts.nospam.nl> wrote:
>Hi,
>
>I'd like to monitor the traffic on my rl0 ethernet device, as my Cable
>modem is hooked to this device. (I want to see how much internet
>traffic passes my FreeBSD 3.2 box).
>
>I was looking at MRTG but can't really figure out how this could track
>traffic from my ethernet device. Finally I found an snmp package that
>can be installed under FreeBSD (uds-snmp) but I have no clue how SNMP
>works.
>
>FreeBSD traffic monitoring with MRTG?
http://www.adhesivemedia.com/~philip/mrtg/
It's worked for me... I just wrote this up (easier than putting it here)
so if it's not clear let me know.
-philip
Mike Squires
>> > FreeBSD traffic monitoring with MRTG?
There's a book called something like LINUX Network Monitoring pub by
McGraw-Hill which has a chapter on setting up MRTG, and another on
tkined/scotty.
Serial # 19781010
I'll give it a shot soon.
Thanks,
Luke
Mike Squires
Mike Squires <mi...@sir-alan.chem.indiana.edu> wrote:
>>> In article <38ecf9b5...@news.euro.net>, lu...@roberts.nospam.nl
>>> (Serial # 19781010) wrote:
>>> >
>>> > Does anybody know of the existence of any tutorial or 'how_to' for
>>> > FreeBSD traffic monitoring with MRTG?
>
>
The sources used by RedHat 6.x are the same as used by FreeBSD, with changes
in things like location of setup files, binaries, etc., but this should work
OK as an intro.
Gregory Bond
> I'd like to monitor the traffic on my rl0 ethernet device, as my Cable
> modem is hooked to this device. (I want to see how much internet
> traffic passes my FreeBSD 3.2 box).
Here's what we do.
1) Configure a kernel with ipfw (if you haven't already).
2) add some lines like
ipfw add 20 skipto 40 ip from any to any out xmit fxp0
ipfw add 40 skipto 50 ip from any to any in recv fxp0
(where fxp0 is our interface to the ISP). This very happily counts
bytes and packets incoming and outgoing. You can get really fancy and
measure by protocol, destination etc by the judicious use of ipfw
rules.
[Aside: we use 3.2-R; more recent ipfw versions (from about 3.3
onwards) have "count" rules that orta be used instead of skipto's.]
3) Compile up the attached daemon and set it up to run from
/etc/rc.local.
4) in the cron entry for mrtg, run the attached getdata.sh script
(instead of mrtg)
5) Then use something like the attached MRTG config and
fmt_ipfwstats.pl (which will also keep a nice txt log of usage,
handy for arguing with ISP billing departments!)
6) Robert is your mother's brother.
Unshar and enjoy.
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# fmt_ipfwstats.pl
# getdata.sh
# ipfw.cfg
# ipfwlog.c
#
echo x - fmt_ipfwstats.pl
sed 's/^X//' >fmt_ipfwstats.pl << 'END-of-fmt_ipfwstats.pl'
X#! /usr/bin/perl
X
Xmy $usage = "fmt_ipfwstats.pl [-p] incoming-rule-number outgoing-rule-number comment logfile [filename]\n";
X
Xuse strict;
X
Xmy $pkt = 0;
X
Xif ($ARGV[0] eq '-p') {
X shift;
X $pkt = 1;
X}
Xdie $usage unless @ARGV >= 4;
X
Xmy $inn = shift;
Xmy $outn = shift;
Xmy $comment = shift;
Xmy $logf = shift;
X
Xdie $usage unless $inn > 0 && $inn < 65536;
Xdie $usage unless $outn > 0 && $outn < 65536;
X
Xmy ($inp, $outp, $inb, $outb);
X
Xwhile (<>) {
X # pkts, bytes - NB: input from ipfw is 64 bit integers!!!!
X # perl uses doubles, with ~56 bits, or ~7e16 bytes max resolution
X # at 128kbits/sec, that's ~190,000 years.....
X # 48 63616 18015452
X next unless /^\d/;
X my ($r, $p, $b) = split;
X if ($r == $inn) { $inb = $b; $inp = $p }
X if ($r == $outn) { $outb = $b; $outp = $p }
X}
X
Xopen(O, ">>" . $logf) || die "Cannot append to $logf: $!\n";
Xprintf O "%s,%.0f,%.0f,%.0f,%.0f\n", scalar(localtime), $inp, $inb, $outp, $outb;
Xclose(O);
X
X# What to put for uptime?
Xopen(O, $logf) || die "Cannot read $logf: $!\n";
X$_ = <O>;
Xclose(O);
Xchop;
Xs/,.*//;
Xprintf "%.0f\n%.0f\nStats collected since %s\n%s\n", $pkt ? $inp : $inb, $pkt ? $outp : $outb,
X $_, $comment;
END-of-fmt_ipfwstats.pl
echo x - getdata.sh
sed 's/^X//' >getdata.sh << 'END-of-getdata.sh'
X#! /bin/sh
X
X# careful about which directory this is in! Usually ~mrtg
X
X# First, get the data from the firewall
Xtelnet fw ipfwstats > ipfwstats 2>/dev/null
X
X# then process it
X/usr/local/bin/mrtg ./mrtg.cfg
END-of-getdata.sh
echo x - ipfw.cfg
sed 's/^X//' >ipfw.cfg << 'END-of-ipfw.cfg'
X# **PARTIAL** mrtg config
X
XTarget[ipfw_c]: `/usr/local/etc/mrtg/fmt_ipfwstats.pl 49 29 'Traffic to ISP' ispusage.log ipfwstats`
XMaxBytes[ipfw_c]: 16000
XTitle[ipfw_c]: Traffic to ISP
XPageTop[ipfw_c]: Traffic to ISP
X
END-of-ipfw.cfg
echo x - ipfwlog.c
sed 's/^X//' >ipfwlog.c << 'END-of-ipfwlog.c'
X/*
X * A daemon to read IPFW stats and return them, for use in things like MRTG
X *
X * November 1999, Gregory Bond, ITG Australia Ltd. g...@itga.com.au
X *
X * This file is in the public domain.
X *
X * Usage: run from rc.local, like
X * ipfwlog fw ipfwstats
X * where "fw" is a name that resolves to the _single_ IP address of the
X * -inside- of the firewall. "ipfwstats" is an entry in /etc/services.
X * (I use 7234 for no good reason).
X *
X * Can also be run from inetd, but the daemon mode is cheaper.
X *
X * Then something like "telnet ipfw ipfwstats" will return a bunch of lines
X * like
X * 27 3899 559616
X * 28 49165 30783181
X * 29 25642 1248178
X * where each line is a <rule #, packet count, byte count> triple. NB: counts
X * are "long long" i.e. 64bit. Take care when reading into awk/perl/etc.
X *
X * Most of the guts of the program are modelled after the "ipfw" program
X * itself.
X */
X
X#include <sys/types.h>
X#include <sys/socket.h>
X
X#include <stdio.h>
X#include <stdlib.h>
X#include <err.h>
X#include <sysexits.h>
X#include <ctype.h>
X#include <netdb.h>
X
X#include <netinet/in.h>
X#include <netinet/ip_fw.h>
X
Xstruct ip_fw *rulep;
Xint nunits; /* How many IP rules fetched into rulep */
Xint maxnunits = 200; /* Room for how many in rulep */
X
X
Xstatic void dumpto(FILE *);
Xstatic void getinfo(int);
X
Xstatic void
Xusage()
X{
X extern char *__progname; /* Urk! in crt0.o */
X
X fprintf(stderr, "Usage: %s <ip-address-to-bind-to> <portnum>\n",
X __progname);
X exit(EX_USAGE);
X}
X
Xint
Xmain(int ac, char **av)
X{
X int s;
X int maxnunits;
X
X if ((s = socket( AF_INET, SOCK_RAW, IPPROTO_RAW )) < 0)
X err(EX_OSERR, "socket");
X
X if (ac == 1) {
X /* Assume inetd etc so just onceoff to STDOUT */
X getinfo(s);
X dumpto(stdout);
X } else if (ac == 3) {
X /* second arg is IP to bind to, third is the port number. So
X * create a listening socket and then, for each connection,
X * dump to it! */
X int ls; /* listen socket */
X static struct sockaddr_in sa;
X
X if (isdigit(av[1][0])) {
X if (!inet_aton(av[1], &sa.sin_addr))
X errx(EX_USAGE, "Cannot parse IP address %s", av[1]);
X } else {
X const struct hostent *hp = gethostbyname(av[1]);
X if (!hp)
X errx(EX_USAGE, "Cannot get IP address for name %s", av[1]);
X if (hp->h_addr_list[0] && !hp->h_addr_list[1]) {
X bcopy(hp->h_addr_list[0], &sa.sin_addr, hp->h_length);
X } else {
X errx(EX_USAGE, "Hostname %s needs exactly 1 IP addresses",
X av[1]);
X }
X }
X
X if (isdigit(av[2][0])) {
X sa.sin_port = htons(atoi(av[2]));
X } else {
X const struct servent *sp = getservbyname(av[2], "tcp");
X if (!sp)
X errx(EX_USAGE, "Cannot get port for service %s", av[2]);
X
X sa.sin_port = sp->s_port;
X }
X
X sa.sin_family = AF_INET;
X
X if ((ls = socket(PF_INET, SOCK_STREAM, 0)) < 0)
X err(EX_OSERR, "Bind socket create");
X /* Don't ya wish C had inheritance??!? */
X if (bind(ls, (struct sockaddr *)&sa, sizeof(sa)) < 0)
X err(EX_OSERR, "Socket bind");
X if (listen(ls, 1) < 0)
X err(EX_OSERR, "Socket listen");
X
X /* All set up, so fork & background */
X daemon(0, 0);
X
X while (1) {
X struct sockaddr_in rsa;
X int rsa_len;
X int as; /* Accept socket */
X FILE *fp;
X
X rsa_len = sizeof(rsa);
X as = accept(ls, (struct sockaddr *)&rsa, &rsa_len);
X if (as < 0)
X err(EX_OSERR, "Socket accept");
X
X if ((fp = fdopen(as, "w")) == NULL)
X err(EX_OSERR, "fdopen()");
X
X getinfo(s);
X dumpto(fp);
X fclose(fp);
X }
X } else {
X usage();
X }
X}
X
Xvoid
Xgetinfo(int s)
X{
X /* A while loop to take account of the fact that the number of
X * rules might change and exceed maxnunits
X * But we leave p lying around to avoid too much malloc/free!
X */
X while (1) {
X int nsize = sizeof(struct ip_fw);
X int nbytes = maxnunits * nsize;
X
X if (!rulep) {
X if ((rulep = malloc(nbytes)) == NULL)
X errx(EX_OSERR, "out of memory");
X }
X
X if (getsockopt(s, IPPROTO_IP, IP_FW_GET, rulep, &nbytes) < 0)
X err(EX_OSERR, "getsockopt(IP_FW_GET)");
X
X nunits = nbytes / nsize;
X if (nunits < maxnunits) break;
X maxnunits *= 2;
X free(rulep);
X rulep = NULL;
X }
X}
X
X
X
Xvoid
Xdumpto(FILE *fp)
X{
X int i;
X for (i = 0; i< nunits; i++) {
X struct ip_fw *q = rulep + i;
X fprintf(fp, "%d %qd %qd\n", q->fw_number, q->fw_pcnt,
X q->fw_bcnt);
X }
X}
END-of-ipfwlog.c
exit