Skip to main content

Munin plugin for Shorewall accounting

I wrote this little script to monitor traffic on various machines at work. We use Shorewall to set up all the netfilter rules, traffic shaping, etc. It also makes it easy to set up rules to monitor traffic for different types of traffic.

We use Munin to track all sorts of things over time. The script below is a Munin plugin that will create a graph with one data series for each of the chains defined in your shorewall accounting file.

Put this script into /etc/munin/plugins and call it something like shorewall_accounting, and then add this in /etc/munin/plugin-conf.d/munin-node:

[shorewall_accounting]

user root

The name in between the square brackets should match the name of the file you saved the script in. The script needs to run as root in order to get access to iptables.

Edit Jan 20, 2006: Some minor bugfixes to the script have now been included. The shorewall accounting chains are now output in alphabetical order, and the regexp has been fixed to catch very large numbers.

#!/usr/bin/python

# shorewall_accounting

# A munin plugin for tracking traffic as recorded by shorewall accounting rules

# Written by Chris AtLee 

# Released under the GPL v2

import sys, commands, re

accountingLineExp = re.compile(r"^\s*\d+\s+(\d+)\s+(\w+).*$")



def getBytesByChain():
    status, output = commands.getstatusoutput("shorewall -x show accounting")
    if status != 0:
        raise OSError("Error running command (%s)[%i]: %s" % (trafficCmd, status, output))
    chains = {}
    for line in output.split("\n"):
        m = accountingLineExp.match(line)
        if m is not None:
            target = m.group(2)
            bytes = int(m.group(1))
            if target in chains:
                chains[target] += bytes
            else:
                chains[target] = bytes
    retval = []
    chainNames = chains.keys()
    chainNames.sort()
    for name in chainNames:
        retval.append((name, chains[name]))
    return retval


if len(sys.argv) > 1:
    if sys.argv[1] == "autoconf":
        print "yes"
        sys.exit(0)
    elif sys.argv[1] == "config":
        print "graph_title Shorewall accounting"
        print "graph_category network"
        print "graph_vlabel bits per ${graph_period}"
        for chain,bytes in getBytesByChain():
            print "%s.min 0" % chain
            print "%s.type DERIVE" % chain
            print "%s.label %s" % (chain, chain)
            print "%s.cdef %s,8,*" % (chain, chain)
        sys.exit(0)


for chain, bytes in getBytesByChain():
    print "%s.value %i" % (chain, bytes)

Printing in Linux?

This post on Christopher Blizzard's blog gives me some hope of improved printing on linux. While my new Epson CX4200 seems to work well for text, there are still some niggling issues like printing beyond the paper area, or clipping around margins, that make me worried about trying to print photos under linux.

It also makes me think I should change my blog's theme to distinguish it from the other million default wordpress installations out there :)

Google AdSense as an income stream?

Steve Pavlina's latest post shows the power of Google's AdSense. In the past 12 months his revenues from AdSense has gone from pretty much nil to almost $5,000 a month!

I've been listening to a few of his personal development podcasts, and it isn't hard to see why his site is so successful. He has a very good speaking and writing style - very clear, concise and down to earth. The articles available from his website are very helpful as well as inspirational.

A few things I've picked up from his website and podcasts:

  • Create a passive source of income - something that requires little or no work per transaction. This liberates you from the day-to-day tasks of running of a business so that you can focus on optimizing or enhancing the processes that make your business run.
  • Focus on your strengths to provide good value.
  • Use the Internet to distribute this value. Actually, I'm not sure if he's ever said this directly, but it certainly makes sense in my mind. The Internet allows you to distribute your product at a very low cost per customer, and allows you to scale your business extremely quickly.

I had no idea that Google AdSense, or advertising in general, could be such a good passive source of income. It requires quality content, but Mr. Pavlina certainly has no problems with that!

Getting Thunderbird to open links in Firefox (not Mozilla!)

I got sick of Thunderbird opening up links in Mozilla instead of Firefox. A friend mentioned that the preference responsible for opening up links was 'network.protocol-handler.app.http'. I searched around in the Thunderbird pref files for what it was currently using. On my machine it was set to launch 'x-www-browser'. This is actually a symlink into Debian's alternatives directory, so a simple

update-alternatives --set x-www-browser /usr/bin/firefox

did the trick.

The Station Agent

Melissa and I watched The Station Agent a few weeks ago on the recommendation of a coworker of hers. I had never heard of it before, but it really is a fantasic movie. I think it has some of most unique characters I've seen in a while, and it has tons of rolling-on-the-floor-hilarious lines as well as dealing with some tough emotional issues.

Rotten Tomatoes rates it at 95% right now. If you haven't seen it and you're looking for something a little different, I'd very much recommend it.