Blob Blame History Raw
ipchainacc 1.1.0

Author: John Lange john@darkcore.net
Date  : September 12, 2000

ipchains accounting script for use with MRTG

*** New in this version ***
*** please read before  ***
*** using this script   ***

***
In version 1.0.1, the script is actually counting packets, NOT bytes as
was intended. I apologize for this mistake.

By default, this new version of the script also counts packets NOT bytes.
I've done this to maintain compatibility with the previous (buggy) version
so that people who blindly upgrade won't suddenly find all of their output
out of whack.

To change to counting bytes, please edit the ipchainacc script.
***

In order for this script to work:

1)
You need a kernel which was compiled with the configuration option 
CONFIG_IP_FIREWALL set to y. You also need the front end to ip firewall and
ip accounting, that is, the tool 'ipchains'. I used version 1.3.9.

2)
Add input and output rules to ipchains for accounting. I've included the
small script ipchainacc.rules. If you run it, it will do what it needs for
ipchains to work with this script. I recommend you have a look at it before
running it. It shouldn't break anything because it just adds some empty
rules at the top of the input and output chains for accounting purposes. One
concern however is that these rules have to be first on the chains to work.
If you have some bad IPs black-holed these rules will still count packets
from them which might be bad for server load.

2)
edit the script ipchainacc for your system. You only need give it the path
to ipchains and hostname. Alternatively, you can just remove the call to
hostname and assign it manually.

The ipchainacc script can also be run from the console if you want to see the output.

3) edit your mrtg.cfg for your system. For this script to be incorperated
into mrtg, you need only add the following line to mrtg.cfg:

Target[ipchains]: `/sbin/ipchainacc`

4) set mrtg to run as a cron (see the mrtg docs)

------
NOTE: this script is very basic. It captures accounting information for
EVERYTHING coming in and out of your machine on all interfaces and IPs.

If you need to narrow the accounting rules, you will have to edit the
ipchainacc.rules script. I've included a very simple example in that script
on how to narrow the accounting but it remains untested.