{"id":39,"date":"2004-08-10T14:07:18","date_gmt":"2004-08-10T11:07:18","guid":{"rendered":"http:\/\/void.gr\/kargig\/blog\/?p=39"},"modified":"2007-05-11T03:28:55","modified_gmt":"2007-05-11T00:28:55","slug":"simple-port-accounting","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2004\/08\/10\/simple-port-accounting\/","title":{"rendered":"Simple Port Accounting"},"content":{"rendered":"<p>Say you&#8217;ve got a server with various services running on multiple ports and you want to monitor how much traffic each port recieves or sends. I&#8217;ve written 2 small scripts to easily accomplish this task.<br \/>\nThe whole process is based on <a href=\"http:\/\/www.netfilter.org\/\">iptables<\/a> rules &#038; <a href=\"http:\/\/people.ee.ethz.ch\/~oetiker\/webtools\/mrtg\/\">MRTG <\/a>. You have to make some rules first on iptables according to what you want to monitor.<br \/>\nAs an example we will monitor web-server traffic on port 80 (HTTP) and port 443 (HTTPS).<br \/>\nFirst come the iptables rules.<br \/>\niptables.sh<\/p>\n<blockquote><p><code><br \/>\n#!\/bin\/bash<br \/>\nME=\"XXX.YYY.ZZZ.WWW\"<br \/>\nIPTABLES=\/usr\/sbin\/iptables<br \/>\n$IPTABLES -A INPUT -p tcp -d $ME --dport 80<br \/>\n$IPTABLES -A INPUT -p tcp -d $ME --dport 443<br \/>\n$IPTABLES -I INPUT -i eth0<br \/>\n$IPTABLES -A OUTPUT -p tcp -s $ME --sport 80<br \/>\n$IPTABLES -A OUTPUT -p tcp -s $ME --sport 443<br \/>\n$IPTABLES -I OUTPUT -o eth0<br \/>\n<\/code><\/p><\/blockquote>\n<p>change the ME variable and add your ip inside the quotes. Then put this script someplace where you put scripts&#8230;I use \/opt\/scripts or \/root\/scripts, and make an entry to your rc.local (or any other script runs on boot time) to run this script on boot (I hope I won&#8217;t get any comments on how to do that&#8230;)<br \/>\nThen comes the scripts that will take the stats gathered in iptables rules (you can see them by typing iptables -nvxL).<br \/>\nFirst script is: port.sh<\/p>\n<blockquote><p><code><br \/>\n#!\/bin\/bash<br \/>\nHOSTNAME=\"\/bin\/hostname\"<br \/>\nIPTABLES=\"\/usr\/sbin\/iptables\"<br \/>\nUPTIME=\"\/usr\/bin\/uptime\"<br \/>\n$IPTABLES -nvxL | grep -w $1 | awk '{ print $2 }'<br \/>\n$UPTIME | awk '{ print $3, $4, $5 }'<br \/>\n$HOSTNAME<br \/>\n<\/code><\/p><\/blockquote>\n<p>Second script is: inout.sh<\/p>\n<blockquote><p><code><br \/>\n#!\/bin\/bash<br \/>\nHOSTNAME=\"\/bin\/hostname\"<br \/>\nIPTABLES=\"\/usr\/sbin\/iptables\"<br \/>\nUPTIME=\"\/usr\/bin\/uptime\"<br \/>\nif [ \"$1\" == \"packet\" ]; then<br \/>\n$IPTABLES -nvxL | grep -w eth0 | awk '{ print $1 }'<br \/>\nelse<br \/>\n$IPTABLES -nvxL | grep -w eth0 | awk '{ print $2}'<br \/>\nfi<br \/>\n$UPTIME | awk '{ print $3, $4, $5 }'<br \/>\n$HOSTNAME<br \/>\n<\/code><\/p><\/blockquote>\n<p>You can give them a try by typing .\/port.sh 80:<\/p>\n<blockquote><p><code><br \/>\n1963705<br \/>\n19120562<br \/>\n58 days, 22:07,<br \/>\n<\/code><\/p><\/blockquote>\n<p>or .\/inout.sh<\/p>\n<blockquote><p><code><br \/>\n29086377134<br \/>\n70585824723<br \/>\n58 days, 22:16,<\/code><\/p><\/blockquote>\n<p>or even: .\/inout.sh packet<\/p>\n<blockquote><p><code><br \/>\n514425312<br \/>\n549647125<br \/>\n58 days, 22:17,<br \/>\n<\/code><\/p><\/blockquote>\n<p>The inout script can take the word &#8220;packet&#8221; as a command line parameter to show you total packet information.<\/p>\n<p>What you need to do next is configure your mrtg to read these stats.<br \/>\nmrtg.cfg<\/p>\n<blockquote><p><code><br \/>\nWorkDir: \/foo\/bar\/change\/me<br \/>\nTarget[80]: `\/opt\/scripts\/port.sh 80`<br \/>\nMaxBytes[80]: 200000<br \/>\nTitle[80]: Port 80<br \/>\nPageTop[80]: &lt;h1&gt;Port 80 Stats&lt;\/h1&gt;<\/p>\n<p>Target[443]: `\/opt\/scripts\/port.sh 443`<br \/>\nMaxBytes[443]: 200000<br \/>\nTitle[443]: Port 443<br \/>\nPageTop[443]: &lt;h1&gt;Port 443 Stats&lt;\/h1&gt;<\/p>\n<p>Target[inout]: `\/opt\/scripts\/inout.sh`<br \/>\nMaxBytes[inout]: 2000000<br \/>\nTitle[inout]: Total Traffic<br \/>\nPageTop[inout]: &lt;h1&gt;Total Traffic Stats&lt;\/h1&gt;<\/p>\n<p>Target[inoutp]: `\/opt\/scripts\/inout.sh packet`<br \/>\nMaxBytes[inoutp]: 2000000<br \/>\nTitle[inoutp]: Total Packets<br \/>\nPageTop[inoutp]: &lt;h1&gt;Total Packet Stats&lt;\/h1&gt;<br \/>\n<\/code><\/p><\/blockquote>\n<p>Where workdir is a directory inside your web server served documents. For example&#8230;if your DocumentRoot is \/var\/www\/mydomain\/ make Workdir: \/var\/www\/mydomain\/mrtgstats<br \/>\nNow fire up mrtg to read the specified .cfg file and you are done!<br \/>\n# \/foo\/bar\/mrtg\/install\/dir\/mrtg       \/cfg\/file\/dir\/mrtg.cfg<\/p>\n<p>and you will see some files being created inside &#8220;WorkDir: \/foo\/bar\/change\/me&#8221;.<br \/>\nAdd this line to your crontab<br \/>\n*\/5 * * * * \/foo\/bar\/mrtg\/install\/dir\/mrtg       \/cfg\/file\/dir\/mrtg.cfg<br \/>\nAnd you will have automated results every five minutes.<\/p>\n<p>If you want to create a nice index.html to have all stats in one dir just do this:<br \/>\n# \/foo\/bar\/mrtg\/install\/dir\/indexmaker  &#8211;output=\/foo\/bar\/change\/me\/index.html &#8211;title=&#8221;MY Port Stats&#8221; &#8211;enumerate &#8211;columns=1   \/cfg\/file\/dir\/mrtg.cfg<\/p>\n<p>Now go to http:\/\/yourhost\/foo\/bar\/change\/me and enjoy<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Say you&#8217;ve got a server with various services running on multiple ports and you want to monitor how much traffic each port recieves or sends. I&#8217;ve written 2 small scripts to easily accomplish this task. The whole process is based on iptables rules &#038; MRTG . You have to make some rules first on iptables [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-39","post","type-post","status-publish","format-standard","hentry","category-general"],"aioseo_notices":[],"views":8485,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/39","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=39"}],"version-history":[{"count":0,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/39\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=39"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=39"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=39"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}