ip_ - Wildcard-plugin to monitor IP addresses (IPv4 or IPv6) through iptables
This plugin needs to be run as root for iptables to work.
Additionally you can change the graph title from the IP address to a hostname by setting hostname in the configuration.
Example configuration follows. Only the first stanza is needed:
[ip_*] user root [ip_192.168.0.1] env.hostname host.example.com [ip_1080::8:800:200c:417a] env.hostname host6.example.com
This plugin does not use environment variables.
This is a wildcard plugin. To monitor traffic to or from an IP address, link ip_<ipaddress> to this file.
ln -s /usr/share/munin/plugins/ip_ \ /etc/munin/plugins/ip_192.0.2.1
will monitor the IP 192.0.2.1.
You will need to set up iptables rules to create packet counters for incoming and outgoing traffic. The examples here cover how to create the rules. Given the multitude of methods used to configure iptables firewalls, they do not show how to make them survive a reboot.
Please also note that we do not intend to make this script compatible with anything but these rules made explicitly for the plugin. If you use a firewall tool to create iptables rules you may find that that will not work. Please add the appropriate lines by hand (or by hand-made script) if so.
In the case of a multihomed host, to monitor the local IP "192.0.2.1", you will need the following rules:
iptables -I INPUT -d 192.0.2.1 iptables -I OUTPUT -s 192.0.2.1
In the other case, for the remote IP "192.0.2.2", you will need the following rules: (notice that the -s and -d are reversed)
iptables -I INPUT -s 192.0.2.2 iptables -I OUTPUT -d 192.0.2.2
These rules will insert, at the top of the iptables chains INPUT and OUTPUT one rule which will act as a packet counter.
Since the rule does not include a "-j" argument, it will not explicitly allow or block anything.
If the IP address in the link contains a ":", it is assumed to be a IPv6 address, and ip6tables are used instead of iptables to read the counters.
To create counters you will need to use "ip6tables" instead of "iptables".
Same example as above, for the local IPv6 address "2001:db8::1" and remote "2001:db8::2":
ip6tables -I INPUT -d 2001:db8::1 ip6tables -I OUTPUT -s 2001:db8::1 ip6tables -I INPUT -s 2001:db8::2 ip6tables -I OUTPUT -d 2001:db8::2
This plugin is based on the if_ plugin.
#%# family=auto #%# capabilities=autoconf suggest
Unknown. Suspected to be some Linpro employee.