Cette page présente ma première expérimentation pour obtenir des statistiques réseaux détaillées.

D'abord quelques exemples de résultats :

Et le script utilisé pour faire ce premier test : 

# First iptables+RRD experimentation
# Copyright © AUF, Licence: GPL
# Author: Progfou <jean-christophe.andre@auf.org>
# Creation: 2008-01-04

IPT="sudo /sbin/iptables"
RRD="/usr/bin/rrdtool"
PREFIX="test1-"

ipt_install () {
  $IPT -N AccountInput
  $IPT -I INPUT -j AccountInput
  $IPT -N AccountOutput
  $IPT -I OUTPUT -j AccountOutput
  # protocols over IP
  for name_proto in ICMP:icmp TCP:tcp UDP:udp ESP:esp OtherIP:
  do
    name=${name_proto%:*} ; proto=${name_proto#*:}
    $IPT -N AccountInput${name}
    $IPT -A AccountInput ${proto:+-p ${proto}} -j AccountInput${name}
    $IPT -N AccountOutput${name}
    $IPT -A AccountOutput ${proto:+-p ${proto}} -j AccountOutput${name}
  done
}

ipt_stats () {
  $IPT -nvxL | grep -v ^Chain | grep Account | sort -k3
}

ipt_clean () {
  $IPT -D INPUT -j AccountInput
  $IPT -F AccountInput
  $IPT -D OUTPUT -j AccountOutput
  $IPT -F AccountOutput
  $IPT -nvL | awk '/^Chain Account/{print $2}' |
  while read chain ; do $IPT -X "$chain" ; done
}

rrd_create () {
  for direction in input output
  do
    $RRD create ${PREFIX}${direction}.rrd \
      --start now --step 1 \
      DS:ICMP:COUNTER:5:U:U \
      DS:TCP:COUNTER:5:U:U \
      DS:UDP:COUNTER:5:U:U \
      DS:ESP:COUNTER:5:U:U \
      DS:OtherIP:COUNTER:5:U:U \
      RRA:AVERAGE:0.5:1:3600
  done
}

rrd_update () {
  eval $($IPT -nvxL | awk '/^Chain/{next}/Account/{print $3"="$2}')
  $RRD update ${PREFIX}input.rrd -t ICMP:TCP:UDP:ESP:OtherIP \
        N:${AccountInputICMP}:${AccountInputTCP}:${AccountInputUDP}:${AccountInputESP}:${AccountInputOtherIP}
  $RRD update ${PREFIX}output.rrd -t ICMP:TCP:UDP:ESP:OtherIP \
        N:${AccountOutputICMP}:${AccountOutputTCP}:${AccountOutputUDP}:${AccountOutputESP}:${AccountOutputOtherIP}
}

rrd_graph () {
  graph_options="--start=1199493660 --end=1199497260"
  graph_options="${graph_options} --step=60 --lower-limit=0"
  for direction in input output
  do
    rrdtool graph ${PREFIX}${direction}.png ${graph_options} \
      --width=600 --height=600 \
      DEF:ICMP=${PREFIX}${direction}.rrd:ICMP:AVERAGE \
      DEF:TCP=${PREFIX}${direction}.rrd:TCP:AVERAGE \
      DEF:UDP=${PREFIX}${direction}.rrd:UDP:AVERAGE \
      DEF:ESP=${PREFIX}${direction}.rrd:ESP:AVERAGE \
      DEF:OtherIP=${PREFIX}${direction}.rrd:OtherIP:AVERAGE \
      CDEF:tcp=TCP,10,/ \
      CDEF:realOtherIP=OtherIP,ICMP,-,TCP,-,UDP,-,ESP,- \
      AREA:ICMP#FFFF00:"ICMP" \
      AREA:ESP#FF0000:"ESP":STACK \
      AREA:UDP#FF00FF:"UDP":STACK \
      AREA:tcp#0000FF:"TCP (1/10)":STACK \
      AREA:realOtherIP#00FF00:"Other IP":STACK
  done
  # protocols over IP
  for proto in ICMP TCP UDP ESP
  do
    rrdtool graph ${PREFIX}${proto}.png ${graph_options} \
      DEF:${proto}in=${PREFIX}input.rrd:${proto}:AVERAGE \
      DEF:${proto}out=${PREFIX}output.rrd:${proto}:AVERAGE \
      AREA:${proto}in#00FFFF:"${proto} (in)" \
      LINE2:${proto}out#0000FF:"${proto} (out)"
  done
}

case "$1" in
  install) ipt_install ;;
    stats) ipt_stats ;;
    clean) ipt_clean ;;
   create) rrd_create ;;
   update) rrd_update ;;
  collect) for ((i=1;i<=3600;i++)) ; do rrd_update ; sleep 1 ; done ;;
    graph) rrd_graph ;;
        *) echo "Syntax: $0 install|stats|clean|create|update|collect|graph" ; exit -1 ;;
esac
exit 0

Etude/AnalyseRéseau/test1 (dernière édition le 2008-02-21 22:10:07 par localhost)