Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**************************
- nfdump output parser script
- Use: nfcapd -l ... -D -x '/path_to_php/php /path_to_script/all_traf_stats.php %d/%f'
- Script collects data into array $stats
- (
- [dst_cnt] => Array
- (
- [ip] => hits
- )
- [src_cnt] => Array
- (
- [ip] => hits
- )
- [dst_traf] => Array
- (
- [ip] => octets (bytes)
- )
- [src_traf] => Array
- (
- [ip] => octets (bytes)
- )
- [proto] => Array
- (
- [proto:port] => bytes
- )
- )
- (c) Ross Vladislav, 2011
- vladislav.ross@gmail.com
- ***************************/
- /* Settings */
- define('STATFILE', 'stats.dat'); //Stats file name
- define('LOGFILE', 'all_traf_stats.log'); //Logfile name
- //Local networks, "address/mask" format
- $localnets = array(
- '192.168.0.0/255.255.255.0',
- '192.168.4.0/255.255.254.0',
- );
- //Do not gather statistics for these ports:
- $skipPorts = array(80, 21);
- error_reporting(E_ALL ^ E_NOTICE);
- chdir(dirname(__FILE__));
- if(!isset($argv[1]) || !file_exists($argv[1])) exit(1);
- else $file = $argv[1];
- if(@$_SERVER['REMOTE_ADDR']) exit;
- $try = 0;
- while($try < 5 && !file_exists($file))
- {
- $try++;
- sleep(2);
- }
- if($try == 5)
- {
- file_put_contents(LOGFILE, date('d.m.Y H:i:s'). " " . $file . " not exists!\r\n", FILE_APPEND);
- exit(1);
- }
- file_put_contents(LOGFILE, date('d.m.Y H:i:s'). " " . $file . " started...\r\n", FILE_APPEND);
- $prefixes = array(
- '1048576' => 'M',
- '1073741824' => 'G',
- '1099511627776' => 'T'
- );
- function is_local($ip)
- {
- global $localnets;
- list(, $ip) = unpack('l',pack('l', ip2long($ip)));
- foreach($localnets as $localnet)
- {
- if($ip >= $localnet['start'] && $ip <= $localnet['end']) return true;
- }
- return false;
- }
- foreach($localnets as $k => $net)
- {
- list($addr, $mask) = explode('/', $net);
- list(, $addr) = unpack('l',pack('l', ip2long($addr)));
- list(, $mask) = unpack('l',pack('l', ip2long($mask)));
- $start = ($addr & $mask) + 1;
- $end = $start + (~ $mask) - 1;
- $localnets[$k] = array('start' => $start, 'end' => $end);
- }
- $traf_size = array();
- $traf_connections = array();
- touch(STATFILE);
- $stats = unserialize(file_get_contents(STATFILE));
- file_put_contents(LOGFILE, date('d.m.Y H:i:s'). " Executing nfdump\r\n", FILE_APPEND);
- $fp = popen("nfdump -r $file -q", 'r');
- while(($row = fgets($fp)) !== false)
- {
- $row = preg_split("/[\s]+/", $row);
- $rc = count($row);
- if($rc != 11 && $rc != 12)
- {
- file_put_contents(LOGFILE, date('d.m.Y H:i:s'). " Wrong nfdump output format!\r\n", FILE_APPEND);
- print_r($row);
- pclose($fp);
- die("Wrong nfdump output format!\r\n");
- }
- list($src_ip, $src_port) = explode(':', $row[3]);
- list($dst_ip, $dst_port) = explode(':', $row[6]);
- if(is_local($src_ip) != is_local($dst_ip))
- {
- if(is_local($src_ip))
- {
- $local_ip = $src_ip;
- $ext_ip = $dst_ip;
- $port = $dst_port;
- }
- else
- {
- $local_ip = $dst_ip;
- $ext_ip = $src_ip;
- $port = $src_port;
- }
- $prefix_value = in_array($row[10], $prefixes);
- if($prefix_value !== FALSE) $bytes = $prefix_value * $row[9];
- else $bytes = $row[9];
- if(in_array($port, $skipPorts) === FALSE)
- {
- $traf_size[$local_ip] += $bytes;
- $traf_connections[$local_ip]++;
- }
- $proto = strtolower($row[2]);
- $stats['dst_cnt'][$dst_ip]++;
- $stats['src_cnt'][$src_ip]++;
- if($bytes > 0)
- {
- $stats['dst_traf'][$dst_ip] += $bytes;
- $stats['src_traf'][$src_ip] += $bytes;
- if($proto == 'udp' || $proto == 'tcp') $stats['proto'][$proto . ":" . $dst_port] += $bytes;
- else $stats['proto'][$proto] += $bytes;
- }
- }
- }
- pclose($fp);
- /***** uncomment this block if you want to use nfdump with squid+sams *********
- if(!mysql_connect("localhost", "sams", "password")) exit(1);
- if(!mysql_select_db("squidctrl")) exit(1);
- foreach($traf_size as $ip => $traf)
- {
- if($traf > 0)
- {
- mysql_query("UPDATE `squidctrl`.`squidusers` SET size=size+$traf, hit=hit+{$traf_connections[$ip]} WHERE `ip`='$ip' LIMIT 1");
- $mar += mysql_affected_rows();
- $sum += $traf;
- }
- }
- *******************************************************************************/
- file_put_contents(STATFILE, serialize($stats));
- file_put_contents(LOGFILE, date('d.m.Y H:i:s'). " " . $file . "finished! \r\n", FILE_APPEND);
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement