source-git / mrtg

Clone
Source Code
GIT

Files

  1.   667938717d084574cba2cb3cafd6134fd58e8b87
  2.   contrib
  3.   whodo
  4.   README
Blob Blame History Raw 
WHODO

This is Whodo 1.11.

Whodo is a set of Perl scripts to analyse IP accounting data from a cisco 
router. The stats for each traffic source are fed into mrtg. Whodo also 
generates pie graphs showing traffic split by source or destination.


HOW TO

1. Put the scripts in the appropriate directories. There are 3 sets of files in 
whodo.
(i) Whodo/gifgraph contains a perl module written by Martien Verbruggen. 
I've made some changes to it so it does what I need. However I haven't 
been able to contact Martien & get them included in his distribution. GIFgraph
is used by “pie.pl”. You'll need to copy this to wherever you put 
your Perl modules. Note that gifgraph uses another module GD.pm. GD is 
available in/for the standard Perl distribution and ActivePerl. However if 
you use Perl for Win32, you are on your own.
(ii) Whodo/wwwscripts contains 2 CGI script. Put them wherever your CGI 
scripts live.
(iii) Whodo/* contains everything else. I keep this stuff under 
mrtg/contrib/whodo.

You'll also need the module SNMP_Session. If you don't have it, get it from
ftp://ftp.switch.ch/software/sources/network/snmp/perl/

2. Start IP accounting on the router. If you don't know what you are doing 
here, tread carefully – you can bring the router to its knees.

The community string that you will supply in the next step, for the $HOST
variable, must have READ-WRITE access to the router.  COLLECT.PL clears
the accounting list (SNMPSET) once the data is collected to not be double
counted and surely to keep reduce the memory requirements on the router.
To do this at the (config) prompt type : snmp-server community (your
community name) RW.  DO NOT do it to the community public, this will
leave your router open to attack.

3. You'll need to customise some constants at the start of collect.pl. You'll
need to change $HOST & $SOURCEDIR. $LOGPATH isn't relevant until step 6 
but you should set it up now. $BIGBYTES you'll probably need to keep 
tweaking. Basically, any source that generates more than $BIGBYTES 
between polls will get its own MRTG graph for ever more. Sources that 
never generate this much traffic will be grouped together as 
“Miscellaneous”.

$LOGPATH also occurs in pie.pl & makeanalyse.pl

4. You'll want to create a networks file – such as the standard “networks” file 
found in C:\winnt\system32\drivers\etc or /etc/networks. Collect.pl scans the 
file including comments following a normal line of data. The file is used to map
destination addresses to network names. Which makes the output (see step 6) much
more user friendly.

The file has a second function. If a trailing comment includes a “/” followed 
by a number, this is taken as the classless representation of the subnet mask 
size. If not, the network/subnet is assumed to be Class C.

A sample networks file is included.

5. Set collect.pl up to run periodically. I run it every 30 minutes with 
something like:

collect.pl -a c:\perl\mrtg\contrib\whodo\sources.cfg -n \
c:\winnt\system32\drivers\etc\networks
mrtg c:\perl\mrtg\contrib\whodo\sources.cfg

I've included a vestigial “sources.cfg”. You can use it to get you started.
Collect.pl maintains the file automatically.

You should now be getting mrtg graphs showing traffic generated by your 
traffic sources over time. Bask in it for a day.

6. collect.pl generates a new log/csv file every time it runs. By now you are 
probably up to your armpits in these files. I've included a script 
(summarise.pl) that I run every night to condense the day's log files into a 
single file. It doesn't need any arguments to run. However it does include a 
constant ($LOGPATH) that you'll need to change. Try running it.

7. So now you want to generate pie graphs breaking down traffic by source 
or destination? OK. You'll need to run makeanalyse.pl. It generates an 
HTML page that is used to generate the graphs. For example:
perl c:\perl\mrtg\contrib\whodo\makeanalyse.pl >d:\www\analyse.html

The page generated contains drop down lists containing the current sources 
and destinations. Since these will change over time, I run makeanalyse 
every night.

8. What's that? You want a more flexible way of mapping source addresses 
to text? You'd like to group multiple addresses under the same name? You 
want to use a name other than that in DNS?

OK. Create a file with two columns – the address and then name you want. 
In place of an address, you can use regular expressions. Thus the line 
“203.167.223.13[456]  Exchange” maps addresses 203.167.223.134, 
203.167.223.135 and 203.167.223.136 to the name “Exchange”. Note that the 
character “.” has its literal meaning – it is not a metacharacter.

If a source address does not appear in the sources file, it will be looked up 
with a normal reverse lookup. If that fails, the address is used. A sample 
sources file is included.

To make use of a sources file, change the command running collect.pl to 
something like:
collect.pl -a c:\perl\mrtg\contrib\whodo\sources.cfg -n \
c:\winnt\system32\drivers\etc\networks-s c:\perl\mrtg\contrib\whodo\sources

Mind you, if you'd had any sense you would have done this before step 5.


VOODOO

This program is free software; you can redistribute it and/or modify it under 
the terms of the GNU General Public License as published by the Free 
Software Foundation; either version 2 of the License, or (at your option) any 
later version.

This program is distributed in the hope that it will be useful, but WITHOUT 
ANY WARRANTY; without even the implied warranty of 
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
See the GNU General Public License for more details.


YOU TOO

Tobi has agreed to include this set of scripts in the mrtg distribution. So, if 
you make any improvements or bug fixes, please provide them to him. But 
please be aware that he can't support the scripts himself.



Tony Farr
24/3/99

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation