Anybody knows some graphic reporting/analysing program for shorewall 4.0.7 or i have to do it by accounting? -- Javier Martínez Technical Manager ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:> Anybody knows some graphic reporting/analysing program for shorewall > 4.0.7 or i have to do it by accounting?The fact that it is Shorewall or that it is a particular version of Shorewall is irrelevant. Shorewall is nothing but a tool for configuring Netfilter and some other aspects of the Linux kernel; the ''shorewall log'' is just the log produced by Netfilter. And Shorewall allows you to tailor the ''log-prefix'' to match the requirements of any analysis tool that you find. -Tom -- Tom Eastep \ HTML post on a technical Linux list can''t be taken seriously Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep wrote:> Javier Martínez wrote: >> Anybody knows some graphic reporting/analysing program for shorewall >> 4.0.7 or i have to do it by accounting? > > The fact that it is Shorewall or that it is a particular version of > Shorewall is irrelevant. Shorewall is nothing but a tool for configuring > Netfilter and some other aspects of the Linux kernel; the ''shorewall log'' is > just the log produced by Netfilter. And Shorewall allows you to tailor the > ''log-prefix'' to match the requirements of any analysis tool that you find. >And as to Shorewall Accounting, it is nothing but a set of Netfilter chains with rules that match the traffic that you specify. So again, there is nothing unique to Shorewall. Any package that can parse the output of "iptables -L" should be able to deal with Shorewall accounting chains. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:>Anybody knows some graphic reporting/analysing >program for shorewall 4.0.7 or i have to do it >by accounting?As Tom says, Shorewall is just a front end to make the low level stuff easier to administer. Here are some scripts I use for traffic logging : First you need to log the traffic, so in ''accounting'' I have :># Outside global stats >outside-in:COUNT - eth0 - >outside-out:COUNT - - eth0 >DONE outside > ># Do acocunting by IP address >account-ip - - - >total-ip-in:COUNT account-ip eth0 - >total-ip-out:COUNT account-ip - eth0 >DONE total-ip > >acc-serv >total-serv-in:COUNT acc-serv eth0 - >total-serv-out:COUNT acc-serv - eth0 >DONE total-serv > > >INCLUDE accounting.ip >INCLUDE accounting.serviceAnd in accounting.ip I have :>acc1-in:COUNT account-ip eth0 195.8.169.1 >acc1-out:COUNT account-ip 195.8.169.1 eth0 >DONE acc1 > >acc2-in:COUNT account-ip eth0 195.8.169.2 >acc2-out:COUNT account-ip 195.8.169.2 eth0 >DONE acc2(and so on up to 254, yes, we have a whole class C to play with) accounting.service is currently empty Then you need somewhere to put the data, so we have an rrd file created thus :>rrdtool create ip-stats.rrd -s 300 \ > DS:total-in:DERIVE:600:0:U \ > DS:total-out:DERIVE:600:0:U \ > \ > DS:ip1-in:DERIVE:600:0:U \ > DS:ip1-out:DERIVE:600:0:U \ > DS:ip2-in:DERIVE:600:0:U \ > DS:ip2-out:DERIVE:600:0:U \ >... > DS:ip254-in:DERIVE:600:0:U \ > DS:ip254-out:DERIVE:600:0:U \ > \ > RRA:AVERAGE:0.5:1:576 \ > RRA:MAX:0.5:1:576 \ > RRA:AVERAGE:0.5:6:672 \ > RRA:MAX:0.5:6:672 \ > RRA:AVERAGE:0.5:24:732 \ > RRA:MAX:0.5:24:732 \ > RRA:AVERAGE:0.5:288:730 \ > RRA:MAX:0.5:288:730 > ># CFs for : ># 1 x 576 48hrx 5m ># 6 x 672 14d x 1/2hr ># 24 x 732 61d x 2hr ># 288 x 730 730d x 12hrThen you need to get the data out of the kernel tables, I run this cron job once a minute :>/usr/bin/rrdtool update ip-stats.rrd N:`/sbin/iptables -L account-ip -vxn | \ > /usr/bin/awk ''BEGIN { getline ; getline } > { print $2 }'' | \ > /usr/bin/tr '' >'' '':'' | /bin/sed -e ''s/:$//''`The only step left then is to draw some graphs. The scripts I have for that are, well ''a bit ragged'' and also too big to post here. Hopefully that should give you some ideas of what is possible - ''man'' is your friend in working out what each bit of the script does, and the online documentation for shorewall will cover that side. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Thanks Simon your email is perfect.
I am newbie in rrdtools too. so, is possible for me to obtain the
script for the graph?, i think is not possible currently to program
that for me. And a screenshot?
Thanks in advance
Simon Hobson wrote:
Javier Martínez wrote:
Anybody knows some graphic reporting/analysing
program for shorewall 4.0.7 or i have to do it
by accounting?
As Tom says, Shorewall is just a front end to
make the low level stuff easier to administer.
Here are some scripts I use for traffic logging :
First you need to log the traffic, so in ''accounting'' I have :
# Outside global stats
outside-in:COUNT - eth0 -
outside-out:COUNT - - eth0
DONE outside
# Do acocunting by IP address
account-ip - - -
total-ip-in:COUNT account-ip eth0 -
total-ip-out:COUNT account-ip - eth0
DONE total-ip
acc-serv
total-serv-in:COUNT acc-serv eth0 -
total-serv-out:COUNT acc-serv - eth0
DONE total-serv
INCLUDE accounting.ip
INCLUDE accounting.service
And in accounting.ip I have :
acc1-in:COUNT account-ip eth0 195.8.169.1
acc1-out:COUNT account-ip 195.8.169.1 eth0
DONE acc1
acc2-in:COUNT account-ip eth0 195.8.169.2
acc2-out:COUNT account-ip 195.8.169.2 eth0
DONE acc2
accounting.service is currently empty
Then you need somewhere to put the data, so we have an rrd file created thus :
rrdtool create ip-stats.rrd -s 300 \
DS:total-in:DERIVE:600:0:U \
DS:total-out:DERIVE:600:0:U \
\
DS:ip1-in:DERIVE:600:0:U \
DS:ip1-out:DERIVE:600:0:U \
DS:ip2-in:DERIVE:600:0:U \
DS:ip2-out:DERIVE:600:0:U \
...
DS:ip254-in:DERIVE:600:0:U \
DS:ip254-out:DERIVE:600:0:U \
\
RRA:AVERAGE:0.5:1:576 \
RRA:MAX:0.5:1:576 \
RRA:AVERAGE:0.5:6:672 \
RRA:MAX:0.5:6:672 \
RRA:AVERAGE:0.5:24:732 \
RRA:MAX:0.5:24:732 \
RRA:AVERAGE:0.5:288:730 \
RRA:MAX:0.5:288:730
# CFs for :
# 1 x 576 48hrx 5m
# 6 x 672 14d x 1/2hr
# 24 x 732 61d x 2hr
# 288 x 730 730d x 12hr
Then you need to get the data out of the kernel
tables, I run this cron job once a minute :
/usr/bin/rrdtool update ip-stats.rrd N:`/sbin/iptables -L account-ip -vxn | \
/usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }'' | \
/usr/bin/tr ''
'' '':'' | /bin/sed -e ''s/:$//''`
The only step left then is to draw some graphs.
The scripts I have for that are, well ''a bit
ragged'' and also too big to post here.
Hopefully that should give you some ideas of what
is possible - ''man'' is your friend in working out
what each bit of the script does, and the online
documentation for shorewall will cover that side.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Javier
Martínez
Director General
Sip2000
Sistemas
Luis Morondo Urra 11 Bajo
31006 Pamplona Navarra
http://www.sip2000.es
Advertencia:
Esta comunicación está destinada a la persona a quién
se dirige y puede contener información confidencial o sometida
a secreto profesional. Su interceptación, utilización,
alteración, reproducción, difusión, cesión
a terceros y / o uso de su contenido puede constituir un delito. Si
Vd. no es el destinatario de este mensaje, por favor, destrúyalo
o devuélvalo al remitente. En cumplimiento de la Ley Orgánica
15/1999 de 13 de diciembre, de protección de datos de carácter
personal, se le informa que la dirección de correo electrónico
por usted facilitada va a ser incorporada a un fichero automatizado
denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La
recogida de estos datos tiene por finalidad posibilitar la gestión
económico-administrativa y comercial de la empresa. La
información facilitada por usted tiene como único
destinatario a la empresa responsable de los datos SIP2000 SISTEMAS.
En todo caso, usted puede en cualquier momento ejercitar los derechos
de acceso, rectificación, cancelación y oposición
dirigiéndose por escrito al encargado de los derechos de los
afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 -
Pamplona (Navarra).
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:>I am newbie in rrdtools too. so, is possible for >me to obtain the script for the graph?, i think >is not possible currently to program that for >me. And a screenshot?Sorry, I can''t for two reasons : 1) It''s such bad code that I''d be too embarassed 2) I wouldn''t get permission from work ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:> Thanks Simon your email is perfect. > > I am newbie in rrdtools too. so, is possible for me to obtain the script for the > graph?, i think is not possible currently to program that for me. And a screenshot? > Thanks in advance >Using the scripts Simon has already provided you could set up drraw (http://web.taranis.org/drraw) to help you generate the graphs. Additionally, I highly recommend collectd (http://collectd.org) which will give you much granularity than one reading per minute without the overhead of forking each cron job. This is what I have done, and I find it quite satisfactory. http://fiber.c-ware.com/drraw/index.cgi?Mode=view;Dashboard=1193363404.29533 user: shorewall-users password: goodforonemonth ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Thanks at all Simon. Have a nice day Simon Hobson wrote: Javier Martínez wrote: I am newbie in rrdtools too. so, is possible for me to obtain the script for the graph?, i think is not possible currently to program that for me. And a screenshot? Sorry, I can''t for two reasons : 1) It''s such bad code that I''d be too embarassed 2) I wouldn''t get permission from work ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Javier Martínez Director General Sip2000 Sistemas Luis Morondo Urra 11 Bajo 31006 Pamplona Navarra http://www.sip2000.es Advertencia: Esta comunicación está destinada a la persona a quién se dirige y puede contener información confidencial o sometida a secreto profesional. Su interceptación, utilización, alteración, reproducción, difusión, cesión a terceros y / o uso de su contenido puede constituir un delito. Si Vd. no es el destinatario de este mensaje, por favor, destrúyalo o devuélvalo al remitente. En cumplimiento de la Ley Orgánica 15/1999 de 13 de diciembre, de protección de datos de carácter personal, se le informa que la dirección de correo electrónico por usted facilitada va a ser incorporada a un fichero automatizado denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La recogida de estos datos tiene por finalidad posibilitar la gestión económico-administrativa y comercial de la empresa. La información facilitada por usted tiene como único destinatario a la empresa responsable de los datos SIP2000 SISTEMAS. En todo caso, usted puede en cualquier momento ejercitar los derechos de acceso, rectificación, cancelación y oposición dirigiéndose por escrito al encargado de los derechos de los afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 - Pamplona (Navarra). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
ohhhhhhhhh really it´s great for newbea people. Thanks, thanks, thanks Luke Heberling wrote: Javier Martínez wrote: Thanks Simon your email is perfect. I am newbie in rrdtools too. so, is possible for me to obtain the script for the graph?, i think is not possible currently to program that for me. And a screenshot? Thanks in advance Using the scripts Simon has already provided you could set up drraw (http://web.taranis.org/drraw) to help you generate the graphs. Additionally, I highly recommend collectd (http://collectd.org) which will give you much granularity than one reading per minute without the overhead of forking each cron job. This is what I have done, and I find it quite satisfactory. http://fiber.c-ware.com/drraw/index.cgi?Mode=view;Dashboard=1193363404.29533 user: shorewall-users password: goodforonemonth ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Javier Martínez Director General Sip2000 Sistemas Luis Morondo Urra 11 Bajo 31006 Pamplona Navarra http://www.sip2000.es Advertencia: Esta comunicación está destinada a la persona a quién se dirige y puede contener información confidencial o sometida a secreto profesional. Su interceptación, utilización, alteración, reproducción, difusión, cesión a terceros y / o uso de su contenido puede constituir un delito. Si Vd. no es el destinatario de este mensaje, por favor, destrúyalo o devuélvalo al remitente. En cumplimiento de la Ley Orgánica 15/1999 de 13 de diciembre, de protección de datos de carácter personal, se le informa que la dirección de correo electrónico por usted facilitada va a ser incorporada a un fichero automatizado denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La recogida de estos datos tiene por finalidad posibilitar la gestión económico-administrativa y comercial de la empresa. La información facilitada por usted tiene como único destinatario a la empresa responsable de los datos SIP2000 SISTEMAS. En todo caso, usted puede en cualquier momento ejercitar los derechos de acceso, rectificación, cancelación y oposición dirigiéndose por escrito al encargado de los derechos de los afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 - Pamplona (Navarra). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
I have installed the drraw. drraw.conf and drraw.cgi in the cgi-bin directory of muy apache server but when i go to the browser and i write http://127.0.0.1/cgi-bin/drraw.cgi nothing happends. I have installed the cgi perl module perl-rrdtool.i386 1.2.23-1.el5.rf installed and the RRds module too perl-rrdtool.i386 1.2.23-1.el5.rf installed and my drraw.cgi is modifies so: #! /usr/bin/perl -T # # Copyright (C) 2002, 2003, 2004, 2005 Christophe Kalt # # Redistribution and use in source and binary forms, with or without and # The following line is needed if "RRDs.pm" was not installed in a # directory mentioned in your perl''s @INC. #use lib ''/usr/local/rrdtool/lib/perl''; use lib ''/lib/perl/5.8.8/i386-linux-thread-multi/''; use RRDs; Can you help me. What am i doing wrong? Luke Heberling wrote: Javier Martínez wrote: Thanks Simon your email is perfect. I am newbie in rrdtools too. so, is possible for me to obtain the script for the graph?, i think is not possible currently to program that for me. And a screenshot? Thanks in advance Using the scripts Simon has already provided you could set up drraw (http://web.taranis.org/drraw) to help you generate the graphs. Additionally, I highly recommend collectd (http://collectd.org) which will give you much granularity than one reading per minute without the overhead of forking each cron job. This is what I have done, and I find it quite satisfactory. http://fiber.c-ware.com/drraw/index.cgi?Mode=view;Dashboard=1193363404.29533 user: shorewall-users password: goodforonemonth ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Javier Martínez Director General Sip2000 Sistemas Luis Morondo Urra 11 Bajo 31006 Pamplona Navarra http://www.sip2000.es Advertencia: Esta comunicación está destinada a la persona a quién se dirige y puede contener información confidencial o sometida a secreto profesional. Su interceptación, utilización, alteración, reproducción, difusión, cesión a terceros y / o uso de su contenido puede constituir un delito. Si Vd. no es el destinatario de este mensaje, por favor, destrúyalo o devuélvalo al remitente. En cumplimiento de la Ley Orgánica 15/1999 de 13 de diciembre, de protección de datos de carácter personal, se le informa que la dirección de correo electrónico por usted facilitada va a ser incorporada a un fichero automatizado denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La recogida de estos datos tiene por finalidad posibilitar la gestión económico-administrativa y comercial de la empresa. La información facilitada por usted tiene como único destinatario a la empresa responsable de los datos SIP2000 SISTEMAS. En todo caso, usted puede en cualquier momento ejercitar los derechos de acceso, rectificación, cancelación y oposición dirigiéndose por escrito al encargado de los derechos de los afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 - Pamplona (Navarra). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:> I have installed the drraw. drraw.conf and drraw.cgi in the cgi-bin > directory of muy apache server but when i go to the browser and i > write http://127.0.0.1/cgi-bin/drraw.cgi nothing happends. I have > installed the cgi perl module > perl-rrdtool.i386 1.2.23-1.el5.rf installed > and the RRds module too > perl-rrdtool.i386 1.2.23-1.el5.rf installed > > and my drraw.cgi is modifies so: > > #! /usr/bin/perl -T > # > # Copyright (C) 2002, 2003, 2004, 2005 Christophe Kalt > # > # Redistribution and use in source and binary forms, with or without > > and > > # The following line is needed if "RRDs.pm" was not installed in a > # directory mentioned in your perl''s @INC. > #use lib ''/usr/local/rrdtool/lib/perl''; > use lib ''/lib/perl/5.8.8/i386-linux-thread-multi/''; > use RRDs; > > Can you help me. What am i doing wrong? >You''re not describing the problem. "nothing happens" is clearly incorrect. Is your apache server on the same machine as your browser? If not, then 127.0.0.1 will not get you anywhere. Apache and drraw questions have their own mailing lists, but you should read the documentation to get up to speed before posting. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Adam Niedzwiedzki
2008-Jan-29 03:36 UTC
Accessing ADSL modem config page (Tried FAQ way and net goes offline)
Hi guys,
This is my setup
Leaf router/firewall
Shorewall 3.4.5
Netcomm NB5 ADSL modem -> eth0 -- BOX -- eth1 -- internal lan.
I''m using PPPOE for my connection, adsl modem is in bridge mode.
I have set the NB5 with 192.168.1.1 and set it''s default gateway as
192.168.1.2
I gather I have to setup eth0 with 192.168.1.2 but here is where I''m
getting
a little confused.
My /etc/network/interfaces file is this
auto lo
iface lo inet loopback
auto ppp0
iface ppp0 inet ppp
pre-up ip link set eth0 up
provider dsl-provider eth0
auto eth1
iface eth1 inet static
address 10.0.10.1
netmask 255.255.255.0
broadcast 10.0.10.255
Do I add another section for eth0 (and if so do I change the ppp0 settings
at all in this file?)
Something like
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
broadcast 192.168.1.255
Having 10.0.1.x on my internal lan I''m a little confused on how to
setup
shorewall.
I created a zone for the modem and add the eth0 to interfaces did update
rules as per the FAQ, then save and restarted shorewall, then my whole net
connection went offline etc..
Do I have to allow fw to modem or something for the whole pppoe to work?
Just a little confused :(
Cheers
Ad
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrew Suffield
2008-Jan-29 04:31 UTC
Re: Accessing ADSL modem config page (Tried FAQ way and net goes offline)
On Tue, Jan 29, 2008 at 02:36:55PM +1100, Adam Niedzwiedzki wrote:> Do I have to allow fw to modem or something for the whole pppoe to work?No, PPPoE traffic is not encapsulated in IP packets, hence it is entirely unaffected by iptables. There''s nothing obviously wrong in what you posted, that I can see. We''ll probably need a dump of the system in its "broken" state to make any progress. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Hí everybody. Have a nice day.
I have installed drraw and it works fine. I have done all the
configuration in /etc/shorewall/accounting, i have done the script to
get the rrd that i need and finally i must insert with a daemon
process each minute the data in the rrd files, in this stept is where i
have problems.
I have followed this script, but it reports me an error.
What i do is this:
# /sbin/iptables -L vpn1-in -vxn
Chain vpn1-in (6 references)
pkts bytes target prot opt in out
source destination
81172 4220945 all -- ppp0 *
192.168.1.100 0.0.0.0/0
0 0 all -- ppp0 *
192.168.1.101 0.0.0.0/0
0 0 all -- ppp0 *
192.168.1.102 0.0.0.0/0
0 0 all -- ppp0 *
192.168.1.103 0.0.0.0/0
0 0 all -- ppp0 *
192.168.1.104 0.0.0.0/0
0 0 all -- ppp0 *
192.168.1.105 0.0.0.0/0
and i make a cron with this file, that respond me with an error:
#sh javier1
ERROR: expected 6 data source readings (got 1) from N:
where the content of javier1 is:
# more javier1
#
/usr/bin/rrdtool update vpn1-in.rrd N:`/sbin/iptables -L vpn1-in -vxn |
\
/usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }'' | \
/usr/bin/tr ''
'' '':'' | /bin/sed -e
''s/:$//''`
I don´t know what´s the matter, so i would agree you in advance
if you can solve me the problem. I think for you is very easy because i
am newbie in shell programming as you suppousse. Can you help me?
Thanks in advance
Simon Hobson wrote:
Javier Martínez wrote:
Anybody knows some graphic reporting/analysing
program for shorewall 4.0.7 or i have to do it
by accounting?
As Tom says, Shorewall is just a front end to
make the low level stuff easier to administer.
Here are some scripts I use for traffic logging :
First you need to log the traffic, so in ''accounting'' I have :
# Outside global stats
outside-in:COUNT - eth0 -
outside-out:COUNT - - eth0
DONE outside
# Do acocunting by IP address
account-ip - - -
total-ip-in:COUNT account-ip eth0 -
total-ip-out:COUNT account-ip - eth0
DONE total-ip
acc-serv
total-serv-in:COUNT acc-serv eth0 -
total-serv-out:COUNT acc-serv - eth0
DONE total-serv
INCLUDE accounting.ip
INCLUDE accounting.service
And in accounting.ip I have :
acc1-in:COUNT account-ip eth0 195.8.169.1
acc1-out:COUNT account-ip 195.8.169.1 eth0
DONE acc1
acc2-in:COUNT account-ip eth0 195.8.169.2
acc2-out:COUNT account-ip 195.8.169.2 eth0
DONE acc2
accounting.service is currently empty
Then you need somewhere to put the data, so we have an rrd file created thus :
rrdtool create ip-stats.rrd -s 300 \
DS:total-in:DERIVE:600:0:U \
DS:total-out:DERIVE:600:0:U \
\
DS:ip1-in:DERIVE:600:0:U \
DS:ip1-out:DERIVE:600:0:U \
DS:ip2-in:DERIVE:600:0:U \
DS:ip2-out:DERIVE:600:0:U \
...
DS:ip254-in:DERIVE:600:0:U \
DS:ip254-out:DERIVE:600:0:U \
\
RRA:AVERAGE:0.5:1:576 \
RRA:MAX:0.5:1:576 \
RRA:AVERAGE:0.5:6:672 \
RRA:MAX:0.5:6:672 \
RRA:AVERAGE:0.5:24:732 \
RRA:MAX:0.5:24:732 \
RRA:AVERAGE:0.5:288:730 \
RRA:MAX:0.5:288:730
# CFs for :
# 1 x 576 48hrx 5m
# 6 x 672 14d x 1/2hr
# 24 x 732 61d x 2hr
# 288 x 730 730d x 12hr
Then you need to get the data out of the kernel
tables, I run this cron job once a minute :
/usr/bin/rrdtool update ip-stats.rrd N:`/sbin/iptables -L account-ip -vxn | \
/usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }'' | \
/usr/bin/tr ''
'' '':'' | /bin/sed -e ''s/:$//''`
The only step left then is to draw some graphs.
The scripts I have for that are, well ''a bit
ragged'' and also too big to post here.
Hopefully that should give you some ideas of what
is possible - ''man'' is your friend in working out
what each bit of the script does, and the online
documentation for shorewall will cover that side.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Javier
Martínez
Director General
Sip2000
Sistemas
Luis Morondo Urra 11 Bajo
31006 Pamplona Navarra
http://www.sip2000.es
Advertencia:
Esta comunicación está destinada a la persona a quién
se dirige y puede contener información confidencial o sometida
a secreto profesional. Su interceptación, utilización,
alteración, reproducción, difusión, cesión
a terceros y / o uso de su contenido puede constituir un delito. Si
Vd. no es el destinatario de este mensaje, por favor, destrúyalo
o devuélvalo al remitente. En cumplimiento de la Ley Orgánica
15/1999 de 13 de diciembre, de protección de datos de carácter
personal, se le informa que la dirección de correo electrónico
por usted facilitada va a ser incorporada a un fichero automatizado
denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La
recogida de estos datos tiene por finalidad posibilitar la gestión
económico-administrativa y comercial de la empresa. La
información facilitada por usted tiene como único
destinatario a la empresa responsable de los datos SIP2000 SISTEMAS.
En todo caso, usted puede en cualquier momento ejercitar los derechos
de acceso, rectificación, cancelación y oposición
dirigiéndose por escrito al encargado de los derechos de los
afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 -
Pamplona (Navarra).
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:>I have followed this script, but it reports me an error. >What i do is this: > ># /sbin/iptables -L vpn1-in -vxn >Chain vpn1-in (6 references) > pkts bytes target prot opt in >out source destination > 81172 4220945 all -- ppp0 * >192.168.1.100 0.0.0.0/0 > 0 0 all -- ppp0 * >192.168.1.101 0.0.0.0/0 > 0 0 all -- ppp0 * >192.168.1.102 0.0.0.0/0 > 0 0 all -- ppp0 * >192.168.1.103 0.0.0.0/0 > 0 0 all -- ppp0 * >192.168.1.104 0.0.0.0/0 > 0 0 all -- ppp0 * >192.168.1.105 0.0.0.0/0 > >and i make a cron with this file, that respond me with an error: > >#sh javier1 >ERROR: expected 6 data source readings (got 1) from N: > >where the content of javier1 is: > ># more javier1 ># >/usr/bin/rrdtool update vpn1-in.rrd N:`/sbin/iptables -L vpn1-in -vxn | \ > /usr/bin/awk ''BEGIN { getline ; getline } > { print $2 }'' | \ > /usr/bin/tr '' > '' '':'' | /bin/sed -e ''s/:$//''`Try "bash -x javier1" and see what it''s doing. Also, check that there is nothing but a single newline between the single quote after "tr" and the closing quote on the next line (ie nothing after the quote, and nothing before the quote on the next line. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
If a run
#bash -x javier1
++ /sbin/iptables -L vpn1-in -vxn
++ /usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }''
++ /usr/bin/tr ''
'' :
++ /bin/sed -e ''s/:$//''
+ /usr/bin/rrdtool update vpn1-in.rrd N:
ERROR: expected 6 data source readings (got 1) from N:
-----------------------------------------
where do i have the mistake? i have introduced with command "o" on vi
editor, after the "tr '' " but it doesn´t work yet.
Somebody can help me please?
++ /sbin/iptables -L vpn1-in -vxn
++ /usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }''
++ /usr/bin/tr ''
'' :
++ /bin/sed -e ''s/:$//''
+ /usr/bin/rrdtool update vpn1-in.rrd N:
ERROR: expected 6 data source readings (got 1) from N:
Simon Hobson wrote:
Javier Martínez wrote:
I have followed this script, but it reports
me an error.
What i do is this:
# /sbin/iptables -L vpn1-in -vxn
Chain vpn1-in (6 references)
pkts bytes target prot opt in out source
destination
81172 4220945 all -- ppp0 * 192.168.1.100
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.101
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.102
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.103
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.104
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.105
0.0.0.0/0
and i make a cron with this file, that respond me with an error:
#sh javier1
ERROR: expected 6 data source readings (got 1) from N:
where the content of javier1 is:
# more javier1
#
/usr/bin/rrdtool update vpn1-in.rrd N:`/sbin/iptables -L vpn1-in -vxn |
\
/usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }'' | \
/usr/bin/tr ''
'' '':'' | /bin/sed -e
''s/:$//''`
Try "bash -x javier1" and see what it''s doing.
Also, check that there is nothing but a single newline between the
single quote after "tr" and the closing quote on the next line (ie
nothing after the quote, and nothing before the quote on the next line.
--
Javier
Martínez
Director General
Sip2000
Sistemas
Luis Morondo Urra 11 Bajo
31006 Pamplona Navarra
http://www.sip2000.es
Advertencia:
Esta comunicación está destinada a la persona a quién
se dirige y puede contener información confidencial o sometida
a secreto profesional. Su interceptación, utilización,
alteración, reproducción, difusión, cesión
a terceros y / o uso de su contenido puede constituir un delito. Si
Vd. no es el destinatario de este mensaje, por favor, destrúyalo
o devuélvalo al remitente. En cumplimiento de la Ley Orgánica
15/1999 de 13 de diciembre, de protección de datos de carácter
personal, se le informa que la dirección de correo electrónico
por usted facilitada va a ser incorporada a un fichero automatizado
denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La
recogida de estos datos tiene por finalidad posibilitar la gestión
económico-administrativa y comercial de la empresa. La
información facilitada por usted tiene como único
destinatario a la empresa responsable de los datos SIP2000 SISTEMAS.
En todo caso, usted puede en cualquier momento ejercitar los derechos
de acceso, rectificación, cancelación y oposición
dirigiéndose por escrito al encargado de los derechos de los
afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 -
Pamplona (Navarra).
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, Feb 02, 2008 at 01:20:38AM +0100, Javier Martínez wrote:> If a run > > #bash -x javier1 > ++ /sbin/iptables -L vpn1-in -vxn > ++ /usr/bin/awk ''BEGIN { getline ; getline } > { print $2 }'' > ++ /usr/bin/tr '' > '' : > ++ /bin/sed -e ''s/:$//'' > + /usr/bin/rrdtool update vpn1-in.rrd N: > ERROR: expected 6 data source readings (got 1) from N: > ----------------------------------------- > > where do i have the mistake? i have introduced with command "o" on vi editor, after the > "tr '' " but it doesn´t work yet. > ... > Javier Martínez wrote: > > > I have followed this script, but it reports me an error. > What i do is this: > > # /sbin/iptables -L vpn1-in -vxn > Chain vpn1-in (6 references) > pkts bytes target prot opt in out source destination > 81172 4220945 all -- ppp0 * 192.168.1.100 0.0.0.0/0 > 0 0 all -- ppp0 * 192.168.1.101 0.0.0.0/0 > 0 0 all -- ppp0 * 192.168.1.102 0.0.0.0/0 > 0 0 all -- ppp0 * 192.168.1.103 0.0.0.0/0 > 0 0 all -- ppp0 * 192.168.1.104 0.0.0.0/0 > 0 0 all -- ppp0 * 192.168.1.105 0.0.0.0/0 > > and i make a cron with this file, that respond me with an error: > > #sh javier1 > ERROR: expected 6 data source readings (got 1) from N: > > where the content of javier1 is: > > # more javier1 > # > /usr/bin/rrdtool update vpn1-in.rrd N:`/sbin/iptables -L vpn1-in -vxn | \ > /usr/bin/awk ''BEGIN { getline ; getline } > { print $2 }'' | \ > /usr/bin/tr '' > '' '':'' | /bin/sed -e ''s/:$//''`I''m not familiar with most of the programs you''re using, but would suggest breaking the problem down to check the output of each stage before continuing to pipe it into the next one. E.g., the sed pipe isn''t going to do anything good if it''s got garbage coming in (whether it has or hasn''t I have no idea). If, in the awk snippet, you''re trying to ignore the first two lines of the content you show above, I''m not sure using the BEGIN block will do that; instead, maybe try: /usr/bin/awk ''NR>2 { print $2 }'' which explicitly says to only do the action if the line count > 2. -- Ken Irving Water and Environmental Research Center Institute of Northern Engineering University of Alaska, Fairbanks ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Ohhhh it is impossible my awk doesn´t do nothing. I don´t know what to
do.
I have test the awk command basicaly by:
ls -l | awk ''{print $1}'' but it doesn''t respond
nothing
Any idea about? Please help me.
Ken Irving wrote:
On Sat, Feb 02, 2008 at 01:20:38AM +0100, Javier Martínez wrote:
If a run
#bash -x javier1
++ /sbin/iptables -L vpn1-in -vxn
++ /usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }''
++ /usr/bin/tr ''
'' :
++ /bin/sed -e ''s/:$//''
+ /usr/bin/rrdtool update vpn1-in.rrd N:
ERROR: expected 6 data source readings (got 1) from N:
-----------------------------------------
where do i have the mistake? i have introduced with command "o" on vi
editor, after the
"tr '' " but it doesn´t work yet.
...
Javier Martínez wrote:
I have followed this script, but it reports me an error.
What i do is this:
# /sbin/iptables -L vpn1-in -vxn
Chain vpn1-in (6 references)
pkts bytes target prot opt in out source
destination
81172 4220945 all -- ppp0 * 192.168.1.100
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.101
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.102
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.103
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.104
0.0.0.0/0
0 0 all -- ppp0 * 192.168.1.105
0.0.0.0/0
and i make a cron with this file, that respond me with an error:
#sh javier1
ERROR: expected 6 data source readings (got 1) from N:
where the content of javier1 is:
# more javier1
#
/usr/bin/rrdtool update vpn1-in.rrd N:`/sbin/iptables -L vpn1-in -vxn |
\
/usr/bin/awk ''BEGIN { getline ; getline }
{ print $2 }'' | \
/usr/bin/tr ''
'' '':'' | /bin/sed -e
''s/:$//''`
I''m not familiar with most of the programs you''re using, but
would
suggest breaking the problem down to check the output of each stage before
continuing to pipe it into the next one. E.g., the sed pipe isn''t
going
to do anything good if it''s got garbage coming in (whether it has or
hasn''t I have no idea).
If, in the awk snippet, you''re trying to ignore the first two lines of
the content you show above, I''m not sure using the BEGIN block will do
that; instead, maybe try:
/usr/bin/awk ''NR>2 { print $2 }''
which explicitly says to only do the action if the line count > 2.
--
Javier
Martínez
Director General
Sip2000
Sistemas
Luis Morondo Urra 11 Bajo
31006 Pamplona Navarra
http://www.sip2000.es
Advertencia:
Esta comunicación está destinada a la persona a quién
se dirige y puede contener información confidencial o sometida
a secreto profesional. Su interceptación, utilización,
alteración, reproducción, difusión, cesión
a terceros y / o uso de su contenido puede constituir un delito. Si
Vd. no es el destinatario de este mensaje, por favor, destrúyalo
o devuélvalo al remitente. En cumplimiento de la Ley Orgánica
15/1999 de 13 de diciembre, de protección de datos de carácter
personal, se le informa que la dirección de correo electrónico
por usted facilitada va a ser incorporada a un fichero automatizado
denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La
recogida de estos datos tiene por finalidad posibilitar la gestión
económico-administrativa y comercial de la empresa. La
información facilitada por usted tiene como único
destinatario a la empresa responsable de los datos SIP2000 SISTEMAS.
En todo caso, usted puede en cualquier momento ejercitar los derechos
de acceso, rectificación, cancelación y oposición
dirigiéndose por escrito al encargado de los derechos de los
afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 -
Pamplona (Navarra).
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:> Ohhhh it is impossible my awk doesn´t do nothing. I don´t know what to do. > > I have test the awk command basicaly by: > ls -l | awk ''{print $1}'' but it doesn''t respond nothing > > Any idea about? Please help me.I have an idea. Your signature describes you as "Director General" of your company. I suggest that you hire someone who has the basic skills to make "ls -l | awk ''{print $1}''" do what it should do and give that person the task of implementing your traffic reporting system. teastep@wifiursa:~> ls -l | awk ''{print $1}'' total drwxr-xr-x drwxr-xr-x ... < I''ve snipped a lot here -- my current working directory had lots of files in it > -rw-r--r-- -rw-r--r-- teastep@wifiursa:~> Even if you execute the command in an empty directory, this happens: teastep@wifiursa:~> mkdir empty teastep@wifiursa:~> cd empty teastep@wifiursa:~/empty> ls -l | awk ''{print $1}'' total teastep@wifiursa:~/empty> So _something_ is output ("total"). We are here to help you with Shorewall; not to teach you basic Unix scripting. If you must do this type of work yourself, then I have another suggestion: Brian Kernighan (the Father of Unix) and Rob Pike wrote their classic book "The UNIX Programming Environment" (Prentice Hall, ISBN 0-13-937699-2/0-13-937681-X {PBK}) in 1984. You should try to find a copy and read it. It was by studying that book in 1992 that I took my first step to learn about Unix. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/