TCP Services Graph with Iptraf and RRDTool


Zurück zur Linux Startseite

Inhalt


Intro

Dieses Dokument zeigt wie man den TCP Traffic nach Ports aufteilt und daraus eine Grafik generiert.
Folgende Programme werden dazu benötigt: iptraf und rrdtool

top.gifZurück zum Inhalt


IPtraf installieren

Installation von iptraf
Die ausführbaren Dateien sollten anschliessend in /usr/local/bin liegen!

tar -xzf iptraf-x.y.z.tar.gz
./setup

top.gifZurück zum Inhalt


Iptraf konfigurieren

IPtraf starten und den Intervall konfigurieren.

Das logging in /var/log/iptraf/ mit folgednem Befehl starten

iptraf -s eth1 -B

top.gifZurück zum Inhalt


RRDTool installieren

Das RoundRobinDatabaseTool (RRDTool) installieren

tar -xzf rrdtool-1.0.40.tar.gz
./configure --prefix=/usr/local/rrdtool
make
make install

top.gifZurück zum Inhalt


RoundRobinDatabase vorbereiten

Die RoundRobinDatabase vorbereiten

rrdtool create /var/log/tcp_services.rrd \
DS:20_in:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:20_out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:22_in:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:22_out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:25_in:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:25_out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:53_in:COUNTER:300:0:1250000 RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:53_out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:80_in:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:80_out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:110_in:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:110_out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:119_in:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \
DS:119_out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 \

top.gifZurück zum Inhalt


Datumsformat

Alle werte werden in einem speziellen Unix Format gespeichert. (Sekunden set 1. Jan. 1970 UTC)

date +%s

top.gifZurück zum Inhalt


IPTraf starten

Iptraf im hintergrund starten

iptraf -s eth1 -B

Am besten gerade ein Script in /etc/init.d/ anlegen und unter /etc/rc.d/rc3.d verlinken, damit beim Systemstart das logging gleich beginnt

#!/bin/sh

IPTRAF_BIN=/usr/bin/iptraf
IPTRAF_PIDFILE=/var/locks/iptraf.pid

if [ ! -x $IPTRAF_BIN ]; then
echo "$0: IPTRAF_BIN: cannot execute"
exit 1
fi

case "$1" in
start)
echo -n "Starting iptraf... "
$IPTRAF_BIN -s eth1 -B &
echo "done!"
;;
stop)
if [ -n "$smbd_pid" ]; then
echo -n "Stopping iptraf... "
kill -TERM $iptraf_pid
echo "done!"
else
echo "$0: IPTRAF not running"
exit 1
fi
;;
restart)
if [ -n "$pid" ]; then
echo -n "Restarting iptraf... "
kill -HUP $smbd_pid
echo "done!"
fi
;;

*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;

esac
exit 0

top.gifZurück zum Inhalt


Database updaten

Mit einem einfachen Perl Script kann man die Daten aus dem Iptraf Logfile (/var/log/iptraf/tcp_udp_services-eth1.log) auslesen und in die RoundRobinDatabase (RRD) abspeichern.

Am besten richtet man dafür gleich einen Cronjob ein.

[/etc/crontab]
00-59/5 * * * * root /usr/local/scripts/iptraf.pl >/dev/null 2>&1
00-59/5 * * * * root /usr/local/scripts/rrdgraph.sh >/dev/null 2>&1

top.gifZurück zum Inhalt


RRDTool Datenbank prüfen

Mit untenstehendem Befehl wird die DB abgefragt und die Werte werden and der Konsole ausgegeben.

# Dezember 2002 Andres Bohren
rrdtool fetch /var/log/rrd/tcp_services.rrd AVERAGE --start -86400

top.gifZurück zum Inhalt


RRDTool Grafik erzeugen

# Dezember 2002 Andres Bohren
# http://home.icewolf.ch/linux
# Erzeugt eine Grafik mittels RRDTool aus einer RoundRobinDatabase
#
CDATE=`date +%Y%m%d%H%M`

# FTP
echo 'FTP: '
rrdtool graph /web/rrd/ftp.png --imgformat=PNG --start -86400 DEF:in=/var/log/rrd/tcp_services.rrd:20_in:AVERAGE DEF:out=/var/log/rrd/tcp_services.rrd:20_out:AVERAGE AREA:in#0000ff:"FTP in" LINE1:out#00ff00:"FTP out" -v 'Bytes per second' COMMENT:'Created at '$CDATE
#
# SSH
echo 'SSH: '
rrdtool graph /web/rrd/ssh.png --imgformat=PNG --start -86400 DEF:in=/var/log/rrd/tcp_services.rrd:22_in:AVERAGE DEF:out=/var/log/rrd/tcp_services.rrd:22_out:AVERAGE AREA:in#0000ff:"SSH in" LINE1:out#00ff00:"SSH out" -v 'Bytes per second' COMMENT:'Created at '$CDATE
#
# SMTP
echo 'SMTP: '
rrdtool graph /web/rrd/smtp.png --imgformat=PNG --start -86400 DEF:in=/var/log/rrd/tcp_services.rrd:25_in:AVERAGE DEF:out=/var/log/rrd/tcp_services.rrd:25_out:AVERAGE AREA:in#0000ff:"SMTP in" LINE1:out#00ff00:"SMTP out" -v 'Bytes per second' COMMENT:'Created at '$CDATE
#
# DNS
echo 'DNS: '
rrdtool graph /web/rrd/dns.png --imgformat=PNG --start -86400 DEF:in=/var/log/rrd/tcp_services.rrd:53_in:AVERAGE DEF:out=/var/log/rrd/tcp_services.rrd:53_out:AVERAGE AREA:in#0000ff:"DNS in" LINE1:out#00ff00:"DNS out" -v 'Bytes per second' COMMENT:'Created at '$CDATE
#
# HTTP
echo 'HTTP: '
rrdtool graph /web/rrd/http.png --imgformat=PNG --start -86400 DEF:in=/var/log/rrd/tcp_services.rrd:80_in:AVERAGE DEF:out=/var/log/rrd/tcp_services.rrd:80_out:AVERAGE AREA:in#0000ff:"HTTP in" LINE1:out#00ff00:"HTTP out" -v 'Bytes per second' COMMENT:'Created at '$CDATE
#
# POP
echo 'POP: '
rrdtool graph /web/rrd/pop.png --imgformat=PNG --start -86400 DEF:in=/var/log/rrd/tcp_services.rrd:110_in:AVERAGE DEF:out=/var/log/rrd/tcp_services.rrd:110_out:AVERAGE AREA:in#0000ff:"POP in" LINE1:out#00ff00:"POP out" -v 'Bytes per second' COMMENT:'Created at '$CDATE
#
# NEWS
echo 'NEWS: '
rrdtool graph /web/rrd/news.png --imgformat=PNG --start -86400 DEF:in=/var/log/rrd/tcp_services.rrd:119_in:AVERAGE DEF:out=/var/log/rrd/tcp_services.rrd:119_out:AVERAGE AREA:in#0000ff:"NEWS in" LINE1:out#00ff00:"NEWS out" -v 'Bytes per second' COMMENT:'Created at '$CDATE

top.gifZurück zum Inhalt


Links

Lokales RRDTutorial
Dokumentation zum Aufsetzen http://www.taedium.net/rrd-iptraf/
RDDTool http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
iptraf Homepage http://iptraf.seul.org/
iptraf Freshmeat http://freshmeat.net/projects/iptraf/?topic_id=152

top.gifZurück zum Inhalt


Zur Linux Startseite home.icewolf.ch/linux/ | Copyright © 2002 - Andres Bohren Icewolf Software