Hello all!
(and sorry for my english)
I found a cacti very usefool tool, but I needed an ability to get from my 2620XM data about using inet links by some users. I heard about NetFlow, but also I heard, that it calculate
input data, while I need info about
output (I use a NAT on my Cisco, so... you undestood
). So I need to analize data, which I get from Cisco throw rsh. So I ask my friend Dmytry to write for me some seample script on perl. He did it yersterday, I tested it, found some bugs, he fixed it today and... I like what we get
What does this script for? I have a Cisco (2620XM+2950). I have few local segment on few interfaces, few server's (mail, proxy, etc.) on other few interfaces and few inet links on... you understood
. Most users use Internet throw proxy server where squid have everything under control. But some users have direct access to internet using NAT on Cisco. And this (!) is realy interesting for me as SysAdmin.
So.
First: when I analize output of "ip accounting" on internal network interfave I have to ignore some
source IP's (or network), which are NOT from Internet.
Second: I need to calculate summary of bytes in the rest of rowses for
destination IP (or network) and output this summary (and summary of packets).
Of course for all this I need to get a data to my local server and update it every... If cmd.php runs every */5 minutes, so I update my file with "ip account" data every 4,9,14,19... you...
and so on...
Ok. Here it is:
Code:
#!/usr/bin/perl
#
# Cisco accounting analizer
#
# Made by Dmitry Doroshkov on Denis Terebiy request
#
# Usage:
# perl acc.pl [-f<acc_file_name>] [-e<exlc_ip_list>] [-i<incl_ip_list>]
#
# Keys:
# -f file_name (default file_name is /var/log/account.txt from current folder);
# Use file in format of cisco "show ip accounting" command
# ____
# Source Destination Packets Bytes
# 207.46.134.190 192.168.1.190 9 3328
# 195.245.253.2 192.168.1.177 937 986714
# ....
# 195.245.253.2 192.168.2.93 382 180789
# 195.245.253.2 192.168.2.92 1026 403110
#
# Accounting data age is 44
# ____
# -e comma "," delimited exclude Source IP list
# -i comma "," delimited include Destination IP list;
# There are some rules with this list - you can (and should) use special simbols
# when define IP or mask:
# 192.168.2.1 - that is also and 192.168.2.10 - 192.168.2.19
# so you have to mark last octet with "$" simbol - 192.168.2.1$
# 192.168.2 - that is not only 192.168.2.XXX, but also
# 192.168.2YY.XXX so, if you need just 192.168.2.XXX you should mark ends of
# first, second and third octets with "." simbol - 192.168.2.
# And last - you can use "*" simbol inside address and remember:
# 192.*.1$ means 192.XXX.YYY.1, but
# 192.*.1 also means 192.XXX.1.YYY and 192.XXX.YYY.1ZZ
#
# Examples:
# perl acc.pl -f account.txt -e 192.168.,127.0.0.1$
# perl acc.pl -faccount.txt -e192.168.,127.0.0.1$ -i192.168.1.190$,192.168.1.191$
#
# Output format:
# <sum_packets>:<sum_bytes>
#
# What does it means? Summary of packets and bytes for "Included" destination IP's
# (or few IP's, or some network - see examples), exept rows with "Excluded"
# source IP (or few ... you know :o)
#
# How can you create the source file?
# See: http://www.opennet.ru/tips/sml/4.shtml
# What? You do not undestood Russian? Thats bad.
#
# Where can you use this? I requested Dmitry to create this script for using with
# http://www.raxnet.net/products/cacti/ - Powerfool RRD frontend
# So I can see how my special users with direct Internet access load my (I like to
# think that they are mine ;o) Internet channels.
#
use strict;
use Getopt::Std;
our($opt_e, $opt_i, $opt_f);
my ($src, $dest, $packets, $bytes);
my $p_sum = 0;
my $b_sum = 0;
getopts('e:i:f:');
$opt_f = '/var/log/account.txt' unless defined($opt_f);
$opt_e = '$' unless defined($opt_e);
$opt_e =~ s/,/|^/g;
$opt_e =~ s/\./\\./g;
$opt_e =~ s/\*/.*/g;
$opt_e =~ s/^/^$1/;
$opt_i =~ s/,/|^/g;
$opt_i =~ s/\./\\./g;
$opt_i =~ s/\*/.*/g;
$opt_i =~ s/^/^$1/;
open F,"$opt_f" || die "Can't open file $opt_f, $!";
while (<F>) {
chomp;
s/^\s+//;
if (/^\d/) {
($src, $dest, $packets, $bytes) = m/(\S+)/g;
unless ($src =~ /$opt_e/) {
if ($dest =~ /$opt_i/) {
# You can uncomment next line to see the lines included to result
# print "Source=>$src, Destination=>$dest, Packets=>$packets, Bytes=>$bytes\n";
$p_sum += $packets;
$b_sum += $bytes;
}
}
}
}
close (F);
print "$p_sum:$b_sum";
And that's all!
Here is some hints on creating file, which we parsing for data:
1) On Cisco
Code:
c2620XM(config)#inter fa0/0.9
c2620XM(config-subif)#ip accounting output-packets
c2620XM(config)# ip rcmd remote-host <cisco_user> <server_ip> <server_cron_user> enable
2) On server
Crontab:
Code:
4,9,14,19,24,29,34,39,44,49,54,59 * * * * <server_cron_user> /usr/local/scripts/cisco.sh
cisco.sh:
Code:
#!/bin/sh
/usr/bin/rsh -l <cisco_user> <cisco_ip> clear ip accounting checkpoint>\dev\null
/usr/bin/rsh -l <cisco_user> <cisco_ip> clear ip accounting>\dev\null
/usr/bin/rsh -l <cisco_user> <cisco_ip> sh ip accounting checkpoint>/var/log/account.txt
And that's realy all. Any comments, ideas and spellchecks
will be wellcome.
Login
Register
FAQ
Search
