Added plugin for received firewall packets
This commit is contained in:
Nis Wechselberg
parent
f2eb00772f
commit
17c54160e7
3 changed files with 207 additions and 0 deletions
131
fw_packets_ds
Executable file
131
fw_packets_ds
Executable file
|
|
@ -0,0 +1,131 @@
|
|||
#!/usr/bin/perl -w
|
||||
|
||||
=head1 NAME
|
||||
|
||||
fw_packets_ds - Plugin to monitor the throughput of a firewall in an
|
||||
IPv4/IPv6 DualStack setup
|
||||
|
||||
=head1 CONFIGURATION
|
||||
|
||||
This plugin must run with root privileges
|
||||
|
||||
=head1 CONFIGURATION EXAMPLE
|
||||
|
||||
/etc/munin/plugin-conf.d/global or other file in that dir must contain:
|
||||
|
||||
[fw*]
|
||||
user root
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
This plugin is insprired by the original fw_packets plugin.
|
||||
|
||||
The plugin tries to use the nstat tool to determine the metrics in
|
||||
a more consistent way. If this fails it falls back to parsing
|
||||
/proc files.
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Nis 'eNBeWe' Wechselberg
|
||||
|
||||
=head1 LICENSE
|
||||
|
||||
MIT
|
||||
|
||||
=head1 MAGIC MARKERS
|
||||
|
||||
#%# family=auto
|
||||
#%# capabilities=autoconf
|
||||
|
||||
=cut
|
||||
|
||||
use strict;
|
||||
|
||||
my $nstat = '/usr/bin/nstat';
|
||||
my $snmp_file = '/proc/net/snmp';
|
||||
my $snmp6_file = '/proc/net/snmp6';
|
||||
|
||||
# Autoconf Mode
|
||||
if ( defined($ARGV[0]) and $ARGV[0] eq "autoconf" ) {
|
||||
if ( -x $nstat or -r $snmp_file or -r $snmp6_file ) {
|
||||
print "yes\n";
|
||||
} else {
|
||||
print "no\n";
|
||||
}
|
||||
exit 0;
|
||||
}
|
||||
|
||||
# Graph config
|
||||
if ( defined($ARGV[0]) and $ARGV[0] eq "config" ) {
|
||||
print <<EOF;
|
||||
graph_title Firewall Throughput
|
||||
graph_args --base 1000 -l 0
|
||||
graph_vlabel Packets/\${graph_period}
|
||||
graph_category network
|
||||
v4_received.label IPv4 Received
|
||||
v4_received.draw AREA
|
||||
v4_received.type DERIVE
|
||||
v4_received.min 0
|
||||
v6_received.label IPv6 Received
|
||||
v6_received.draw STACK
|
||||
v6_received.type DERIVE
|
||||
v6_received.min 0
|
||||
EOF
|
||||
exit 0;
|
||||
}
|
||||
|
||||
my %state = (
|
||||
'v4RECEIVED' => 0,
|
||||
'v6RECEIVED' => 0
|
||||
);
|
||||
|
||||
if ( -x $nstat ) {
|
||||
# Use nstat tool for metrics
|
||||
my $command = "$nstat -a -z IpIn* Ip6In* 2>/dev/null";
|
||||
|
||||
open CMD, "$command|";
|
||||
while (<CMD>) {
|
||||
if (/^(\S+)\s+(\d+)/) {
|
||||
if ( $1 eq 'IpInReceives' ) {
|
||||
$state{'v4RECEIVED'} = $2;
|
||||
}
|
||||
if ( $1 eq 'Ip6InReceives' ) {
|
||||
$state{'v6RECEIVED'} = $2;
|
||||
}
|
||||
}
|
||||
}
|
||||
close CMD;
|
||||
} else {
|
||||
# Parse /proc files
|
||||
if ( -r $snmp_file ) {
|
||||
my $index_received = 0;
|
||||
open SNMP, $snmp_file;
|
||||
while (<SNMP>) {
|
||||
if (/^Ip:\s+\D/) {
|
||||
my @ip = split;
|
||||
while ( not $ip[$index_received] =~ /InReceives/ ) {
|
||||
$index_received++;
|
||||
}
|
||||
}
|
||||
if (/^Ip:\s+\d/) {
|
||||
my @ip = split;
|
||||
$state{'v4RECEIVED'} = $ip[$index_received];
|
||||
last;
|
||||
}
|
||||
}
|
||||
close SNMP;
|
||||
}
|
||||
|
||||
if ( -r $snmp6_file ) {
|
||||
open SNMP6, $snmp6_file;
|
||||
while (<SNMP6>) {
|
||||
if (/^Ip6InReceives\s+(\d+)/) {
|
||||
$state{'v6RECEIVED'} = $1;
|
||||
}
|
||||
}
|
||||
close SNMP6;
|
||||
}
|
||||
}
|
||||
|
||||
print "v4_received.value $state{'v4RECEIVED'}\n";
|
||||
print "v6_received.value $state{'v6RECEIVED'}\n";
|
||||
Loading…
Add table
Add a link
Reference in a new issue