MRTG Graphs per IP without SNMP
Contents
· Introduction
· Used programs
· Configure your firewall
· Get and configure the fetch script
· Configure MRTG
· Result
Introduction
Many people with a colocated or dedicated box would like to see what the actual traffic is per IP, instead of the complete NIC.
I have written a script for FreeBSD with IPFW to accomplish this task.
This howto is written assuming that you have knowledge of how to use the OS and how the firewall works. Also a general sense of how firewalls work could be handy.
User programs
IPFW
MRTG
Perl
Configure your firewall
For IPFW make a ruleset with one rule per IP for counting incoming packets and one rule per IP for counting outgoing packets.
For example:
1000 count ip from any to 192.168.0.1 via rly0 in
1001 count ip from 192.168.0.1 to any via rly0 out
1002 count ip from any to 192.168.0.8 via rly0 in
1003 count ip from 192.168.0.1 to any via rly0 out
- Note -
It is recommended to give those counting rules a standard set of numbers, so if you machine reboot, you do not have to update your MRTG configuration.
The firewall configuration is done now, let's go further with the script you need.
Get and configure the fetch script
Before you start configuring MRTG, please download this script: fwstatreader.pl
Put this file in a path where the root user can access it, and preferably noone else.
Change the file privileges to 0700.
Now open the file with your favourite editor, and check out the first few lines to check if the standard settings are correct. On most systems the standard will do.
Ofcourse check also the path to Perl at the very first line of the file.
Configure MRTG
Last part is now to let MRTG fetch the statistics.
Foreach IP you want graphs you add a standard set of lines to MRTG.
Only thing you replace is the "Target[name]: sometext" line. You replace it with:
Target[name]: `/path/to/fwstatreader.pl incoming-rule outgoing-rule bytes|packets`
- Note -
The incoming-rule and outgoing-rule are the complete (5 digits) linenumber of the rule in IPFW. So if you want to fetch rule 1000 for incoming, you specify 01000.
The difference between bytes and packets is that packets is purely how many packets have been send, which matched that rule, though it does not tell anything about the size of those packets. I guess most people would like to see the actual traffic going over the interface, for that use bytes.
Your MRTG configuration is done, MRTG should start generating graphs now.
Result
Well if you actually did all written above then you should also be able to see the results in a few minutes. Though if you did not do it, below a little example of the generated output (daily graph only at this moment).
|
|
|