I had a situation come up where I needed to monitor some iptables rules and make graphs for them. This was ina test system so I essentially had a lot of freedom to do whatever, just get it working.
I was going to set up something like cacti or nagios, but honestly that would have been such a headache for such a simple thing I needed. I simply needed to make some graphs based on simple numbers from an iptables output.
So here's what I did. It's quick and dirty. So very dirty. I cringe looking at some things I did now. But I did get the results I needed for the test system and it only took about 10 minutes. Most of this was written in one sitting without testing. I think I had to make about 5 changes from the original version while writing. Not bad for only using some basics. Of course depending on the rules you use, the regex would be different to find the rules you are tracking.
#! /bin/bash
# This script makes graphs for iptables entries
# Get current time as variable
date=$(date +%H:%M)
# Get iptables data to graph
iptables -L -n -v > /home/mark/scripts/iptables.last
################ FORWARD ################
# Needed to monitor iptables rules I had made for 192.168.2 and .3 (scales easily though)
grep 'ACCEPT.*all.*0\.0\.0\.0.*192\.168\.1\.[23]' /home/mark/scripts/iptables.last|awk '{print $2, $9}'|sed -e 's/K/000/' -e 's/M/000000/' -e 's/G/000000000/' -e 's/[0-9][0-9][0-9]$//' |sed "s/^/$date /" >> /home/mark/scripts/iptablesforward.dat
#Clean up data file so it only has most recent 60 records (120 since there are two ip's)
DATALINES=$(wc -l /home/mark/scripts/iptablesforward.dat|awk '{print $1}')
while [[ $DATALINES -gt 120 ]]
do
sed -i '1 d' /home/mark/scripts/iptablesforward.dat
DATALINES=$(wc -l /home/mark/scripts/iptablesforward.dat|awk '{print $1}')
done
# Make separate files for graphing, easy way (120 above = 60 lines of each)
grep 192.168.1.2 /home/mark/scripts/iptablesforward.dat > /home/mark/scripts/iptablesforward.dat.2
grep 192.168.1.3 /home/mark/scripts/iptablesforward.dat > /home/mark/scripts/iptablesforward.dat.3
# Gnuplot config file
#set term png
#set output '/var/www/iptablesforwardstats.png'
#set terminal png size 1500,400
#set ylabel "Data forwarded in KB"
#set xlabel " "
#set xtics rotate by 270
#set grid
#set key outside
#plot '/home/mark/scripts/iptablesforward.dat.2' using 2:xticlabel(1) with lines lw 3 title '192.168.1.2', \
#'/home/mark/scripts/iptablesforward.dat.3' using 2:xticlabel(1) with lines lw 3 title '192.168.1.3'
gnuplot /home/mark/scripts/iptablesFWDgnuplot.cfg
################ FORWARD ################
################ Interface Stats ################
# Input
grep 'ACCEPT.*all.*0.0.0.0/0.*0.0.0.0/0' /home/mark/scripts/iptables.last|sed -n '1p'|awk '{print $2}'|sed -e 's/K/000/' -e 's/M/000000/' -e 's/G/000000000/' -e 's/[0-9][0-9][0-9]$//' |sed "s/^/$date /" >> /home/mark/scripts/iptablesINTinput.dat
# Forward
grep 'ACCEPT.*all.*0.0.0.0/0.*0.0.0.0/0' /home/mark/scripts/iptables.last|sed -n '2p'|awk '{print $2}'|sed -e 's/K/000/' -e 's/M/000000/' -e 's/G/000000000/' -e 's/[0-9][0-9][0-9]$//' |sed "s/^/$date /" >> /home/mark/scripts/iptablesINTforward.dat
# Output
grep 'ACCEPT.*all.*0.0.0.0/0.*0.0.0.0/0' /home/mark/scripts/iptables.last|sed -n '3p'|awk '{print $2}'|sed -e 's/K/000/' -e 's/M/000000/' -e 's/G/000000000/' -e 's/[0-9][0-9][0-9]$//' |sed "s/^/$date /" >> /home/mark/scripts/iptablesINToutput.dat
#Clean up data file so it only has most recent 60 records
for file in `echo /home/mark/scripts/iptablesINTinput.dat /home/mark/scripts/iptablesINTforward.dat /home/mark/scripts/iptablesINToutput.dat`
do
DATALINES=$(wc -l $file|awk '{print $1}')
while [[ $DATALINES -gt 60 ]]
do
sed -i '1 d' $file
DATALINES=$(wc -l $file|awk '{print $1}')
done
done
#set term png
#set output '/var/www/iptablesinterfacestats.png'
#set terminal png size 1500,400
#set ylabel "Data in KB"
#set xlabel " "
#set xtics rotate by 270
#set key outside
#set grid
#plot '/home/mark/scripts/iptablesINTinput.dat' using 2:xticlabel(1) with lines lw 3 lc rgb 'green' title 'INPUT', \
#'/home/mark/scripts/iptablesINTforward.dat' using 2:xticlabel(1) with lines lw 3 lc rgb 'red' title 'FORWARD', \
#'/home/mark/scripts/iptablesINToutput.dat' using 2:xticlabel(1) with lines lw 3 lc rgb 'blue' title 'OUTPUT'
gnuplot /home/mark/scripts/iptablesINTgnuplot.cfg
################ Interface Stats ################
# Reset IPtables so I don't have to do any weird math next run (only graphing new rule hits; not cumulative)
iptables -Z
# I consider this a cheater move but it saved some lines and we didn't need iptables tracking to stay cumulative
No comments:
Post a Comment