fw_packets

#!/usr/bin/perl -w

use strict;
use warnings;

=head1 NAME

fw_packets - Plugin to monitor the throuhgput of a firewall

=head1 CONFIGURATION

This plugin must run with root privileges

=head1 CONFIGURATION EXAMPLE

/etc/munin/plugin-conf.d/global or other file in that dir must contain:

 [fw*]
  user root

=head1 AUTHOR

Unknown author

=head1 LICENSE

GPLv2

=head1 MAGIC MARKERS

 #%# family=auto
 #%# capabilities=autoconf

=cut

if ( $ARGV[0] ) {

    if ( $ARGV[0] eq 'autoconf' ) {
	if ( -r '/proc/net/snmp') {
	    print "yes\n";
	    exit 0;
	}
	print "no (file /proc/net/snmp not readable)\n";
	exit 0;

    } elsif ( $ARGV[0] eq 'config' ) {
	print <<EOM;
graph_title Firewall Throughput
graph_args --base 1000 -l 0
graph_vlabel Packets/\${graph_period}
graph_category network
received.label Received
received.draw AREA
received.type DERIVE
received.min 0
forwarded.label Forwarded
forwarded.draw LINE2
forwarded.type DERIVE
forwarded.min 0
EOM
# Is LINE1 better I wonder?  The lines are meant to show how large a
# portion of the total received packets gets forwarded.
# rejected.label rejected
# rejected.draw LINE2
# rejected.type COUNTER
	exit 0;
    }
}

open(F, "/proc/net/snmp") or die "Cannot read /proc/net/snmp: $!\n";

while (<F>) {
    if (/^Ip: \d/) {
	my @ip = split;
	my $forwarded = $ip[6];  #forwarded
	my $received = $ip[3];   #received
	print "received.value $received\n";
	print "forwarded.value $forwarded\n";

	# This calculation is invalid, the packet may have been
	# destined for the firewall, then the difference is wrong.  If
	# you firewall does not receive traffic itself it is correct
	# though.
	#
	# print "rejected.value ", $received - $forwarded,"\n";
	last;
    }
}
close(F);