RRDTool Monitoring

Basic traffic monitoring with RRDTool and iptables:

Create your .rrd database using something like the following, you'll obviously want to change the paths to something suitable to your system:

rrdtool create /root/scripts/rrdtool/rrds/traffic.rrd -s 300 \
DS:in:COUNTER:600:0:999999999999 \
DS:out:COUNTER:600:0:999999999999 \
RRA:AVERAGE:0.5:1:1440 \
RRA:MAX:0.5:12:17520 \

Add the necessary rules to your iptables firewall for accounting purposes (your mileage may vary as to where you wish to create these rules and how you want them named):

# eth0 is my external interface, eth1 is my internal
$IPT -N acctin
$IPT -F acctin
$IPT -A acctin -j RETURN
$IPT -I FORWARD 1 -i eth0 -j acctin
$IPT -N acctout
$IPT -F acctout
$IPT -A acctout -j RETURN
$IPT -I FORWARD 1 -i eth1 -j acctout

Create a bash script with the following content, chmod +x it and put it somewhere sensible, I usually keep them all in `/root/scripts/rrdtool/`

In=`iptables -L acctin -v -n -x|tail -n 1|awk '{print $2}'`
Out=`iptables -L acctout -v -n -x|tail -n 1|awk '{print $2}'`
rrdtool update /root/scripts/rrdtool/rrds/traffic.rrd N:$In:$Out

Add a cronjob to run every five minutes and update the .rrd

*/5 * * * *     root    /root/scripts/rrdtool/traffic

And finally, you'll want to make some pretty graphs based on the data you've collected:

rrdtool graph /root/scripts/rrdtool/traffic.png -a PNG --title="siftah.co.uk - $Date" \
--vertical-label "KBytes/Second" -w $Width -h $Height \
-L 4 -b 1024 -u 256000 -l -30720 -r \
'DEF:in_bytes=/root/scripts/rrdtool/rrds/traffic.rrd:in:AVERAGE' \
'DEF:out_bytes=/root/scripts/rrdtool/rrds/traffic.rrd:out:AVERAGE' \
'CDEF:out_neg=out_bytes,-1,*' \
'CDEF:total_bytes=in_bytes,out_bytes,+' \
'VDEF:total_in=in_bytes,TOTAL' \
'VDEF:total_out=out_bytes,TOTAL' \
'VDEF:total=total_bytes,TOTAL' \
'AREA:in_bytes#00dd00:In' \
'AREA:out_neg#0000ff:Out\l' \
"GPRINT:in_bytes:LAST:Last In\: %6.2lf %sB" \
"GPRINT:out_bytes:LAST:Last Out\: %6.2lf %sB\l" \
"GPRINT:in_bytes:MAX:Max In\: %6.2lf %sB" \
"GPRINT:out_bytes:MAX:Max Out\: %6.2lf %sB\r" \
'GPRINT:total_in:Data In\: %6.2lf %s ' \
'GPRINT:total_out:Data Out\: %6.2lf %s ' \
'GPRINT:total:Total\: %6.2lf %s ' \

That should be reasonably self-explanatory and easy enough to follow, HTH.

