#!/bin/bash # # IP Accounting v 1.1 # Tento program slouzi ke statistice sitoveho provozu pro jednotliva IP # Created by standus - standus@standus.com local_iface="eth0" dir_data_txt="/var/www/html/ipaccounting" dir_data_rdd="/var/www/html/ipaccounting/rrd" rdd_active="on" txt_active="on" testing_active="on" # Testovani pravidel a chainu v IPTABLES if [ $testing_active == "on" ]; then if [ "`iptables -t mangle -L POSTROUTING | grep "DATA_IN"`" == "" ]; then echo "Pridavam chain DATA_IN" iptables -t mangle -N DATA_IN iptables -t mangle -A POSTROUTING -j DATA_IN fi if [ "`iptables -t mangle -L PREROUTING | grep "DATA_OUT"`" == "" ]; then echo "Pridavam chain DATA_OUT" iptables -t mangle -N DATA_OUT iptables -t mangle -A PREROUTING -j DATA_OUT fi for ip in `cat /proc/net/arp | grep "$local_iface" | awk '{print $1}'`; do echo "Testuji ip: $ip" if [ "`iptables -t mangle -L DATA_IN -v -x -n | grep " $ip " | awk '{print $2}'`" == "" ]; then echo "Pridavam pravidlo DATA_IN pro ip: $ip" iptables -t mangle -A DATA_IN -d $ip -j RETURN fi if [ "`iptables -t mangle -L DATA_OUT -v -x -n | grep " $ip " | awk '{print $2}'`" == "" ]; then echo "Pridavam pravidlo DATA_OUT pro ip: $ip" iptables -t mangle -A DATA_OUT -s $ip -j RETURN fi done fi # Nacteni dat z IPTABLES counter_file=`cat $dir_data_txt/data.txt` data=`iptables -t mangle -L DATA_OUT -v -x -n -Z | sed -e 's/ /-/g' | grep "RETURN"` for i in $data; do ip=`echo $i | sed -e 's/-/ /g' | awk '{print $7}'` out=`echo $i | sed -e 's/-/ /g' | awk '{print $2}'` out_old=`echo -ne "$counter_file" | grep "$ip-" | sed -e 's/-/ /g' | awk '{print $2}'` out_new=$(($out_old + $out)) new_file_out="$new_file_out$ip-$out_new\n" out_aver=$(($out / 120)) new_rdd_out="$new_rdd_out$ip-$out_aver\n" echo -ne "$ip\tOUT\tstare: $out_old \tnove: $out \tsoucet: $out_new\trate: $out_aver\n" done data=`iptables -t mangle -L DATA_IN -v -x -n -Z | sed -e 's/ /-/g' | grep "RETURN"` for i in $data; do ip=`echo $i | sed -e 's/-/ /g' | awk '{print $8}'` in=`echo $i | sed -e 's/-/ /g' | awk '{print $2}'` in_old=`echo -ne "$counter_file" | grep "$ip-" | sed -e 's/-/ /g' | awk '{print $3}'` in_new=$(($in_old + $in)) new_file_in="$new_file_in$ip-$in_new\n" in_aver=$(($in / 120)) new_rdd_in="$new_rdd_in$ip-$in_aver\n" echo -ne "$ip\tIN\tstare: $in_old \tnove: $in \tsoucet: $in_new\trate: $in_aver\n" done # Zapsani hodnot do txt souboru (pocitadlo prenesenych dat) if [ $txt_active == "on" ]; then for i in `echo -ne $new_file_out`; do ip=`echo $i | sed -e 's/-/ /g' | awk '{print $1}'` out=`echo $i | sed -e 's/-/ /g' | awk '{print $2}'` in=`echo -ne "$new_file_in" | grep "$ip-" | sed -e 's/-/ /g' | awk '{print $2}'` counter_data="$counter_data$ip-$out-$in\n" done echo -ne $counter_data > $dir_data_txt/data.txt fi # Zapsani hodnot do rrd databaze (grafy prenosu) if [ $rdd_active == "on" ]; then for i in `echo -ne $new_rdd_out`; do ip=`echo $i | sed -e 's/-/ /g' | awk '{print $1}'` out=`echo $i | sed -e 's/-/ /g' | awk '{print $2}'` in=`echo -ne "$new_rdd_in" | grep "$ip-" | sed -e 's/-/ /g' | awk '{print $2}'` if [ ! -e "$dir_data_rdd/host-$ip.rrd" ]; then rrdtool create "$dir_data_rdd/host-$ip.rrd" --step 120 DS:in:GAUGE:600:0:U DS:out:GAUGE:600:0:U RRA:AVERAGE:0.5:1:3600; fi rrdtool update "$dir_data_rdd/host-$ip.rrd" -t in:out N:$in:$out done fi