Target[traffic]: `/var/www/mrtg.ds9a.nl/traffic`
and /var/www/mrtg.ds9a.nl/traffic:
#!/bin/sh
/sbin/iptables -L -n -v -x | grep mrtg- |grep "^ " | awk "{print \$2}"
uptime
uname -a
I made a little proggie to avoid piping awk or perl or any other reporting languge... Right now it uses this format:
rulenum [packets:bytes]
this format is for my own application, but you can modify the printf to report whatever you need with whatever separator you want, or even add another param to accept the rule number and get statistics of the desired rule. This can be adapted to mrtg so it will run faster without perl invocation.
I attach the code.
Nikolai
// iptables-counters.c , took from iptables sources
// 4 Aug 2001, Nikolai Vladychevski, niko@xxxxxxxxxx
//
// Instructions:
// place this file into iptables source directory to compile
//
// add this to Makefile :
// iptables-counters: iptables-counters.c iptables.o libiptc/libiptc.a
// $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl
// do "make"
// usage: iptables-counters [table] [chain]
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "libiptc/libiptc.h"
#include "iptables.h"
int main(int argc, char *argv[]) {
char *tablename="filter",*chainname;
const char *chain=NULL;
iptc_handle_t h;
if (argc<3) { printf("usage: %s table chain\n",argv[0]); return(1);}
tablename=argv[1];
chainname=argv[2];
if (!tablename || !chainname) { printf ("null paramms\n"); return(1);}
h=iptc_init(tablename);
if (!h) {
printf("Can't initialize:\n");
return(1);
}
for (chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h)) {
const struct ipt_entry *e;
int rule=1;
if (strcmp(chain,chainname)) continue;
e = iptc_first_rule(chain, &h);
while(e) {
if (1) {
printf("%d [%llu:%llu]\n", rule,e->counters.pcnt, e->counters.bcnt);
rule++;
}
e = iptc_next_rule(e, &h);
}
}
return(0);
}
