Already use MRTG's? Store data with RRD? Try these php pages to set threshold monitoring on usage statistics.
By : bigphish
devmon.php ->
<?php
/* * Program Name: Device List Creater * Date: March 6, 2003 * Modified: March 6, 2003 * Author: Jason Chambers * File Name: devmon.php * email: jason.chambers@phishie.net * * Description: This page will create the list of devices to monitor by * going through the directories where the rrd files are * stored. * */
/* Set path to base directory (where subdirectories contain the rrd files) */ $rrd_dir = "/var/www/html/mon/";
/* Look inside $rrd_dir for the subdirectories */ if (is_dir($rrd_dir)){ $fd = @opendir($rrd_dir); if($fd) { while (($part = @readdir($fd)) == true) { if ($part != "." && $part != "..") { if (is_dir($part)){ $my_dir[] = $part; } } } } }
sort($my_dir); /* Sort the array of subdirectories */ reset($my_dir); /* Reset the pointer to the beginning of the array */
/* * This file takes the posted data from devmon.php * and writes to monlist.txt * * Your webserver needs to have write access * to this directory * */
header("Refresh: 5; URL=../index.php"); print "<h4><i>The file \"monlist.txt\" has been created in this directory.</i></h4>";
?>
!---------------------------------- index.php ->
<?
/* * Program Name: RRD monitor script * Date: March 3, 2003 * Modified: March 5, 2003 * Author: Jason Chambers * File name: index.php * email:jason.chambers@phishie.net * */
header("Refresh: 600"); /* Tell the browser to refresh every 10 minutes */
$send_alert = ''; /* Send alerts when threshold is surpassed 'on'/'off' */ $notify_who = ''; /* Set the email address of the person to notify */ $mail_msg = 'Hello, '; /* Initialize $mail_msg */
/* poll list file */ $poll_list = '/home/rrdtool/poll/list';
/* path to rrdtool */ $path_rrdtool = '/usr/local/bin/';
/* path to base directory (directory that contains the subdirectories/working directories) for your rrd files */ $path_rrdbase_dir = '/var/www/html/mon/';
$time_now = time(); /* Epoch Timestamp for "now" */ $time_back = $time_now - 600; /* Timestamp for 10 minutes back from "now" */
$th_high = 4; /* if interface traffic increase by this amount */ $th_low = 3; /* if interface traffic decreases by this amount */ $num_trouble = 0; /* initialize num_trouble variable to 0 (no troubles) */
$handle = fopen($poll_list,"r"); while (!feof($handle)) { $from_file = fgets($handle,256); $from_file = chop($from_file); if (!$from_file == ""){
$node = preg_split('/_/',$from_file); /* $node[] is an array on the split line, '_' from the poll file */ $path_rrdfiles = $path_rrdbase_dir . "$node[0]"; /* path to rrd files */
/* rrdtool fetch for now and 15 minutes ago */ $run_now = $path_rrdtool . "rrdtool fetch $path_rrdfiles/$from_file AVERAGE -r 900 -s $time_now -e $time_now";
$my_data_now = shell_exec($run_now); /* Array with the results of the rrdtool fetch command */ $data0_array = preg_split('/\n/',$my_data_now); /* Split the array on new line char */ $now_data = preg_split('/ /',$data0_array[2]);; /* Split the new array on spaces */
/* Get old data */ $run_old = $path_rrdtool . "rrdtool fetch $path_rrdfiles/$from_file AVERAGE -r 900 -s $time_back -e $time_back";
$my_data_old = shell_exec($run_old); /* Array with the results of the rrdtool fetch command */ $data1_array = preg_split('/\n/',$my_data_old); /* Split the array on new line char */ $old_data = preg_split('/ /',$data1_array[2]); /* split the new array on spaces */
/* Setup up alert levels */ $alert_up_in = $old_traf_in * $th_high; /* if in traffic has doubled in the last 15 minutes */ $alert_down_in = $old_traf_in / $th_low; /* if in traffic has decreased by half */ $alert_up_out = $old_traf_out * $th_high; /* if out traffic has doubled in the last 15 minutes */ $alert_down_out = $old_traf_out / $th_low; /* if out traffic has decreased by half */
/* Check for an alert */
if ($now_traf_in>$alert_up_in||$now_traf_in<$alert_down_in||$now_traf_in==0) { $in_bg_color = "red"; $in_trouble = "yes"; $num_trouble = $num_trouble + 1; $mail_msg .= "alert detected on $node[0] port $node[1] going IN. Please check traffic on $node[0] for issues.\n"; } else { $in_bg_color = "green"; $in_trouble = "no"; }
if ($now_traf_out>$alert_up_out||$now_traf_out<$alert_down_out||$now_traf_out==0) { $out_bg_color = "red"; $out_trouble = "yes"; $num_trouble = $num_trouble + 1; $mail_msg .= "alert detected on $node[0] port $node[1] going OUT. Please check traffic on $node[0] for issues.\n"; } else { $out_bg_color = "green"; $out_trouble = "no"; }
/* Should we send the alert by email? */ if ($num_trouble > 0 && $send_alert == "on") { mail("$notify_who","Alert detected while comparing interface usage.","$mail_msg\n Thanks."); }
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
