Raspberry Pi Traffic Monitoring: Difference between revisions
Jump to navigation
Jump to search
(→Start) |
No edit summary |
||
| Line 1: | Line 1: | ||
= The Why Of Fry = | = The Why Of Fry = | ||
After I did [[Raspberry as Pi Ethernet-WiFi-Bridge]], I thought it might be nice to monitor traffic via my bridge. | After I did [[Raspberry as Pi Ethernet-WiFi-Bridge]], I thought it might be nice to monitor traffic via my bridge. | ||
= iftop = | |||
== Installtion == | |||
apt-get install iftop | |||
== Additional scripts == | |||
=== cronjob === | |||
Since only root can access devices traffic, you need to sudo this, or run it in root's crontab: | |||
# Log traffic and generate gnuplots | |||
*/1 * * * * /bin/bash /home/pi/bin/trafficCheck.sh >> /dev/null 2>&1 | |||
=== trafficCheck.sh === | |||
#!/bin/bash | |||
set -x | |||
# File: trafficCheck.sh | |||
# Purpose: Measure traffic and log it. Must be run as root. | |||
# Origin: pi3 | |||
# | |||
# Globals | |||
# | |||
GBASENAME="trafficCheck" # TBD: get this from the env | |||
GSAMPLETIME=40 # in seconds. Same as 3rd average column. DO NOT CHANGE! | |||
GFOLDERTMP="/home/pi/var/trafficCheck/tmp" | |||
GFOLDERLOGS="/home/pi/var/trafficCheck/logs" | |||
GFOLDERWWWTXT="/var/www/html/traffic/archive-txt" | |||
GFILEOUTPUT="${GFOLDERTMP}/trafficCheck.out" | |||
GDATE="`date +%Y-%m-%d`" | |||
GTIME="`date +%H:%M`" | |||
GTIMEM="`date +%H-%M`" | |||
#GFILELOG="${GFOLDERTMP}/${GDATE}.txt" | |||
# Preparations for first run | |||
#mkdir -p "${GFOLDERTMP}" | |||
#mkdir -p "${GFOLDERLOGS}" | |||
# | |||
# Functions | |||
# | |||
function makeKBytes() | |||
{ | |||
# First make bytes... | |||
echo "${1}" | grep MB > /dev/null 2>&1 | |||
if [ "$?" -eq 0 ]; then | |||
# Megabreit! | |||
NUMBER="`echo \"${1}\" | cut -dM -f1`" | |||
RESULT="`echo \"${NUMBER} * 1024 * 1024\" | bc`" | |||
else | |||
echo "${1}" | grep KB > /dev/null 2>&1 | |||
if [ "$?" -eq 0 ]; then | |||
# Kilobyte | |||
NUMBER="`echo \"${1}\" | cut -dK -f1`" | |||
RESULT="`echo \"${NUMBER} * 1024\" | bc`" | |||
else | |||
# Bytes | |||
NUMBER="`echo \"${1}\" | cut -dB -f1`" | |||
RESULT=$NUMBER | |||
fi | |||
fi | |||
#echo RESULT | |||
# Make KBytes out of the bytes | |||
RESULT="`echo \"${RESULT} / 1024\" | bc`" | |||
echo $RESULT | |||
} | |||
# Sandbox | |||
#makeKBytes 2048B | |||
#makeKBytes 2048KB | |||
#makeKBytes 2048MB | |||
#exit 0 | |||
# | |||
# Main | |||
# | |||
echo "Init done. `date`" # just for profiling | |||
# Use iftop to get the traffic | |||
#/usr/sbin/iftop -Bts ${GSAMPLETIME} -i br0 > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr | |||
cd ~pi | |||
/usr/sbin/iftop -Bts ${GSAMPLETIME} > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr | |||
cat "${GFILEOUTPUT}" | |||
chown pi:pi "${GFILEOUTPUT}" | |||
echo "iftop done. `date`" # just for profiling | |||
# Make a copy of the text for later use (maybe) | |||
cp "${GFILEOUTPUT}" "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" | |||
chown pi:pi "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" | |||
echo "Text-Arch done. `date`" # just for profiling | |||
# Create individual logs per host | |||
cat "${GFILEOUTPUT}" | grep "=" | grep -v "==" | while read LINE1; do | |||
read LINE2 | |||
# echo "L1: $LINE1" | |||
# echo "L2: $LINE2" | |||
LSENDER="`echo ${LINE1} | awk '{printf $2}'`" | |||
LSENT="`echo ${LINE1} | awk '{printf $6}'`" # 5=last 10s, 6=last 40s | |||
LSENTKB="`makeKBytes ${LSENT}`" | |||
LRECEIVER="`echo ${LINE2} | awk '{printf $1}'`" | |||
LRECEIVED="`echo ${LINE2} | awk '{printf $5}'`" # 4=last 10s, 5=last 40s | |||
LRECEIVEDKB="`makeKBytes ${LRECEIVED}`" | |||
# If necessary swap directions to make reading and stacking n plot easier (always internal hosts left, so "up" is really "up") | |||
# Wenn SENDER kein "fritz" enthält, aber RECEIVER -> swap! ---> DAS GINGE VIELLEICHT AUCH MIT iftop OPTIONEN! | |||
if [ "`echo ${LSENDER} | grep '.fritz.box' > /dev/null ; echo $?`" != 0 -a "`echo ${LSENDER} | grep '192.168' > /dev/null; echo $?`" != 0 ]; then | |||
# Didn't find "fritz" on the left | |||
#if [ `echo ${LRECEIVER} | grep '.fritz.box' > /dev/null` -o `echo ${LRECEIVER} | grep '192.168' > /dev/null` ]; then | |||
# Aber rechts steht ein "fritz" | |||
# -> tauschen! | |||
TMP="${LSENDER}" | |||
LSENDER="${LRECEIVER}" | |||
LRECEIVER="${TMP}" | |||
TMP="${LSENT}" | |||
LSENT="${LRECEIVED}" | |||
TMP="${LSENTKB}" | |||
LSENTKB="${LRECEIVEDKB}" | |||
LRECEIVEDKB="${TMP}" | |||
#fi | |||
fi | |||
# echo "$LSENDER -- $LSENTKB --> <-- $LRECEIVEDKB -- $LRECEIVER" | |||
LFILELOG="${GFOLDERLOGS}/${GDATE}_${LSENDER}_${LRECEIVER}.txt" | |||
#HIER UNSINN test \! -f "${LFILELOG}" && echo -e "TIME\tSENTKB\tRECEIVEDKB" > "${LFILELOG}" # gnuplot seeams to skip the first line, so make it at least useful | |||
echo -e "$GTIME\t$LSENTKB\t$LRECEIVEDKB" >> "${LFILELOG}" | |||
chown pi:pi "${LFILELOG}" | |||
done | |||
echo "Split per host done. `date`" # just for profiling | |||
# Log | |||
#logger -p daemon.info "${GBASENAME}: Got the stats, begin plotting." | |||
# Generate Plot, this can be done by user pi | |||
#sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh > /dev/null 2>&1 | |||
sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh "${GDATE}" "${GTIME}" "${GTIMEM}" | |||
echo "Plot script done. `date`" # just for profiling | |||
# Log | |||
#logger -p daemon.info "${GBASENAME}: Plotting done, removing lock." | |||
# Remove Lock | |||
test -f "${GFILEOUTPUT}" && rm "${GFILEOUTPUT}" | |||
# EOF | |||
= hogwatch = | = hogwatch = | ||
| Line 15: | Line 158: | ||
TBD | TBD | ||
---- | ---- | ||
Revision as of 14:06, 21 February 2019
The Why Of Fry
After I did Raspberry as Pi Ethernet-WiFi-Bridge, I thought it might be nice to monitor traffic via my bridge.
iftop
Installtion
apt-get install iftop
Additional scripts
cronjob
Since only root can access devices traffic, you need to sudo this, or run it in root's crontab:
# Log traffic and generate gnuplots */1 * * * * /bin/bash /home/pi/bin/trafficCheck.sh >> /dev/null 2>&1
trafficCheck.sh
#!/bin/bash
set -x
# File: trafficCheck.sh
# Purpose: Measure traffic and log it. Must be run as root.
# Origin: pi3
#
# Globals
#
GBASENAME="trafficCheck" # TBD: get this from the env
GSAMPLETIME=40 # in seconds. Same as 3rd average column. DO NOT CHANGE!
GFOLDERTMP="/home/pi/var/trafficCheck/tmp"
GFOLDERLOGS="/home/pi/var/trafficCheck/logs"
GFOLDERWWWTXT="/var/www/html/traffic/archive-txt"
GFILEOUTPUT="${GFOLDERTMP}/trafficCheck.out"
GDATE="`date +%Y-%m-%d`"
GTIME="`date +%H:%M`"
GTIMEM="`date +%H-%M`"
#GFILELOG="${GFOLDERTMP}/${GDATE}.txt"
# Preparations for first run
#mkdir -p "${GFOLDERTMP}"
#mkdir -p "${GFOLDERLOGS}"
#
# Functions
#
function makeKBytes()
{
# First make bytes...
echo "${1}" | grep MB > /dev/null 2>&1
if [ "$?" -eq 0 ]; then
# Megabreit!
NUMBER="`echo \"${1}\" | cut -dM -f1`"
RESULT="`echo \"${NUMBER} * 1024 * 1024\" | bc`"
else
echo "${1}" | grep KB > /dev/null 2>&1
if [ "$?" -eq 0 ]; then
# Kilobyte
NUMBER="`echo \"${1}\" | cut -dK -f1`"
RESULT="`echo \"${NUMBER} * 1024\" | bc`"
else
# Bytes
NUMBER="`echo \"${1}\" | cut -dB -f1`"
RESULT=$NUMBER
fi
fi
#echo RESULT
# Make KBytes out of the bytes
RESULT="`echo \"${RESULT} / 1024\" | bc`"
echo $RESULT
}
# Sandbox
#makeKBytes 2048B
#makeKBytes 2048KB
#makeKBytes 2048MB
#exit 0
#
# Main
#
echo "Init done. `date`" # just for profiling
# Use iftop to get the traffic
#/usr/sbin/iftop -Bts ${GSAMPLETIME} -i br0 > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr
cd ~pi
/usr/sbin/iftop -Bts ${GSAMPLETIME} > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr
cat "${GFILEOUTPUT}"
chown pi:pi "${GFILEOUTPUT}"
echo "iftop done. `date`" # just for profiling
# Make a copy of the text for later use (maybe)
cp "${GFILEOUTPUT}" "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt"
chown pi:pi "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt"
echo "Text-Arch done. `date`" # just for profiling
# Create individual logs per host
cat "${GFILEOUTPUT}" | grep "=" | grep -v "==" | while read LINE1; do
read LINE2
# echo "L1: $LINE1"
# echo "L2: $LINE2"
LSENDER="`echo ${LINE1} | awk '{printf $2}'`"
LSENT="`echo ${LINE1} | awk '{printf $6}'`" # 5=last 10s, 6=last 40s
LSENTKB="`makeKBytes ${LSENT}`"
LRECEIVER="`echo ${LINE2} | awk '{printf $1}'`"
LRECEIVED="`echo ${LINE2} | awk '{printf $5}'`" # 4=last 10s, 5=last 40s
LRECEIVEDKB="`makeKBytes ${LRECEIVED}`"
# If necessary swap directions to make reading and stacking n plot easier (always internal hosts left, so "up" is really "up")
# Wenn SENDER kein "fritz" enthält, aber RECEIVER -> swap! ---> DAS GINGE VIELLEICHT AUCH MIT iftop OPTIONEN!
if [ "`echo ${LSENDER} | grep '.fritz.box' > /dev/null ; echo $?`" != 0 -a "`echo ${LSENDER} | grep '192.168' > /dev/null; echo $?`" != 0 ]; then
# Didn't find "fritz" on the left
#if [ `echo ${LRECEIVER} | grep '.fritz.box' > /dev/null` -o `echo ${LRECEIVER} | grep '192.168' > /dev/null` ]; then
# Aber rechts steht ein "fritz"
# -> tauschen!
TMP="${LSENDER}"
LSENDER="${LRECEIVER}"
LRECEIVER="${TMP}"
TMP="${LSENT}"
LSENT="${LRECEIVED}"
TMP="${LSENTKB}"
LSENTKB="${LRECEIVEDKB}"
LRECEIVEDKB="${TMP}"
#fi
fi
# echo "$LSENDER -- $LSENTKB --> <-- $LRECEIVEDKB -- $LRECEIVER"
LFILELOG="${GFOLDERLOGS}/${GDATE}_${LSENDER}_${LRECEIVER}.txt"
#HIER UNSINN test \! -f "${LFILELOG}" && echo -e "TIME\tSENTKB\tRECEIVEDKB" > "${LFILELOG}" # gnuplot seeams to skip the first line, so make it at least useful
echo -e "$GTIME\t$LSENTKB\t$LRECEIVEDKB" >> "${LFILELOG}"
chown pi:pi "${LFILELOG}"
done
echo "Split per host done. `date`" # just for profiling
# Log
#logger -p daemon.info "${GBASENAME}: Got the stats, begin plotting."
# Generate Plot, this can be done by user pi
#sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh > /dev/null 2>&1
sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh "${GDATE}" "${GTIME}" "${GTIMEM}"
echo "Plot script done. `date`" # just for profiling
# Log
#logger -p daemon.info "${GBASENAME}: Plotting done, removing lock."
# Remove Lock
test -f "${GFILEOUTPUT}" && rm "${GFILEOUTPUT}"
# EOF
hogwatch
Installation
pip install hogwatch --upgrade
Start
sudo hogwatch server
A really nice looking web page. WAF ok.
I abandoned this tool, since it doesn't work for me.
nethogs
TBD