Archive for June, 2008

Cacti with iptables/ipfw traffic monitoring

30 Jun, 2008  No Comment

Cacti is a tools to provides easy interface using rrdtool, it’s web based PHP/MySQL graphing, basically it can graph for bandwith traffic with SNMP.

iptables great tool for setting up firewall on Linux box, but it also provides packet counters, with the matching rule each counter incremented.
like iptables, ipfw provides the same functionaliy but it specific to BSD box.

This article will try to explain how to combine cacti as easy graphing tool and iptables/ipfw as packet counters to monitor bandiwith usage for specific ip / network address.

Setting Up iptables/ipfw as packet counter:

# iptables -t mangle -I FORWARD -s $client_ip_addr  -j MARK --set-mark 0xa101
# iptables -t mangle -I FORWARD -d $client_ip_addr  -j MARK --set-mark 0xd101

using ipfw

# ipfw add 20000 count ip from any to $client_ip_addr
# ipfw add 20001 count ip from $client_ip_addr to any

subtitute $client_ip_addr with client ip address.

connecting iptables/ipfw with cacti using SNMPD

Using snmpd we will use pass command on snmpd.conf

# Usage:
#  pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note:  You’ll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example: (see the script for details)
#          (commented out here since it requires that you place the
#          script in the right location. (its not installed by default))

# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/passtest
here’s the script for parsing value from iptables and give it to snmpd 

#!/bin/bash
echo "$2"
echo "counter"
#949152 1142840494    MARK       all  --  *      *       0.0.0.0/0      202.x.x.x           MARK set 0xd703
#664404 56702643       MARK       all  --  *      *       202.x.x.x      0.0.0.0/0           MARK set 0xa703
expr `iptables -t mangle -vxnL | grep "$1" | awk '{ print $2 }'` % 4294967295

for ipfw need a litlle adjustment

#20000     3922935    1687699944 count ip from any to 202.x.x.x
#20001     8019624    2004017282 count ip from 202.x.x.x to any
expr `ipfw -a list $1 | awk '{ print $3 }'` % 4294967295

snmpd.conf part :

pass 1.3.6.1.4.1.2021.3027.1 /root/get-count-snmp.sh $id_ 1.3.6.1.4.1.2021.3027.1
pass 1.3.6.1.4.1.2021.3027.2 /root/get-count-snmp.sh $id_ 1.3.6.1.4.1.2021.3027.2

$id_ : when using iptables this value is mark value on set-mark (using mangle), but when using ipfw the value is the rule number

reload your snmpd server,

/etc/init.d/snmpd reload

then cek with snmpget and make sure we get the value

# snmpget -On -v 2c -c public localhost 1.3.6.1.4.1.2021.3027.1
.1.3.6.1.4.1.2021.3027.1 = Counter32: 1690769084

Setting Cacti

I am new with cacti so if anyone know eficient way to do this, please let me know

Creating Custom Data Template :

then the graph template

Graph template

finally u can add the device & creating graph

Customer traffic

Command line editor with Perl

25 Jun, 2008  3 Comments

Recently i have to change DHCP configuration file, for each file i need to change the MaxRateUp and MaxRateDown value, so how i do it with almost 1000s client ?. Perl come to rescue

perl -pi.old -e ’s/MaxRateUp.*/MaxRateUp\t256000;/g;
\s/MaxRateDown.*/MaxRateDown\t1024000;/g’ *.cfg;mv *.old /backup

above command will backup the original file, adding .old extension and move it to backup directory