Sean O'Donnell
Software Engineering

Programming

Scripts and Applications (CVS Repository)

RSS Feeds

Contact

Sean O'Donnell
South Pasadena, CA
sean@seanodonnell.com

myiptstate - iptables Firewall monitoring using Perl, MySQL and iptstate

Category: Perl
Author: Sean O'Donnell
Tue, Nov. 1st, 2011 @ 23:43:47 (MDT)

If you use iptables as a firewall (on Linux), then you may or may not be familiar with the iptstate application. While iptstate allows you to monitor real-time connection states across all network protocols and ports, it doesn't provide a way to store the information to a database.

The myiptstate application is a simple perl script/wrapper for the iptstate application, that allows you to log connection state information to a MySQL database.

It will (also) eventually include a Web Interface (developed in either Perl or PHP) to provide Network and Systems Administrators with a light-weight analytics tool for monitoring connection trends on their Linux-based Firewall/Routers.

Source Code

myiptstate.pl is a simple perl script that can be run as a daemon to repeatedly execute, parse, and archive data output from the ‘iptstate -1′ command, on a specified interval (default: every 10 seconds).
All parsed data will then be archived to a mysql database table (iptstate).

myiptstate.sql is a simple SQL script that is used to create the mysql (InnoDB) database table (iptstate), which will be used to store the data collected by myiptstate.pl.

myiptstate.php (Coming Soon!) is a simple web interface to the mysql database table (iptstate) which store the data collected by myiptstate.pl. This script can be placed into a (secure) web server directory, and used to view real-time data, as well as generate reports and gannt charts (using jpgraph).

This project is considered Open Source Software, and is licensed under the GPL License. You can access the myiptstate public cvs repository and download the latest revisions as needed. Once released, there will be a user-friendly installer. For now, this is all manually configurable. More info to come…

Installation (general)

  1. Download the latest Source Code from my public CVS Repository.
    wget http://www.seanodonnell.com/cvs.py/cvs/apps/myiptstate/myiptstate.pl
    wget http://www.seanodonnell.com/cvs.py/cvs/apps/myiptstate/myiptstate.sql

  2. Ensure that you have the Perl DBI Module installed:
    perl -MCPAN -e 'install DBI'

  3. Ensure that you have iptstate installed:
    Fedora/Redhat:
    sudo yum install iptstate

    Debian/Ubuntu:
    sudo apt-get install iptstate

  4. Create the myiptstate Database Schema:
    mysql -u root -p < myiptstate.sql

  5. Create the myiptstate Database User Account:

  6. Edit the $dbconfig variable in myiptstate.pl (line: 26)

    Note: It is highly recommended to use your own unique username and password.

  7. Move the myiptstate.pl to your local root bin tree:
    sudo cp myiptstate.pl /usr/sbin/myiptstate

  8. Execute the program:
    sudo myiptstate 2>&1 /var/log/myiptstate.log &

    The command above will execute the program to run in the background, while pushing all stdout and errors to the /var/log/myiptstate.log file.

Note: I’ll soon have scripts and documentation to support running myiptstate on Redhat/Fedora via ‘service’ (System V init script), as well as Debian/Ubuntu init.d scripts so that this is easier to configure as a daemon. For now, the rest is up to you.

Digg!

Copyleft (<) 1998-2012 www.seanodonnell.com