GenerationIP

Just for you

  • Increase font size
  • Default font size
  • Decrease font size

IPFM

E-mail Print PDF
User Rating: / 3
PoorBest 

Web Site : http://robert.cheramy.net/ipfm/

Type : Bandwidth METER
Operating System : LINUX,FREEBSD,UNIX

IPFM is used for analyze the bandwidth by IP address and with some script you can create MRTG or RRDTOOL graphics

 

How to install IPFM

Dependancy LIBCAP or LIBPCAP buffer RING(Must be install before the installation of IPFM)

You must download the archive of the installation
File : http://robert.cheramy.net/ipfm/download.htm
The last stable version is : IPFMv0.11.5.
cd /home/user

When you have download the file :
wget http://robert.cheramy.net/ipfm/archive/ipfm-0.11.5.tgz

You must extract all files in a directory.

tar -zxvf ifpm-version.tgzw
cd ipfm-version

For a good installation of IPFM follow this instructions

./configure --exec-prefix=/usr --prefix= --sysconfdir=/etc/ipfm --mandir=/usr/local/man
make install

Explication of installation options:

Configuration:
--cache-file=FILE cache test results in FILE
--help print this message
--no-create do not create output files
--quiet, --silent do not print `checking...' messages
--version print the version of autoconf that created configure Directory and file names:
--prefix=PREFIX install architecture-independent files in PREFIX [/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix]
--bindir=DIR user executables in DIR [EPREFIX/bin]
--sbindir=DIR system admin executables in DIR [EPREFIX/sbin]
--libexecdir=DIR program executables in DIR [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data in DIR [PREFIX/share]
--sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com]
--localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var]
--libdir=DIR object code libraries in DIR [EPREFIX/lib]
--includedir=DIR C header files in DIR [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc in DIR [/usr/include]
--infodir=DIR info documentation in DIR [PREFIX/info]
--mandir=DIR man documentation in DIR [PREFIX/man]
--srcdir=DIR find the sources in DIR [configure dir or ..]
--program-prefix=PREFIX prepend PREFIX to installed program names
--program-suffix=SUFFIX append SUFFIX to installed program names
--program-transform-name=PROGRAM run sed PROGRAM on installed program names
Host type:
--build=BUILD configure for building on BUILD [BUILD=HOST]
--host=HOST configure for HOST [guessed]
--target=TARGET configure for TARGET [TARGET=HOST]
Features and packages:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--x-includes=DIR X include files are in DIR
--x-libraries=DIR X library files are in DIR

How to configure IPFM

Configuration OPTIONS:

GLOBAL VARIABLES For the definition of FILE only for one interface

NETWORK DEVICE

Syntax : DEVICE < device-name >
You have a instance of ipfm for one device.

Time Coordinates

Syntax : [UTC|local]

NEW LOG

Syntax : NEWLOG
This creates a new log entry and you can define new local variables.

LOCAL VARIABLES

HOSTS TO LOG

ipfm logs only specified hosts or networks.


Syntax: LOG [[NONE|FROM|TO|BOTH] < host >] [[NOT] WITH < host >]

NONE do not log anything from or to this < host >
FROM do log packets from this < host >
TO do log packets to this < host >
BOTH (default) do log packets from and to this < host >

< host > :

x.x.x.x : an IP.
x.x.x.x/x.x.x.x : a NETWORK.

WITH specifies if the packet is ignored (NOT WITH) or logged (WITH).

Examples :

LOG 192.168.10.0/255.255.255.0 NOT WITH 192.168.10.1
log any packets from or to hosts in subnet 192.168.10.0/255.255.255.0, except packets involving host 192.168.10.1 .

LOG WITH 192.168.10.23
log any packets in relation with host 192.168.10.23

LOG
log everything.

OUTPUT TIME DELAY

Syntax: DUMP EVERY < time > [AFTER < time >]

< time > is composed of :

< number > second(s)
< number > minute(s)
< number > hour(s)
< number > day(s)

Default DUMP time is 24 hours
Default AFTER time is 0 seconds

Examples:

DUMP EVERY 30 minutes
dump the stats every 30 minutes at x:00 and x:30.

DUMP EVERY 1 hour AFTER 7 minutes
dump the stats every hour, at 0:07, 1:07, 2:07.

DUMP EVERY 1 day AFTER 14 hours
dump data every day, at 14:00:00 UTC (for France localtime (during the summer), at 16:00:00 +0200)


CLEARING STATS

You may want to clear your statistics sometimes, or after each dump.

Syntax : CLEAR [ ALWAYS | NEVER | EVERY [AFTER ] ]


< time > is composed of :

< number > second(s)
< number > minute(s)
< number > hour(s)
< number > day(s)

Default CLEAR mode is ALWAYS. Default AFTER time is 0 seconds. Note that both time values MUST be a multiple of the DUMP delay. Also, this line MUST come after the DUMP line.


Examples

CLEAR ALWAYS
clear the stats after every DUMP.

CLEAR NEVER
never clear the stats, which means you are doing incremental statistics.

CLEAR EVERY 30 minutes
clear the stats every 30 minutes at x:00 and x:30. Note that if your DUMP line had an AFTER value such as 3 minutes, this rule will clear the stats at x:03 and x:33.

CLEAR EVERY 1 hour AFTER 10 minutes
clear the stats every hour, at 0:10, 1:10, 2:10, and so on. Note that if your DUMP line had an AFTER value such as 3 minutes, this rule will clear the stats at 0:13, 1:13, 2:13 and so on.

LOG FILENAME

Every delay, ipfm writes its output into a file, which name is specified by the rule FILENAME
Syntax: FILENAME < filemask >

< filemask >
complet filename


Default FILENAME is /usr/local/var/log/ipfm/%d-%b.%H-%M

NOTE : The file will be overwritten without any check.

REVERSE DNS

You can activate or deactivate reverse DNS in the output file.

WARNING : activating reverse DNS can delay a lot the production of the log file, due to DNS timeouts.

Syntax : [RESOLVE|NORESOLVE]

Default is NORESOLVE


SORT OUTPUT FILE

ipfm can sort output file depending on IN, OUT or TOTAL.

Syntax : SORT IN|OUT|TOTAL

Default is to sort nothing. Please note that this option could delay a bit the production of the log file.


SET PROMISCUOUS MODE

Syntax [NO]PROMISC
Default is PROMISC


APPEND OR REPLACE LOG FILES

You can choose to append the output to an existing logfile or to replace the old file by a new one.

Syntax : APPEND|REPLACE
Default is REPLACE


Example :


#-----------------------------------------------------
#IPFM configuration FILE FOR ETH0
#-----------------------------------------------------

DEVICE eth1

#---------------- Range ------------------
NEWLOG
log BOTH 192.168.2.15/255.255.255.255
log BOTH 192.168.3.0/255.255.255.0

DUMP EVERY 5 minutes
FILENAME "/usr/local/IPFM/IPFM-R/log/eth1/ipfm-5m-range.log"
SORT TOTAL

#---------------- Range 2------------------
NEWLOG
log BOTH 192.168.4.15/255.255.255.255
log BOTH 192.168.5.0/255.255.255.0

DUMP EVERY 5 minutes
FILENAME "/usr/local/IPFM/IPFM-R/log/eth1/ipfm-5m-range2.log"
SORT TOTAL


Result in /usr/local/IPFM/IPFM-R/log/eth1/ipfm-5m-range.log :

# IPFMv0.11.5 2005/03/14 13:40:00 (local time) -- dump every 0d00:05:00 -- listening on eth1
# Host In (bytes) Out (bytes) Total (bytes)
192.168.2.15 30572777 97130029 127702806
192.168.3.200 943428 9286621 18720906
192.168.3.2 36237 872226 1234602
192.168.3.127 421592 121475 543067
192.168.3.253 13398 14479 27877
192.168.3.75 240 0 240
192.168.3.54 240 0 240
192.168.3.55 144 0 144
# end of dump 2005/03/14 13:40:00


How to use IPFM

ipfm [-c config-file ][--config config-file ] [-h][--help] [-n][--nodaemon] [-p pid-file ][--pid pid-file ]

-c config-file, --config config-file "config-file specifies an alternate configuration file to use. By default, /usr/local/etc/ipfm.conf is used."

-n, --nodaemon "does not run as a daemon"

-h, --help "displays an help message on standard output and exit"

-p pid-file,--pid pid-file

SIGNAL IMPACT

SigHUP : This causes ipfm to dump (and clear) its data tables in the log file (see ipfm.conf(8) ), close pcap descriptor, reload configu ration file and restart.

SigTERM : This causes ipfm to dump (and clear) its data tables in the log file (see ipfm.conf(8) ) and exit.

SigKILL : This causes ipfm to exit.

SigINT (ctrl-c) : This causes ipfm to exit after having dumped and cleared its buffers.

SigUSR1 :This causes ipfm to dump its data tables in the log file without exiting or clearing them.

 

EXAMPLE :

/usr/sbin/ipfm -c /usr/local/ipfm/ipfm.conf -p /usr/local/ipfm/pid/ipfm.pid


Script PHP


#!/usr/bin/php
<?php

echo "file analyse $argv[1]";

if(!
$fichier=fopen($argv[1],"r"))
echo
"<p>open failed</p> $argv[1] $fichier \n";
else
{

echo
$date=date("Y-m-d G:i:s")."\n";

$hostin=$hostout=0;

while(!
feof($fichier))
{
$count++;
if(
count!=1)
{
$texte=fgets($fichier);
if(
$texte[0]!="#"&& $texte!="")
{
list (
$ip, $in, $out,$valeur) = split (" +", $texte);
$hostin+=$in;
$hostout+=$out;
}
}
}
fclose($fichier);

echo
$hostin."\n";
echo
$hostout."\n";

//conversion in bit format
$inb=$hostin*8;
$outb=$hostout*8;

echo
$inb."\n";
echo
$outb."\n";

echo (
$inb/300)."in bits / s \n";
echo (
$outb/300)."in bits / s \n";

}

?>
Last Updated on Saturday, 30 January 2010 22:29