Re: [Shorewall-users] Reporting Analisysing program

Sun, 27 Jan 2008 01:49:39 -0800 

Javier Martínez wrote:
>Anybody knows some graphic reporting/analysing 
>program for shorewall 4.0.7 or i have to do it 
>by accounting?

As Tom says, Shorewall is just a front end to 
make the low level stuff easier to administer.

Here are some scripts I use for traffic logging :

First you need to log the traffic, so in 'accounting' I have :

># Outside global stats
>outside-in:COUNT       -       eth0    -
>outside-out:COUNT      -       -       eth0
>DONE   outside
>
># Do acocunting by IP address
>account-ip     -       -       -
>total-ip-in:COUNT      account-ip      eth0    -
>total-ip-out:COUNT     account-ip      -       eth0
>DONE total-ip
>
>acc-serv
>total-serv-in:COUNT    acc-serv        eth0    -
>total-serv-out:COUNT   acc-serv        -       eth0
>DONE   total-serv
>
>
>INCLUDE accounting.ip
>INCLUDE accounting.service

And in accounting.ip I have :

>acc1-in:COUNT  account-ip      eth0    195.8.169.1
>acc1-out:COUNT account-ip      195.8.169.1     eth0
>DONE   acc1
>
>acc2-in:COUNT  account-ip      eth0    195.8.169.2
>acc2-out:COUNT account-ip      195.8.169.2     eth0
>DONE   acc2
(and so on up to 254, yes, we have a whole class C to play with)
accounting.service is currently empty


Then you need somewhere to put the data, so we have an rrd file created thus :

>rrdtool create ip-stats.rrd -s 300 \
>   DS:total-in:DERIVE:600:0:U \
>   DS:total-out:DERIVE:600:0:U \
>   \
>   DS:ip1-in:DERIVE:600:0:U \
>   DS:ip1-out:DERIVE:600:0:U \
>   DS:ip2-in:DERIVE:600:0:U \
>   DS:ip2-out:DERIVE:600:0:U \
>...
>   DS:ip254-in:DERIVE:600:0:U \
>   DS:ip254-out:DERIVE:600:0:U \
>   \
>   RRA:AVERAGE:0.5:1:576 \
>   RRA:MAX:0.5:1:576 \
>   RRA:AVERAGE:0.5:6:672 \
>   RRA:MAX:0.5:6:672 \
>   RRA:AVERAGE:0.5:24:732 \
>   RRA:MAX:0.5:24:732 \
>   RRA:AVERAGE:0.5:288:730 \
>   RRA:MAX:0.5:288:730
>
># CFs for :
>#   1 x 576    48hrx 5m
>#   6 x 672    14d x 1/2hr
>#  24 x 732    61d x 2hr
># 288 x 730   730d x 12hr



Then you need to get the data out of the kernel 
tables, I run this cron job once a minute :

>/usr/bin/rrdtool update ip-stats.rrd N:`/sbin/iptables -L account-ip -vxn | \
>   /usr/bin/awk 'BEGIN { getline ; getline }
>       { print $2 }' | \
>   /usr/bin/tr '
>' ':' | /bin/sed -e 's/:$//'`


The only step left then is to draw some graphs. 
The scripts I have for that are, well 'a bit 
ragged' and also too big to post here.


Hopefully that should give you some ideas of what 
is possible - 'man' is your friend in working out 
what each bit of the script does, and the online 
documentation for shorewall will cover that side.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to