Raspberry Pi Traffic Monitoring
Jump to navigation
Jump to search
The Why Of Fry
After I did Raspberry as Pi Ethernet-WiFi-Bridge, I thought it might be nice to monitor traffic via my bridge.
iftop
Installtion
apt-get install iftop
Additional scripts
cronjob
Since only root can access devices traffic, you need to sudo this, or run it in root's crontab:
# Log traffic and generate gnuplots */1 * * * * /bin/bash /home/pi/bin/trafficCheck.sh >> /dev/null 2>&1
trafficCheck.sh
#!/bin/bash set -x # File: trafficCheck.sh # Purpose: Measure traffic and log it. Must be run as root. # Origin: pi3 # # Globals # GBASENAME="trafficCheck" # TBD: get this from the env GSAMPLETIME=40 # in seconds. Same as 3rd average column. DO NOT CHANGE! GFOLDERTMP="/home/pi/var/trafficCheck/tmp" GFOLDERLOGS="/home/pi/var/trafficCheck/logs" GFOLDERWWWTXT="/var/www/html/traffic/archive-txt" GFILEOUTPUT="${GFOLDERTMP}/trafficCheck.out" GDATE="`date +%Y-%m-%d`" GTIME="`date +%H:%M`" GTIMEM="`date +%H-%M`" #GFILELOG="${GFOLDERTMP}/${GDATE}.txt" # Preparations for first run #mkdir -p "${GFOLDERTMP}" #mkdir -p "${GFOLDERLOGS}" # # Functions # function makeKBytes() { # First make bytes... echo "${1}" | grep MB > /dev/null 2>&1 if [ "$?" -eq 0 ]; then # Megabreit! NUMBER="`echo \"${1}\" | cut -dM -f1`" RESULT="`echo \"${NUMBER} * 1024 * 1024\" | bc`" else echo "${1}" | grep KB > /dev/null 2>&1 if [ "$?" -eq 0 ]; then # Kilobyte NUMBER="`echo \"${1}\" | cut -dK -f1`" RESULT="`echo \"${NUMBER} * 1024\" | bc`" else # Bytes NUMBER="`echo \"${1}\" | cut -dB -f1`" RESULT=$NUMBER fi fi #echo RESULT # Make KBytes out of the bytes RESULT="`echo \"${RESULT} / 1024\" | bc`" echo $RESULT } # Sandbox #makeKBytes 2048B #makeKBytes 2048KB #makeKBytes 2048MB #exit 0 # # Main # echo "Init done. `date`" # just for profiling # Use iftop to get the traffic #/usr/sbin/iftop -Bts ${GSAMPLETIME} -i br0 > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr cd ~pi /usr/sbin/iftop -Bts ${GSAMPLETIME} > "${GFILEOUTPUT}" 2>&1 # for some reason the output goes to stderr cat "${GFILEOUTPUT}" chown pi:pi "${GFILEOUTPUT}" echo "iftop done. `date`" # just for profiling # Make a copy of the text for later use (maybe) cp "${GFILEOUTPUT}" "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" chown pi:pi "${GFOLDERWWWTXT}/${GDATE}_${GTIMEM}.txt" echo "Text-Arch done. `date`" # just for profiling # Create individual logs per host cat "${GFILEOUTPUT}" | grep "=" | grep -v "==" | while read LINE1; do read LINE2 # echo "L1: $LINE1" # echo "L2: $LINE2" LSENDER="`echo ${LINE1} | awk '{printf $2}'`" LSENT="`echo ${LINE1} | awk '{printf $6}'`" # 5=last 10s, 6=last 40s LSENTKB="`makeKBytes ${LSENT}`" LRECEIVER="`echo ${LINE2} | awk '{printf $1}'`" LRECEIVED="`echo ${LINE2} | awk '{printf $5}'`" # 4=last 10s, 5=last 40s LRECEIVEDKB="`makeKBytes ${LRECEIVED}`" # If necessary swap directions to make reading and stacking n plot easier (always internal hosts left, so "up" is really "up") # Wenn SENDER kein "fritz" enthält, aber RECEIVER -> swap! ---> DAS GINGE VIELLEICHT AUCH MIT iftop OPTIONEN! if [ "`echo ${LSENDER} | grep '.fritz.box' > /dev/null ; echo $?`" != 0 -a "`echo ${LSENDER} | grep '192.168' > /dev/null; echo $?`" != 0 ]; then # Didn't find "fritz" on the left #if [ `echo ${LRECEIVER} | grep '.fritz.box' > /dev/null` -o `echo ${LRECEIVER} | grep '192.168' > /dev/null` ]; then # Aber rechts steht ein "fritz" # -> tauschen! TMP="${LSENDER}" LSENDER="${LRECEIVER}" LRECEIVER="${TMP}" TMP="${LSENT}" LSENT="${LRECEIVED}" TMP="${LSENTKB}" LSENTKB="${LRECEIVEDKB}" LRECEIVEDKB="${TMP}" #fi fi # echo "$LSENDER -- $LSENTKB --> <-- $LRECEIVEDKB -- $LRECEIVER" LFILELOG="${GFOLDERLOGS}/${GDATE}_${LSENDER}_${LRECEIVER}.txt" #HIER UNSINN test \! -f "${LFILELOG}" && echo -e "TIME\tSENTKB\tRECEIVEDKB" > "${LFILELOG}" # gnuplot seeams to skip the first line, so make it at least useful echo -e "$GTIME\t$LSENTKB\t$LRECEIVEDKB" >> "${LFILELOG}" chown pi:pi "${LFILELOG}" done echo "Split per host done. `date`" # just for profiling # Log #logger -p daemon.info "${GBASENAME}: Got the stats, begin plotting." # Generate Plot, this can be done by user pi #sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh > /dev/null 2>&1 sudo -u pi /bin/bash /home/pi/bin/trafficPlot.sh "${GDATE}" "${GTIME}" "${GTIMEM}" echo "Plot script done. `date`" # just for profiling # Log #logger -p daemon.info "${GBASENAME}: Plotting done, removing lock." # Remove Lock test -f "${GFILEOUTPUT}" && rm "${GFILEOUTPUT}" # EOF
hogwatch
Installation
pip install hogwatch --upgrade
Start
sudo hogwatch server
A really nice looking web page. WAF ok.
I abandoned this tool, since it doesn't work for me.
nethogs
TBD