Raspberry Pi Traffic Monitoring: Difference between revisions
Jump to navigation
Jump to search
(→Start) |
No edit summary |
||
Line 1: | Line 1: | ||
= The Why Of Fry = | = The Why Of Fry = | ||
After I did [[Raspberry as Pi Ethernet-WiFi-Bridge]], I thought it might be nice to monitor traffic via my bridge. | After I did [[Raspberry as Pi Ethernet-WiFi-Bridge]], I thought it might be nice to monitor traffic via my bridge. | ||
= iftop = | |||
== Installtion == | |||
apt-get install iftop | |||
== Additional scripts == | |||
=== cronjob === | |||
Since only root can access devices traffic, you need to sudo this, or run it in root's crontab: | |||
# Log traffic and generate gnuplots | |||
*/1 * * * * /bin/bash /home/pi/bin/trafficCheck.sh >> /dev/null 2>&1 | |||
=== trafficCheck.sh === | |||
#!/bin/bash | |||
set -x | |||
# File: trafficCheck.sh | |||
# Purpose: Measure traffic and log it. Must be run as root. | |||
# Origin: pi3 | |||
# | |||
# Globals | |||
# | |||
GBASENAME="trafficCheck" # TBD: get this from the env | |||
GSAMPLETIME=40 # in seconds. Same as 3rd average column. DO NOT CHANGE! | |||
GFOLDERTMP="/home/pi/var/trafficCheck/tmp" | |||
GFOLDERLOGS="/home/pi/var/trafficCheck/logs" | |||
GFOLDERWWWTXT="/var/www/html/traffic/archive-txt" | |||
GFILEOUTPUT="${GFOLDERTMP}/trafficCheck.out" | |||
GDATE="`date +%Y-%m-%d`" | |||
GTIME="`date +%H:%M`" | |||
GTIMEM="`date +%H-%M`" | |||
#GFILELOG="${GFOLDERTMP}/${GDATE}.txt" | |||
# Preparations for first run | |||
#mkdir -p "${GFOLDERTMP}" | |||
#mkdir -p "${GFOLDERLOGS}" | |||
# | |||
# Functions | |||
# | |||
function makeKBytes() | |||
{ | |||
# First make bytes... | |||
echo "${1}" | grep MB > /dev/null 2>&1 | |||
if [ "$?" -eq 0 ]; then | |||
# Megabreit! | |||
NUMBER="`echo \"${1}\" | cut -dM -f1`" | |||
RESULT="`echo \"${NUMBER} * 1024 * 1024\" | bc`" | |||
else | |||
echo "${1}" | grep KB > /dev/null 2>&1 | |||
if [ "$?" -eq 0 ]; then | |||
# Kilobyte | |||
NUMBER="`echo \"${1}\" | cut -dK -f1`" | |||
RESULT="`echo \"${NUMBER} * 1024\" | bc`" | |||
else | |||
# Bytes | |||
NUMBER="`echo \"${1}\" | cut -dB -f1`" | |||
RESULT=$NUMBER | |||
fi | |||
fi | |||
#echo RESULT | |||
# Make KBytes out of the bytes | |||
RESULT="`echo \"${RESULT} / 1024\" | bc`" | |||
echo $RESULT | |||
} | |||
# Sandbox | |||
#makeKBytes 2048B | |||
#makeKBytes 2048KB | |||
#makeKBytes 2048MB | |||
#exit 0 | |||
# | |||
# Main | |||
# | |||
echo "Init done. `date`" # just for profiling | |||
# Use iftop to get the traffic | |||
#/usr/sbin/iftop -Bts ${GSAMPLETIME} -i br0 > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr | |||
cd ~pi | |||
/usr/sbin/iftop -Bts ${GSAMPLETIME} > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr | |||
cat "${GFILEOUTPUT}" | |||
chown pi:pi "${GFILEOUTPUT}" | |||
echo "iftop done. `date`" # just for profiling | |||
# Make a copy of the text for later use (maybe) | |||
cp "${GFILEOUTPUT}" "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" | |||
chown pi:pi "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" | |||
echo "Text-Arch done. `date`" # just for profiling | |||
# Create individual logs per host | |||
cat "${GFILEOUTPUT}" | grep "=" | grep -v "==" | while read LINE1; do | |||
read LINE2 | |||
# echo "L1: $LINE1" | |||
# echo "L2: $LINE2" | |||
LSENDER="`echo ${LINE1} | awk '{printf $2}'`" | |||
LSENT="`echo ${LINE1} | awk '{printf $6}'`" # 5=last 10s, 6=last 40s | |||
LSENTKB="`makeKBytes ${LSENT}`" | |||
LRECEIVER="`echo ${LINE2} | awk '{printf $1}'`" | |||
LRECEIVED="`echo ${LINE2} | awk '{printf $5}'`" # 4=last 10s, 5=last 40s | |||
LRECEIVEDKB="`makeKBytes ${LRECEIVED}`" | |||
# If necessary swap directions to make reading and stacking n plot easier (always internal hosts left, so "up" is really "up") | |||
# Wenn SENDER kein "fritz" enthält, aber RECEIVER -> swap! ---> DAS GINGE VIELLEICHT AUCH MIT iftop OPTIONEN! | |||
if [ "`echo ${LSENDER} | grep '.fritz.box' > /dev/null ; echo $?`" != 0 -a "`echo ${LSENDER} | grep '192.168' > /dev/null; echo $?`" != 0 ]; then | |||
# Didn't find "fritz" on the left | |||
#if [ `echo ${LRECEIVER} | grep '.fritz.box' > /dev/null` -o `echo ${LRECEIVER} | grep '192.168' > /dev/null` ]; then | |||
# Aber rechts steht ein "fritz" | |||
# -> tauschen! | |||
TMP="${LSENDER}" | |||
LSENDER="${LRECEIVER}" | |||
LRECEIVER="${TMP}" | |||
TMP="${LSENT}" | |||
LSENT="${LRECEIVED}" | |||
TMP="${LSENTKB}" | |||
LSENTKB="${LRECEIVEDKB}" | |||
LRECEIVEDKB="${TMP}" | |||
#fi | |||
fi | |||
# echo "$LSENDER -- $LSENTKB --> <-- $LRECEIVEDKB -- $LRECEIVER" | |||
LFILELOG="${GFOLDERLOGS}/${GDATE}_${LSENDER}_${LRECEIVER}.txt" | |||
#HIER UNSINN test \! -f "${LFILELOG}" && echo -e "TIME\tSENTKB\tRECEIVEDKB" > "${LFILELOG}" # gnuplot seeams to skip the first line, so make it at least useful | |||
echo -e "$GTIME\t$LSENTKB\t$LRECEIVEDKB" >> "${LFILELOG}" | |||
chown pi:pi "${LFILELOG}" | |||
done | |||
echo "Split per host done. `date`" # just for profiling | |||
# Log | |||
#logger -p daemon.info "${GBASENAME}: Got the stats, begin plotting." | |||
# Generate Plot, this can be done by user pi | |||
#sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh > /dev/null 2>&1 | |||
sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh "${GDATE}" "${GTIME}" "${GTIMEM}" | |||
echo "Plot script done. `date`" # just for profiling | |||
# Log | |||
#logger -p daemon.info "${GBASENAME}: Plotting done, removing lock." | |||
# Remove Lock | |||
test -f "${GFILEOUTPUT}" && rm "${GFILEOUTPUT}" | |||
# EOF | |||
= hogwatch = | = hogwatch = | ||
Line 15: | Line 158: | ||
TBD | TBD | ||
---- | ---- |
Revision as of 14:06, 21 February 2019
The Why Of Fry
After I did Raspberry as Pi Ethernet-WiFi-Bridge, I thought it might be nice to monitor traffic via my bridge.
iftop
Installtion
apt-get install iftop
Additional scripts
cronjob
Since only root can access devices traffic, you need to sudo this, or run it in root's crontab:
# Log traffic and generate gnuplots */1 * * * * /bin/bash /home/pi/bin/trafficCheck.sh >> /dev/null 2>&1
trafficCheck.sh
#!/bin/bash set -x # File: trafficCheck.sh # Purpose: Measure traffic and log it. Must be run as root. # Origin: pi3 # # Globals # GBASENAME="trafficCheck" # TBD: get this from the env GSAMPLETIME=40 # in seconds. Same as 3rd average column. DO NOT CHANGE! GFOLDERTMP="/home/pi/var/trafficCheck/tmp" GFOLDERLOGS="/home/pi/var/trafficCheck/logs" GFOLDERWWWTXT="/var/www/html/traffic/archive-txt" GFILEOUTPUT="${GFOLDERTMP}/trafficCheck.out" GDATE="`date +%Y-%m-%d`" GTIME="`date +%H:%M`" GTIMEM="`date +%H-%M`" #GFILELOG="${GFOLDERTMP}/${GDATE}.txt" # Preparations for first run #mkdir -p "${GFOLDERTMP}" #mkdir -p "${GFOLDERLOGS}" # # Functions # function makeKBytes() { # First make bytes... echo "${1}" | grep MB > /dev/null 2>&1 if [ "$?" -eq 0 ]; then # Megabreit! NUMBER="`echo \"${1}\" | cut -dM -f1`" RESULT="`echo \"${NUMBER} * 1024 * 1024\" | bc`" else echo "${1}" | grep KB > /dev/null 2>&1 if [ "$?" -eq 0 ]; then # Kilobyte NUMBER="`echo \"${1}\" | cut -dK -f1`" RESULT="`echo \"${NUMBER} * 1024\" | bc`" else # Bytes NUMBER="`echo \"${1}\" | cut -dB -f1`" RESULT=$NUMBER fi fi #echo RESULT # Make KBytes out of the bytes RESULT="`echo \"${RESULT} / 1024\" | bc`" echo $RESULT } # Sandbox #makeKBytes 2048B #makeKBytes 2048KB #makeKBytes 2048MB #exit 0 # # Main # echo "Init done. `date`" # just for profiling # Use iftop to get the traffic #/usr/sbin/iftop -Bts ${GSAMPLETIME} -i br0 > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr cd ~pi /usr/sbin/iftop -Bts ${GSAMPLETIME} > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr cat "${GFILEOUTPUT}" chown pi:pi "${GFILEOUTPUT}" echo "iftop done. `date`" # just for profiling # Make a copy of the text for later use (maybe) cp "${GFILEOUTPUT}" "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" chown pi:pi "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" echo "Text-Arch done. `date`" # just for profiling # Create individual logs per host cat "${GFILEOUTPUT}" | grep "=" | grep -v "==" | while read LINE1; do read LINE2 # echo "L1: $LINE1" # echo "L2: $LINE2" LSENDER="`echo ${LINE1} | awk '{printf $2}'`" LSENT="`echo ${LINE1} | awk '{printf $6}'`" # 5=last 10s, 6=last 40s LSENTKB="`makeKBytes ${LSENT}`" LRECEIVER="`echo ${LINE2} | awk '{printf $1}'`" LRECEIVED="`echo ${LINE2} | awk '{printf $5}'`" # 4=last 10s, 5=last 40s LRECEIVEDKB="`makeKBytes ${LRECEIVED}`" # If necessary swap directions to make reading and stacking n plot easier (always internal hosts left, so "up" is really "up") # Wenn SENDER kein "fritz" enthält, aber RECEIVER -> swap! ---> DAS GINGE VIELLEICHT AUCH MIT iftop OPTIONEN! if [ "`echo ${LSENDER} | grep '.fritz.box' > /dev/null ; echo $?`" != 0 -a "`echo ${LSENDER} | grep '192.168' > /dev/null; echo $?`" != 0 ]; then # Didn't find "fritz" on the left #if [ `echo ${LRECEIVER} | grep '.fritz.box' > /dev/null` -o `echo ${LRECEIVER} | grep '192.168' > /dev/null` ]; then # Aber rechts steht ein "fritz" # -> tauschen! TMP="${LSENDER}" LSENDER="${LRECEIVER}" LRECEIVER="${TMP}" TMP="${LSENT}" LSENT="${LRECEIVED}" TMP="${LSENTKB}" LSENTKB="${LRECEIVEDKB}" LRECEIVEDKB="${TMP}" #fi fi # echo "$LSENDER -- $LSENTKB --> <-- $LRECEIVEDKB -- $LRECEIVER" LFILELOG="${GFOLDERLOGS}/${GDATE}_${LSENDER}_${LRECEIVER}.txt" #HIER UNSINN test \! -f "${LFILELOG}" && echo -e "TIME\tSENTKB\tRECEIVEDKB" > "${LFILELOG}" # gnuplot seeams to skip the first line, so make it at least useful echo -e "$GTIME\t$LSENTKB\t$LRECEIVEDKB" >> "${LFILELOG}" chown pi:pi "${LFILELOG}" done echo "Split per host done. `date`" # just for profiling # Log #logger -p daemon.info "${GBASENAME}: Got the stats, begin plotting." # Generate Plot, this can be done by user pi #sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh > /dev/null 2>&1 sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh "${GDATE}" "${GTIME}" "${GTIMEM}" echo "Plot script done. `date`" # just for profiling # Log #logger -p daemon.info "${GBASENAME}: Plotting done, removing lock." # Remove Lock test -f "${GFILEOUTPUT}" && rm "${GFILEOUTPUT}" # EOF
hogwatch
Installation
pip install hogwatch --upgrade
Start
sudo hogwatch server
A really nice looking web page. WAF ok.
I abandoned this tool, since it doesn't work for me.
nethogs
TBD