/usr/share/munin/plugins/ip_ is in munin-node 1.4.6-3ubuntu3.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 | #!/bin/bash
# -*- sh -*-
: << =cut
=head1 NAME
ip_ - Wildcard-plugin to monitor IP addresses through iptables
=head1 CONFIGURATION
This plugin needs to be run as root for iptables to work.
Additionally you can change the graph title from the ip address to a
hostname by setting hostname in the configuration.
Example configuration follows. Only the first stanza is needed:
[ip_*]
user root
[ip_192.168.0.1]
env.hostname host.example.com
=head2 ENVIRONMENT VARIABLES
This plugin does not use environment variables
=head2 WILDCARD PLUGIN
This is a wildcard plugin. To monitor traffic to or from an IP
address, link ip_<ipaddress> to this file.
E.g.
ln -s /usr/share/node/node/plugins-auto/ip_ \
/etc/munin/node.d/ip_192.0.2.1
...will monitor the IP 192.0.2.1 (you may be using other directories
in your setup).
=head2 IPTABLES
You will need to set up iptables rules to create packet counters for
incoming and outgoing traffic. The examples here covers how to create
the rules. Given the multitude of methods used to configure iptables
firewalls, they do not show how to make them survive a reboot.
Please also note that we do not intend to make this script compatible
with anything but these rules made explicitly for the plugin. If you
use a firewall tool to create iptables rules you may find that that
will not work. Please add the appropriate lines by hand (or by
hand-made script) if so.
=head3 IPv4
For the IP address "192.0.2.0", you will need the rules:
iptables -I INPUT -d 192.0.2.1
iptables -I OUTPUT -s 192.0.2.1
These rules will insert, at the top of the iptables chains INPUT and
OUTPUT one rule which will act as a packet counter.
Since the rule does not include a "-j" argument, it will not
explicitly allow or block anything.
=head3 IPv6
If the IP number in the link contains a ":", it is assumed to be a ip6
IP number and ip6tables are used instead of iptables to read the
counters.
To create counters you will need to use "ip6tables" instead of
"iptables".
Example for the IPv6 address "2001:db8::1":
ip6tables -I INPUT -d 2001:db8::1
ip6tables -I OUTPUT -s 2001:db8::1
=head1 BUGS
None known.
=head1 NOTES
This plugin is based on the if_ plugin.
=head1 MAGIC MARKERS
#%# family=auto
#%# capabilities=autoconf suggest
=head1 AUTHOR
Unknown. Suspected to be some Linpro employee.
=head1 LICENSE
Unknown.
=cut
. $MUNIN_LIBDIR/plugins/plugin.sh
IP=${0##*/ip_}
INPUT=${input:-INPUT}
OUTPUT=${output:-OUTPUT}
case $IP in
*:*) # I know this! This is IPv6!
# This is a fun hack to make the plugin ip6 compatible.
# Suggested in ticket #439 by "jodal".
eval 'function iptables() {
/sbin/ip6tables "$@"
}'
;;
esac
if [ "$1" = "autoconf" ]; then
if [ -r /proc/net/dev ]; then
iptables -L ${INPUT} -v -n -x >/dev/null 2>/dev/null
if [ $? -gt 0 ]; then
echo "no (could not run iptables as user `whoami`)"
exit 0
else
echo yes
exit 0
fi
else
echo "no (/proc/net/dev not found)"
exit 0
fi
fi
if [ "$1" = "suggest" ]; then
iptables -L ${INPUT} -v -n -x 2>/dev/null | awk --posix '$8 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}$/ { if (done[$8]!=1) {print $8; done[$8]=1;}}'
if [ -x /sbin/ip6tables ]; then
ip6tables -L ${INPUT} -v -n -x 2>/dev/null | awk --posix '$7 ~ /\/128$/ { if (done[$7]!=1) {a=$7;gsub(/\/128$/, "", a); print a; done[$7]=1;}}'
fi
exit 0
fi
if [ "$1" = "config" ]; then
echo "graph_order out in"
title=$IP
if [ -n "$hostname" ]; then
title="$hostname"
fi
echo "graph_title $title traffic"
echo 'graph_args --base 1000'
echo 'graph_vlabel bits per ${graph_period}'
echo 'graph_category network'
echo 'out.label sent'
echo 'out.type DERIVE'
echo 'out.min 0'
echo 'out.cdef out,8,*'
echo 'in.label received'
echo 'in.type DERIVE'
echo 'in.min 0'
echo 'in.cdef in,8,*'
print_warning out
print_critical out
print_warning in
print_critical in
exit 0
fi;
# Escape .'s so they don't match _everything_?
IP="$( echo $IP | sed 's~\.~\\.~g' )"
iptables -L ${INPUT} -v -n -x | awk "/$IP"'[ /]/ { print "in.value " $2; exit 0; }'
iptables -L ${OUTPUT} -v -n -x | awk "/$IP"'[ /]/ { print "out.value " $2; exit 0; }'
|