IPCAD
Web-морда для ipcad.
-----------------------------
В случае чего заменить знаки:
< на <
-----------------------------
Завязка ipcad > log > mysql > apache2 _php _mysql > html
sh# make search name=ipcad
-------------------------------------------------------------------
Port: ipcad-3.7.3_1
Path: /usr/ports/net-mgmt/ipcad
Info: IP accounting daemon with Cisco-like RSH and NetFlow export
Maint: vlm@lionet.info
B-deps:
R-deps:
WWW: http://ipcad.sourceforge.net/
-------------------------------------------------------------------
sh# cd /usr/ports/net-mgmt/ipcad && make install clean
sh# cat /conf/ipcad.conf
------------------------------------------
capture-ports enable;
buffers = 64k;
interface nve0 input-only netflow-disable;
aggregate 192.168.0.0/16 strip 32;
rsh enable at 127.0.0.1;
rsh root@127.0.0.1 admin;
rsh 127.0.0.1 view-only;
rsh ttl = 3;
rsh timeout = 30;
pidfile = ipcad.pid;
dumpfile = ipcad.dump;
chroot = /var/log/ipcad;
#uid = 65534;
#gid = 65534;
memory_limit = 10m;
------------------------------------------
sh# echo 'ipcad_enable="YES"' >> /etc/rc.conf && /rc.d/ipcad start
Теперь ipcad начинает скапливать данные.
В mysql создаём bd ipcad с таблицей stat и полями:
date,source,destination,packets,bytes,port
Приблизительно так:
sh# cat db_ipcad.sql
------------------------------------
CREATE DATABASE IF NOT EXISTS ipcad;
USE ipcad;
CREATE TABLE IF NOT EXISTS stat (
date CHAR ( 12 ) NOT NULL,
source CHAR ( 20 ) NOT NULL,
destination CHAR ( 20 ) NOT NULL,
packets INT ( 50 ) NOT NULL,
bytes INT ( 50 ) NOT NULL,
port INT ( 8 ) NOT NULL
);
------------------------------------
Ну и загоняем её в mysql
sh# mysql -user=xxxxxx -password=xxxxxx < db_mysql.sql
Дальше создаём скрипт для сливания данных в файл и
для парсинга с переносом данных в бд mysql
sh# cat /usr/local/sbin/ipcad2mysql.sh
------------------------------------------------------------------------------------------------------------------------------------------------
#!/bin/sh
rsh 127.0.0.1 dump > /var/log/ipcad/ipcad.dump && rsh 127.0.0.1 clear ip accounting > /dev/null 2>&1 &&
cat /var/log/ipcad/ipcad.dump | grep "192.168" | awk '{ "date +%d/%m/%Y" | getline dt
printf "INSERT INTO ipcad.stat (date,source,destination,packets,bytes,port) VALUES (\""dt"\",\""$1"\",\""$2"\",\""$3"\",\""$4"\",\""$5"\");""\n"
}' | /usr/local/bin/mysql --user=xxxxxx --password=xxxxxx
------------------------------------------------------------------------------------------------------------------------------------------------
Не забываем проставлять свои данные вместо xxxxxx ;)
Этот скрипт будет запускаться раз в минуту через cron
sh# ee /etc/crontab
-----------------------------------------------------------------------------
#minute hour mday month wday who command
*/1 * * * * root /var/log/ipcad/ipcad2mysql.sh
-----------------------------------------------------------------------------
sh# /etc/rc.d/cron restart
Слудующим щагом будут 3 скрипта, которые кинем в папку на обработку нашему
веб серверу. И через php будем выгребать из mysql, получая отчёты:
Скрипт No1 index.php - главная страница с выбором даты
---------------------------------------------------------------------------------------------
<?php
echo '<html><head><title>'."IPCAD logs, filtred $crATich4".'</title>';
echo '<style type="text/css">';
echo 'body { margin: 2mm; background-color: #CCFFFF; font-family: Tahoma; font-size: 12px }';
echo 'td { color: #000000; font-family: Tahoma; font-size: 12px; text-align: center }';
echo '</style></head><body>';
echo '<center><H1>IPCAD log\'s Analyzer</H1><br>';
echo '<H4>ipcad->stdout->mysql->php->web</H4>';
echo '<form method="GET" action="count.php" target="_blank">';
#TB1##########################################################
echo '<table><tr><td>';
#-----------------------------------------------------
echo '<select name="Day">';
echo '<option value="All">All</option>';
$i=1;
while ($i<=31) {
echo '<option value="'.$i.'">'.$i.'</option>';
$i++;
}
echo '</select>';
#-----------------------------------------------------
echo '</td><td>';
#-----------------------------------------------------
echo '<select name="Mon">';
echo '<option value="01">January</option>';
echo '<option value="02">February</option>';
echo '<option value="03">March</option>';
echo '<option value="04">April</option>';
echo '<option value="05">May</option>';
echo '<option value="06">June</option>';
echo '<option value="07">Jule</option>';
echo '<option value="08">August</option>';
echo '<option value="09">September</option>';
echo '<option value="10">October</option>';
echo '<option value="11">November</option>';
echo '<option value="12">December</option>';
echo '<option value="All">All</option>';
echo '</select>';
#-----------------------------------------------------
echo '</td><td>';
#-----------------------------------------------------
echo '<select name="Year">';
$year=2009;
for ( $i=0; $i<=6; $i++ ) { $new_year=$year+$i;
echo '<option value="'.$new_year.'">'.$new_year.'</option>';
}
echo '<option value="All">All</option>';
echo '</select>';
#-----------------------------------------------------
echo '</td><td>';
#-----------------------------------------------------
echo '<button type="submit"">GO</button>';
#-----------------------------------------------------
echo '</td></tr></table>';
?>
---------------------------------------------------------------------------------------------
Скрипт No2 count.php - общий обсчёт по ip и подсетям
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<?php
$hostname = "localhost";
$username = "xxxxxx";
$password = "xxxxxx";
$dbName = "ipcad";
$dbTable = "stat";
echo '<center><H1>'."LOG: ".$_GET['Day']."/".$_GET['Mon']."/".$_GET['Year'].'</H1>';
$Day = $_GET['Day'];
$Mon = $_GET['Mon'];
$Year = $_GET['Year'];
if ($_GET['Day'] == "All") {
$_GET['Day'] = "";
}
if ($_GET['Mon'] == "All") {
$_GET['Mon'] = "%";
}
if ($_GET['Year'] == "All") {
$_GET['Year'] = "";
}
#Array Lan
$Lan = array(
"1" => 1,
"2" => 5,
"3" => 9,
"4" => 10,
);
mysql_connect($hostname,$username,$password) or die ("NO CONNECT");
mysql_select_db($dbName) or die (mysql_error());
echo '<html><head><title>'."IPCAD logs, filtred $crATich4".'</title>';
echo '<style type="text/css">';
echo 'body { margin: 2mm; background-color: #CCFFFF; font-family: Tahoma; font-size: 12px }';
echo 'td { color: #000000; font-family: Tahoma; font-size: 12px; text-align: center }';
echo '</style></head><body>';
#Result ########################################################################################################
for ($i=1; $i<=4; $i++) {
echo '<table align="center" width="50%" border="1" bordercolor="#000000">';
echo '<tr><td colspan="3"><b>LAN: 192.168.'.$Lan[$i].'.0/24</td></tr>';
echo '<tr><td><b>IP-addr</td><td><b>Packets</td><td><b>Size</td></tr>';
$query="
SELECT source, sum(packets), sum(bytes)
FROM stat
WHERE source LIKE '%192.168.".$Lan[$i].".%'
AND destination NOT LIKE '%192.168.%'
AND destination NOT LIKE '255.255.%'
AND date LIKE '%".$_GET['Day']."/".$_GET['Mon']."/".$_GET['Year']."%'
GROUP BY source
ORDER BY source ASC";
$result = mysql_query($query) or die (mysql_error());
while ($mas = mysql_fetch_array($result)) {
echo '<tr><td><a href=detail.php?Ip='.$mas['source'].'&Day='.$Day.'&Mon='.$Mon.'&Year='.$Year.'>'.$mas['source'].'</a></td><td>'.$mas['sum(packets)'].'</td><td>'.round(($mas['sum(bytes)']/(1024*1024)),3).' (mb)</td></tr>';
//echo '<tr><td>'..$mas['source'].'</td><td>'.$mas['sum(packets)'].'</td><td>'.round(($mas['sum(bytes)']/(1024*1024)),3).' (mb)</td></tr>';
}
$qTotal="
SELECT sum(packets), sum(bytes)
FROM stat
WHERE source LIKE '%192.168.".$Lan[$i].".%'
AND destination NOT LIKE '%192.168.%'
AND date LIKE '%".$_GET['Day']."/".$_GET['Mon']."/".$_GET['Year']."%'";
$result = mysql_query($qTotal) or die (mysql_error());
while ($mas = mysql_fetch_array($result)) {
echo '<tr><td><b>'."qTOTAL:".'</td><td><b>'.$mas['sum(packets)'].'</td><td><b>'.round(($mas['sum(bytes)']/(1024*1024)),3).' (mb)</td></tr>';
}
echo '</table><br>';
}
echo '</body></html>';
mysql_close();
?>
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Скрипт No3 detail.php - детализированый отчёт по конкретному ip
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<?php
$hostname = "localhost";
$username = "xxxxxx";
$password = "xxxxxx";
$dbName = "ipcad";
$dbTable = "stat";
echo '<center><H1>'."LOG: ".$_GET['Day']."/".$_GET['Mon']."/".$_GET['Year'].'</H1>';
echo '<center><H1>'."IP: ".$_GET['Ip'].'</H1>';
if ($_GET['Day'] == "All") {
$_GET['Day'] = "";
}
if ($_GET['Mon'] == "All") {
$_GET['Mon'] = "%";
}
if ($_GET['Year'] == "All") {
$_GET['Year'] = "";
}
mysql_connect($hostname,$username,$password) or die ("NO CONNECT");
mysql_select_db($dbName) or die (mysql_error());
echo '<html><head><title>'."IPCAD logs, filtred $crATich4".'</title>';
echo '<style type="text/css">';
echo 'body { margin: 2mm; background-color: #CCFFFF; font-family: Tahoma; font-size: 12px }';
echo 'td { color: #000000; font-family: Tahoma; font-size: 12px; text-align: center }';
echo '</style></head><body>';
#Result ########################################################################################################
echo '<table align="center" width="50%" border="1" bordercolor="#000000">';
echo '<tr><td><b>Source</td><td><b>Destination</td><td><b>Port</td><td><b>Packets<td><b>Size</td></tr>';
$query="
SELECT *
FROM stat
WHERE source LIKE '".$_GET['Ip']."'
AND destination NOT LIKE '%192.168.%'
AND destination NOT LIKE '255.255.%'
AND date LIKE '%".$_GET['Day']."/".$_GET['Mon']."/".$_GET['Year']."%'
ORDER BY destination ASC";
$result = mysql_query($query) or die (mysql_error());
while ($mas = mysql_fetch_array($result)) {
echo '<tr><td>'.$mas['source'].'</td><td>'.$mas['destination'].'</td><td>'.$mas['port'].'</td><td>'.$mas['packets'].'</td><td>'.round($mas['bytes']/1024,3).'(kb)</td></tr>';
}
$qTotal="
SELECT sum(packets), sum(bytes)
FROM stat
WHERE source LIKE '".$_GET['Ip']."'
AND destination NOT LIKE '%192.168.%'
AND date LIKE '%".$_GET['Day']."/".$_GET['Mon']."/".$_GET['Year']."%'";
$result = mysql_query($qTotal) or die (mysql_error());
while ($mas = mysql_fetch_array($result)) {
echo '<tr><td><b>'."qTOTAL:".'</td><td><b>-</td><td><b>-</td><td><b>'.$mas['sum(packets)'].'</td><td><b>'.round(($mas['sum(bytes)']/1024),3).' (kb)</td></tr>';
}
echo '</table><br>';
echo '</body></html>';
mysql_close();
?>
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Вот собственно и всё. Смотрим статистику и наслаждаемся.
Не забываем чистить базу mysql. Слишком быстро растёт. ж;)