From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] graphs.pl: Fixes graph failure when the DROP_HOSTILE directory is missing
Date: Wed, 14 Feb 2024 11:34:36 +0100 [thread overview]
Message-ID: <20240214103436.2878-1-adolf.belka@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 15970 bytes --]
- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT
rrd directories are created.
- With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error
message is caused by the inability to open the required files.
- This patch adds an if/else loop into the fwhits graph code to deal with the two cases
of the DROP_HOSTILE being present or not depending on the history and if a backup with
logs has been restored from when DROP_HOSTILE was in use.
- Tested on vm testbed and created a historical line for the hostile data when it was not
split
- There might be a simpler or better approach than this but it was the only option I
could identify. I couldn't find anything about being able to use if loops within the
RRD::Graph loop
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/cfgroot/graphs.pl | 237 ++++++++++++++++++++++++++-------------
1 file changed, 158 insertions(+), 79 deletions(-)
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl
index a23e49c98..96c6c26ea 100644
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -13,7 +13,7 @@
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
+# GNU General Public License for more details. #update.sh
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
@@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
sub updatefwhitsgraph {
my $period = $_[0];
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
-
- # This creates a new combined hostile segment.
- # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
- # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown,
- # we replace them with them sum of IN + OUT.
- "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
-
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\\j",
- );
+ if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) {
+ RRDs::graph(
+ @GRAPH_ARGS,
+ "-",
+ "--start",
+ "-1".$period,
+ "-r",
+ "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+ "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+ "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
+ "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
+ "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
+ "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
+ "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+ "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+ "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+
+ # This creates a new combined hostile segment.
+ # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
+ # from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out),
+ # we replace them with the sum of IN + OUT.
+ "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
+
+ "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
+ "GPRINT:output:MAX:%8.1lf %sBps",
+ "GPRINT:output:AVERAGE:%8.1lf %sBps",
+ "GPRINT:output:MIN:%8.1lf %sBps",
+ "GPRINT:output:LAST:%8.1lf %sBps\\j",
+ "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
+ "GPRINT:forward:MAX:%8.1lf %sBps",
+ "GPRINT:forward:AVERAGE:%8.1lf %sBps",
+ "GPRINT:forward:MIN:%8.1lf %sBps",
+ "GPRINT:forward:LAST:%8.1lf %sBps\\j",
+ "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
+ "GPRINT:input:MAX:%8.1lf %sBps",
+ "GPRINT:input:AVERAGE:%8.1lf %sBps",
+ "GPRINT:input:MIN:%8.1lf %sBps",
+ "GPRINT:input:LAST:%8.1lf %sBps\\j",
+ "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
+ "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+ "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+ "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+ "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+ "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
+ "GPRINT:portscan:MAX:%8.1lf %sBps",
+ "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
+ "GPRINT:portscan:MIN:%8.1lf %sBps",
+ "GPRINT:portscan:LAST:%8.1lf %sBps\\j",
+ "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
+ "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
+ "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
+ "GPRINT:hostilein:MAX:%8.1lf %sBps",
+ "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostilein:MIN:%8.1lf %sBps",
+ "GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
+ "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
+ "GPRINT:hostileout:MAX:%8.1lf %sBps",
+ "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostileout:MIN:%8.1lf %sBps",
+ "GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
+ "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
+ "GPRINT:hostile:MAX:%8.1lf %sBps",
+ "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostile:MIN:%8.1lf %sBps",
+ "GPRINT:hostile:LAST:%8.1lf %sBps\\j",
+ );
+ }else{
+ RRDs::graph(
+ @GRAPH_ARGS,
+ "-",
+ "--start",
+ "-1".$period,
+ "-r",
+ "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+ "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+ "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
+ "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
+ "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
+ "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
+ "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+ "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+
+ # This creates a new combined hostile segment.
+ # If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values
+ # from the sum of IN + OUT.
+ "CDEF:hostile=hostilein,hostileout,+",
+
+ "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
+ "GPRINT:output:MAX:%8.1lf %sBps",
+ "GPRINT:output:AVERAGE:%8.1lf %sBps",
+ "GPRINT:output:MIN:%8.1lf %sBps",
+ "GPRINT:output:LAST:%8.1lf %sBps\\j",
+ "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
+ "GPRINT:forward:MAX:%8.1lf %sBps",
+ "GPRINT:forward:AVERAGE:%8.1lf %sBps",
+ "GPRINT:forward:MIN:%8.1lf %sBps",
+ "GPRINT:forward:LAST:%8.1lf %sBps\\j",
+ "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
+ "GPRINT:input:MAX:%8.1lf %sBps",
+ "GPRINT:input:AVERAGE:%8.1lf %sBps",
+ "GPRINT:input:MIN:%8.1lf %sBps",
+ "GPRINT:input:LAST:%8.1lf %sBps\\j",
+ "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
+ "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+ "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+ "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+ "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+ "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
+ "GPRINT:portscan:MAX:%8.1lf %sBps",
+ "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
+ "GPRINT:portscan:MIN:%8.1lf %sBps",
+ "GPRINT:portscan:LAST:%8.1lf %sBps\\j",
+ "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
+ "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
+ "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
+ "GPRINT:hostilein:MAX:%8.1lf %sBps",
+ "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostilein:MIN:%8.1lf %sBps",
+ "GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
+ "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
+ "GPRINT:hostileout:MAX:%8.1lf %sBps",
+ "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostileout:MIN:%8.1lf %sBps",
+ "GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
+ "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
+ "GPRINT:hostile:MAX:%8.1lf %sBps",
+ "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostile:MIN:%8.1lf %sBps",
+ "GPRINT:hostile:LAST:%8.1lf %sBps\\j",
+ );
+ }
$ERROR = RRDs::error;
return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR;
}
--
2.43.0
next reply other threads:[~2024-02-14 10:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-14 10:34 Adolf Belka [this message]
2024-02-14 12:59 ` Michael Tremer
2024-02-14 13:24 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240214103436.2878-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox