[Linux-Biella] Monitor per DSL
Mattia Rossi
linux@ml.bilug.linux.it
Thu, 25 Mar 2004 14:25:08 +0100
X-Mailer: Sylpheed version 0.9.8claws (GTK+ 1.2.10; i586-mandrake-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
On Thu, 25 Mar 2004 13:33 +0100
Luca Bertoncello <lucabert@lucabert.de> wrote:
> Andrea Ferraris <andrea_ferraris@libero.it> schrieb:
>
> > Tu pero` volevi suddividere il trafffico fra i vari servizi ed
> > effettivamente, seguendo l'ottimo consiglio di ME, cioe` usando
> > mrtg, hai i dati divisi per servizi (http, ftp, mail, dns) e cosi`
> > via.
>
> Scusa, ma da quanto mi risulta MRTG parla con il Router (che io non
> ho!)... E allora che faccio? Installo un Router solo per fare delle
> statistiche?
>
Ma, ma , e la tua macchina linux con due schede di rete e ipchains che
cos'e', una friggitrice ?
Mrtg funziona con qualsiasi 'coso' che sia in grado di rispondere alle
sue query snmp, da qui il suggerimento di marco di usare mrtg, snmp e
rrdtool.
Per quello che vuoi fare tu, credo che sia sufficiente l'accoppiata
ntop/rrdtool.
Tieni conto del fatto che ntop e' pesantino (e anche prono a crash),
quindi anche la proposta del fai da te non e' da scartare, e che tu
usando ipchains parti avvantaggiato:
ipchains -L -v -n
ti da' le statistiche dei pacchetti transitati (e dei bytes) per ogni
chain e per ogni regola :
(scusate per il wrap a farfalle)
ipchains -L -v -n
Chain input (policy ACCEPT: 205623111 packets, 134652341528 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT all ------ 0xFF 0x00 lo 127.0.0.0/8 0.0.0.0/0 n/a
215 9468 DENY all ----l- 0xFF 0x00 !lo 127.0.0.0/8 0.0.0.0/0 n/a
11089 2351K ACCEPT tcp ------ 0xFF 0x00 eth0 10.0.0.0/18 10.0.0.0/8 * -> 80
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 10.0.0.0/18 xxxxxxxxxxxxx * -> 80
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 10.0.0.0/18 xxxxxxxxxxxxx * -> 80
51M 17G ACCEPT all ------ 0xFF 0x00 eth0 10.0.0.0/16 0.0.0.0/0 n/a
2814K 631M ACCEPT all ------ 0xFF 0x00 eth2 10.7.0.0/16 0.0.0.0/0 n/a
14 1804 DENY all ----l- 0xFF 0x00 !eth0 10.0.0.0/16 0.0.0.0/0 n/a
6 240 DENY tcp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 137 -> 137
10 520 DENY tcp ----l- 0xFF 0x00 eth1 0.0.0.0/0 xxxxxxxxxxxxxx * -> 22:23
6625 1251K ACCEPT tcp ------ 0xFF 0x00 eth1 xxxxxxxxxxxxxxx xxxxxxxxxxxxxx 22 -> *
577 32604 ACCEPT icmp ------ 0xFF 0x00 eth1 0.0.0.0/0 xxxxxxxxxxxxxx * -> *
4221 204K DENY tcp ----l- 0xFF 0x00 eth1 0.0.0.0/0 xxxxxxxxxxxxxx * -> 0:1023
717 86835 DENY udp ----l- 0xFF 0x00 eth1 0.0.0.0/0 xxxxxxxxxxxxxx * -> 0:1023
0 0 DENY icmp ----l- 0xFF 0x00 eth1 0.0.0.0/0 xxxxxxxxxxxxxx * -> 0:1023
Chain forward (policy ACCEPT: 39 packets, 20332 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
125K 79M ACCEPT all ------ 0xFF 0x00 eth0 10.5.0.0/16 10.0.0.0/16 n/a
119K 66M ACCEPT all ------ 0xFF 0x00 cipcb2 10.0.0.0/16 10.5.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 cipcb4 10.0.0.0/16 10.5.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.5.0.0/16 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth2 10.0.0.0/16 10.5.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.5.0.0/16 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth2 10.5.0.0/16 10.7.0.3 n/a
0 0 ACCEPT all ------ 0xFF 0x00 cipcb2 10.7.0.3 10.5.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 cipcb4 10.7.0.3 10.5.0.0/16 n/a
3315K 1022M ACCEPT all ------ 0xFF 0x00 eth2 10.0.0.0/16 0.0.0.0/0 n/a
10M 5064M ACCEPT all ------ 0xFF 0x00 eth0 0.0.0.0/0 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth2 10.0.0.0/16 10.7.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.7.0.0/16 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth2 10.0.0.0/16 10.6.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.6.0.0/16 10.0.0.0/16 n/a
6165K 928M ACCEPT all ------ 0xFF 0x00 cipcb3 10.0.0.0/16 10.3.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.3.0.0/16 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.3.0.0/16 192.168.223.0/24 n/a
67294 3930K ACCEPT all ------ 0xFF 0x00 cipcb3 192.168.223.0/24 10.3.0.0/16 n/a
4852 276K ACCEPT all ------ 0xFF 0x00 cipcb3 172.30.1.0/24 10.3.0.0/16 n/a
308K 180M ACCEPT all ------ 0xFF 0x00 cipcb3 10.0.0.0/16 10.2.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.2.0.0/16 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 cipcb3 10.7.0.0/16 10.3.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth2 10.3.0.0/16 10.7.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.7.0.0/16 151.34.15.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 cipcb7 10.0.0.0/16 10.50.0.0/24 n/a
9074 9030K ACCEPT all ------ 0xFF 0x00 cipcb7 10.0.0.0/16 10.50.3.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.50.0.0/24 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.50.3.0/24 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 192.168.1.0/24 10.0.0.0/16 n/a
332 17102 ACCEPT all ------ 0xFF 0x00 cipcb7 10.0.0.0/16 192.168.1.0/24 n/a
29520 4321K ACCEPT all ------ 0xFF 0x00 cipcb1 10.0.0.0/16 192.168.100.0/24 n/a
168 216K ACCEPT all ------ 0xFF 0x00 cipcb1 10.0.0.0/16 192.168.200.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 192.168.100.0/24 10.0.0.0/16 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 192.168.200.0/24 10.0.0.0/16 n/a
221K 29M ACCEPT all ------ 0xFF 0x00 cipcb5 10.0.0.0/16 10.200.1.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.200.1.0/24 10.0.0.0/16 n/a
138K 44M ACCEPT all ------ 0xFF 0x00 cipcb10 10.0.0.0/16 10.230.224.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.230.224.0/24 10.0.0.0/16 n/a
195K 66M ACCEPT all ------ 0xFF 0x00 cipcb6 10.0.0.0/16 192.168.223.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 192.168.223.0/24 10.0.0.0/16 n/a
75301 35M ACCEPT all ------ 0xFF 0x00 cipcb6 10.3.0.0/16 192.168.223.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 192.168.223.0/24 10.3.0.0/16 n/a
70788 4890K ACCEPT all ------ 0xFF 0x00 cipcb8 10.0.0.0/16 172.30.1.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 172.30.1.0/24 10.0.0.0/16 n/a
4779 888K ACCEPT all ------ 0xFF 0x00 cipcb8 10.3.0.0/16 172.30.1.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 172.30.1.0/24 10.3.0.0/16 n/a
225K 18M ACCEPT all ------ 0xFF 0x00 cipcb0 10.0.0.0/16 10.1.2.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.1.2.0/24 10.0.0.0/16 n/a
60 2955 ACCEPT all ------ 0xFF 0x00 cipcb9 10.0.0.0/16 10.1.1.0/24 n/a
0 0 ACCEPT all ------ 0xFF 0x00 eth0 10.1.1.0/24 10.0.0.0/16 n/a
322 15601 DENY all ------ 0xFF 0x00 eth1 10.0.0.0/8 10.0.0.0/8 n/a
0 0 DENY tcp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 194
0 0 DENY udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 194
51 2448 DENY tcp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 6667
0 0 DENY udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 6667
5 178 DENY udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 4999:5011
32M 14G MASQ all ------ 0xFF 0x00 eth1 10.0.0.0/8 0.0.0.0/0 n/a
114 5484 DENY all ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy ACCEPT: 516495283 packets, 260335044945 bytes):
ipchains -Z azzera i contatori
Nel mio caso non mi interessano le statistiche per il traffico in uscita, quindi ho una sola regola di masquerading che somma tutto :
32M 14G MASQ all ------ 0xFF 0x00 eth1 10.0.0.0/8 0.0.0.0/0 n/a
Nel tuo caso ti basta fare una regola di masquerading per ogni ip/sottorete/porta che ti interessa loggare ed hai il consumo.
A te fare uno script che collezioni i dati, resetti i contatori (se necessario) e produca un output intellegibile anche per un non informatico.
Ciao
Mattia