- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT rrd directories are created. - With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error message is caused by the inability to open the required files. - This patch adds an if/else loop into the fwhits graph code to deal with the two cases of the DROP_HOSTILE being present or not depending on the history and if a backup with logs has been restored from when DROP_HOSTILE was in use. - Tested on vm testbed and created a historical line for the hostile data when it was not split - There might be a simpler or better approach than this but it was the only option I could identify. I couldn't find anything about being able to use if loops within the RRD::Graph loop
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/cfgroot/graphs.pl | 237 ++++++++++++++++++++++++++------------- 1 file changed, 158 insertions(+), 79 deletions(-)
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index a23e49c98..96c6c26ea 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -13,7 +13,7 @@ # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # +# GNU General Public License for more details. #update.sh # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see http://www.gnu.org/licenses/. # @@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
sub updatefwhitsgraph { my $period = $_[0]; - RRDs::graph( - @GRAPH_ARGS, - "-", - "--start", - "-1".$period, - "-r", - "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, - "-v ".$Lang::tr{'bytes per second'}, - "--color=SHADEA".$color{"color19"}, - "--color=SHADEB".$color{"color19"}, - "--color=BACK".$color{"color21"}, - "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", - "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", - "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", - "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", - "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", - "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", - "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - - # This creates a new combined hostile segment. - # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values - # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown, - # we replace them with them sum of IN + OUT. - "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", - - "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), - "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", - "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), - "GPRINT:output:MAX:%8.1lf %sBps", - "GPRINT:output:AVERAGE:%8.1lf %sBps", - "GPRINT:output:MIN:%8.1lf %sBps", - "GPRINT:output:LAST:%8.1lf %sBps\j", - "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), - "GPRINT:forward:MAX:%8.1lf %sBps", - "GPRINT:forward:AVERAGE:%8.1lf %sBps", - "GPRINT:forward:MIN:%8.1lf %sBps", - "GPRINT:forward:LAST:%8.1lf %sBps\j", - "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), - "GPRINT:input:MAX:%8.1lf %sBps", - "GPRINT:input:AVERAGE:%8.1lf %sBps", - "GPRINT:input:MIN:%8.1lf %sBps", - "GPRINT:input:LAST:%8.1lf %sBps\j", - "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), - "GPRINT:newnotsyn:MAX:%8.1lf %sBps", - "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", - "GPRINT:newnotsyn:MIN:%8.1lf %sBps", - "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", - "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), - "GPRINT:portscan:MAX:%8.1lf %sBps", - "GPRINT:portscan:AVERAGE:%8.1lf %sBps", - "GPRINT:portscan:MIN:%8.1lf %sBps", - "GPRINT:portscan:LAST:%8.1lf %sBps\j", - "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), - "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", - "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", - "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", - "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", - "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), - "GPRINT:hostilein:MAX:%8.1lf %sBps", - "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", - "GPRINT:hostilein:MIN:%8.1lf %sBps", - "GPRINT:hostilein:LAST:%8.1lf %sBps\j", - "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), - "GPRINT:hostileout:MAX:%8.1lf %sBps", - "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", - "GPRINT:hostileout:MIN:%8.1lf %sBps", - "GPRINT:hostileout:LAST:%8.1lf %sBps\j", - "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), - "GPRINT:hostile:MAX:%8.1lf %sBps", - "GPRINT:hostile:AVERAGE:%8.1lf %sBps", - "GPRINT:hostile:MIN:%8.1lf %sBps", - "GPRINT:hostile:LAST:%8.1lf %sBps\j", - ); + if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) { + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values + # from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out), + # we replace them with the sum of IN + OUT. + "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\j", + ); + }else{ + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values + # from the sum of IN + OUT. + "CDEF:hostile=hostilein,hostileout,+", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\j", + ); + } $ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; }
Hello Adolf,
The fix technically looks fine. It would have been more elegant to put the strings into a big array and then add only the ones that we need to avoid copying the large block.
However, this is fine for me to be merged.
-Michael
On 14 Feb 2024, at 10:34, Adolf Belka adolf.belka@ipfire.org wrote:
- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT rrd directories are created.
- With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error message is caused by the inability to open the required files.
- This patch adds an if/else loop into the fwhits graph code to deal with the two cases of the DROP_HOSTILE being present or not depending on the history and if a backup with logs has been restored from when DROP_HOSTILE was in use.
- Tested on vm testbed and created a historical line for the hostile data when it was not split
- There might be a simpler or better approach than this but it was the only option I could identify. I couldn't find anything about being able to use if loops within the RRD::Graph loop
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/cfgroot/graphs.pl | 237 ++++++++++++++++++++++++++------------- 1 file changed, 158 insertions(+), 79 deletions(-)
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index a23e49c98..96c6c26ea 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -13,7 +13,7 @@ # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # +# GNU General Public License for more details. #update.sh # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see http://www.gnu.org/licenses/. # @@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
sub updatefwhitsgraph { my $period = $_[0];
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- # This creates a new combined hostile segment.
- # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
- # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown,
- # we replace them with them sum of IN + OUT.
- "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\j",
- );
- if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) {
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- # This creates a new combined hostile segment.
- # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
- # from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out),
- # we replace them with the sum of IN + OUT.
- "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\j",
- );
- }else{
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- # This creates a new combined hostile segment.
- # If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values
- # from the sum of IN + OUT.
- "CDEF:hostile=hostilein,hostileout,+",
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\j",
- );
- }
$ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; } -- 2.43.0
Hi Michael,
On 14/02/2024 13:59, Michael Tremer wrote:
Hello Adolf,
The fix technically looks fine. It would have been more elegant to put the strings into a big array and then add only the ones that we need to avoid copying the large block.
I also thought there must be a more elegant way but I had no idea how to create it.
However, this is fine for me to be merged.
I can always look at doing a later code tidy up. I will have a look at how to use the array approach when its a bit quieter.
Regards, Adolf.
-Michael
On 14 Feb 2024, at 10:34, Adolf Belka adolf.belka@ipfire.org wrote:
- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT rrd directories are created.
- With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error message is caused by the inability to open the required files.
- This patch adds an if/else loop into the fwhits graph code to deal with the two cases of the DROP_HOSTILE being present or not depending on the history and if a backup with logs has been restored from when DROP_HOSTILE was in use.
- Tested on vm testbed and created a historical line for the hostile data when it was not split
- There might be a simpler or better approach than this but it was the only option I could identify. I couldn't find anything about being able to use if loops within the RRD::Graph loop
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/cfgroot/graphs.pl | 237 ++++++++++++++++++++++++++------------- 1 file changed, 158 insertions(+), 79 deletions(-)
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index a23e49c98..96c6c26ea 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -13,7 +13,7 @@ # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # +# GNU General Public License for more details. #update.sh # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see http://www.gnu.org/licenses/. # @@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
sub updatefwhitsgraph { my $period = $_[0];
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- # This creates a new combined hostile segment.
- # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
- # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown,
- # we replace them with them sum of IN + OUT.
- "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\j",
- );
- if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) {
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- # This creates a new combined hostile segment.
- # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
- # from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out),
- # we replace them with the sum of IN + OUT.
- "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\j",
- );
- }else{
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- # This creates a new combined hostile segment.
- # If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values
- # from the sum of IN + OUT.
- "CDEF:hostile=hostilein,hostileout,+",
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\j",
- );
- }
$ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; } -- 2.43.0
-
Adolf Belka -
Michael Tremer