Using Argus to generate daily stats in OpenWrt
Graeme Russ
graeme.russ at gmail.com
Fri Apr 12 21:13:19 EDT 2013
Hi Carter,
Thanks for the encouragement - I managed to get Argus compiled for OpenWrt
Attitude Adjustment after a few false starts (the old
rpl_malloc/rpl_realloc autoconf issue and the toolchain missing rpc/types.h)
So now I can monitor lan0.2 which connects to the ADSL modem with:
root at OpenWrt:/tmp# ./argus -i lan0.1 -B 10.1.1.1 -P 561
and collect the data remotely (on a server connected to lan0.1) with:
[graeme at fs1 argus-3.0.6]$ ra -S 10.1.1.1:561 - ip
One issue that I have is that all the local traffic is addressed to/from
the gateway address:
10:13:44.337312 * tcp 10.2.1.2.51206 ->
10.220.60.110.newacc 1 66 REQ
10:13:45.545508 * tcp 130.239.18.172.ircu-3 <?>
10.2.1.2.58990 6 538 CON
10:13:45.651617 * tcp 10.3.1.224.49474 <?>
10.1.1.21.ssh 10 1396 CON
10:13:45.943295 * tcp 10.1.1.21.54524 ->
10.1.1.1.monito 14 1476 CON
10:13:48.832722 * udp 10.2.1.2.37307 <->
10.2.1.1.domain 4 726 CON
10:13:50.333756 * s tcp 10.2.1.2.51206 ->
10.220.60.110.newacc 1 66 REQ
10:13:50.576155 * tcp 10.2.1.2.51208 ->
125.56.205.35.http 26 21019 CON
10:13:50.577190 * udp 10.2.1.2.62523 <->
10.2.1.1.domain 5 844 CON
10:13:50.577597 * udp 10.2.1.2.61546 <->
10.2.1.1.domain 2 379 CON
10:13:50.578009 * udp 10.2.1.2.53972 <->
10.2.1.1.domain 5 789 CON
10:13:50.578436 * udp 10.2.1.2.nacnl <->
10.2.1.1.domain 2 555 CON
10:13:50.578860 * udp 10.2.1.2.33314 <->
10.2.1.1.domain 2 291 CON
10:13:50.579301 * udp 10.2.1.2.63472 <->
10.2.1.1.domain 5 835 CON
10:13:50.618052 * tcp 10.2.1.2.51209 ->
199.27.75.193.http 3 190 CON
10:13:50.618224 * tcp 10.2.1.2.51210 ->
199.27.75.193.http 3 190 CON
10:13:50.618487 * tcp 10.2.1.2.51211 ->
199.27.75.193.http 3 190 CON
10:13:50.619067 * udp 10.2.1.2.14520 <->
10.2.1.1.domain 2 605 CON
I can, of course, monitor the local side of the router (in this case the
wireless interface) with:
root at OpenWrt:/tmp# ./argus -i lan0.1 -B 10.1.1.1 -P 561
11:07:38.070886 e tcp 10.3.1.224.52688 ->
125.56.205.25.http 3 162 FIN
11:07:38.070979 e tcp 10.3.1.224.52689 ->
125.56.205.25.http 3 162 FIN
11:07:38.071069 e tcp 10.3.1.224.52693 ->
125.56.205.25.http 3 162 FIN
11:07:38.071199 e tcp 10.3.1.224.52690 ->
125.56.205.25.http 3 162 FIN
11:07:38.071362 e tcp 10.3.1.224.52738 ->
125.56.205.233.http 3 162 FIN
11:07:38.071434 e tcp 10.3.1.224.52739 ->
125.56.205.233.http 3 162 FIN
11:07:38.071490 e tcp 10.3.1.224.52740 ->
125.56.205.233.http 3 162 FIN
11:07:38.071546 e tcp 10.3.1.224.52737 ->
125.56.205.233.http 3 162 FIN
11:07:38.071602 e tcp 10.3.1.224.52742 ->
125.56.205.233.http 3 162 FIN
11:07:38.071657 e tcp 10.3.1.224.52741 ->
125.56.205.233.http 3 162 FIN
11:07:38.071740 e tcp 10.3.1.224.52734 ->
118.214.198.126.http 3 162 FIN
11:07:38.071831 e tcp 10.3.1.224.52736 ->
118.214.198.126.http 3 162 FIN
11:07:38.071931 e tcp 10.3.1.224.52779 ->
125.56.204.128.http 3 162 FIN
11:07:38.072024 e tcp 10.3.1.224.52780 ->
125.56.204.128.http 3 162 FIN
11:07:38.072114 e tcp 10.3.1.224.52781 ->
125.56.204.128.http 3 162 FIN
11:07:38.072207 e tcp 10.3.1.224.52762 ->
125.56.204.128.http 3 162 FIN
11:07:38.072298 e tcp 10.3.1.224.52701 ->
125.56.205.48.http 3 162 FIN
11:07:38.072391 e tcp 10.3.1.224.52669 ->
125.56.204.88.http 3 162 FIN
But what I want is the total aggregated stats on the ADSL connection. So
now I need to figure out a way to match each entry with the device on the
local LAN - any ideas?
Regards,
Graeme
On Fri, Apr 12, 2013 at 11:26 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey Grame,
> Argus compiled and ran great on OpenWRT years ago, but I haven't done
> anything OpenWRT related in a while, so not sure if it will be easy still.
> Should be able to monitor wan0, no problem, if memory serves, but it is
> hardware specific, ...., which interfaces OpenWRT can monitor.
>
> Collecting agrus data from an argus on OpenWRT is easy and generating the
> type of metrics you're interested is straight forward.
> If you want to store these values in rrd's, we have perl scripts ( ragraph
> ) that can be used to maintain rrd's for your values. No problem.
>
> So I say go for it. We'll help you get there !!!
> Carter
>
>
> On Apr 11, 2013, at 7:09 PM, Graeme Russ <graeme.russ at gmail.com> wrote:
>
> > Hi All,
> >
> > I've installed OpenWrt on my WiFi router and now I'm looking for a way
> to generate network statistics for the ADSL connection. The ADSL connection
> is through a separate router, so generating the statistics should be a
> simple matter of processing the packets passing through the WAN0 interface.
> Daily statistics I would like to generate include:
> >
> > - Total inbound and outbound data
> > - Inbound and outbound data per local IP address/port/protocol (TCP/UDP)
> > - Inbound and outbound data per remote IP address/port/protocol
> (TCP/UDP)
> > - Inbound and outbound data per unique local IP/Remote IP/port/protocol
> (TCP/UDP)
> > - Average inbound and outbound throughput per 5 minute interval (total
> bytes/second)
> >
> > Two questions
> > - Is Argus the right solution?
> > - How hard will it be to get Argus running in OpenWrt Attitude
> Adjustment?
> >
> > Thanks,
> >
> > Graeme
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130413/b0cfdf82/attachment.html>
More information about the argus
mailing list