IPFW

I've just uploaded a tarball containing the IPFWstats files to the sourceforge server and created a minimal homepage for it over there.

The project homepage is:

https://sourceforge.net/projects/ipfwstats/

and the project website is:

http://ipfwstats.sourceforge.net/

- not too glamourous as yet, will add some HTML to it soon.

Note:
More info about this project can be found here:
http://jez.hancock-family.com/archives/13_IPFWstats_SourceForge_Project.html

Overview

IPFWstats is a suite of shell, perl and PHP scripts to count traffic on a per-user basis to/from a server. The statistics are imported into a MySQL database on a daily basis and can then be viewed using a PHP script in a web browser. A demo of the IPFWstats frontend can be viewed here - note the frontend was never really 'polished', it just did what I needed it to do at the time!

IPFWstats consists of the following:

• a Bourne shell script to initialize the per-user IPFW counters
  
• a Perl script, ipfw2mysql.pl, to import the IPFWstats into a MySQL database on a daily basis via a cronjob
  
• a set of PHP scripts to display the statistics gathered by IPFWstats in a web browser

Note:
IPFWstats can only count traffic that is transferred directly by processes with the UIDs that it is tracking. This means IPFWstats cannot by default count network on a per-user basis for requests made to daemons such as httpd, ftpd and smtpd which usually run as a single user - ie www, ftp or smtp users.

Installation and Configuration of IPFWstats

• Load the IPFWstats rulesets on system boot using the IPFWstats rc shell script
  I do this by naming it /usr/local/etc/rc.d/.000.ipfw.sh - this way it loads before anything else in that directory
  
  Be sure to edit the script to use your IP address and to exclude any users you DON'T want to do accounting for - see the 'sed' line in the script
  
  
• Create a MySQL db with the following tables:
  #
  # Table structure for table 'all_traffic'
  #
  
  CREATE TABLE all_traffic (
  packets_in int(10) unsigned default NULL,
  packets_out int(10) unsigned default NULL,
  packets_total int(10) unsigned default NULL,
  bytes_in int(10) unsigned default '0',
  bytes_out int(10) unsigned default '0',
  bytes_total int(10) unsigned default NULL,
  date date default '0000-00-00'
  ) TYPE=MyISAM;
  
  
  
  #
  # Table structure for table 'user_traffic'
  #
  
  CREATE TABLE user_traffic (
  user varchar(15) default '0',
  packets_in int(10) unsigned default NULL,
  packets_out int(10) unsigned default NULL,
  packets_total int(10) unsigned default NULL,
  bytes_in int(10) unsigned default '0',
  bytes_out int(10) unsigned default '0',
  bytes_total int(10) unsigned default NULL,
  date date default '0000-00-00'
  ) TYPE=MyISAM;
  
  
  
• copy the ipfw2mysql.pl perl script into a suitable location such as /usr/local/sbin/ipfw2mysql.pl
  
  
• modify the ipfw2mysql.pl %db hash to use your mysql db/username/password:
  my %db=( 'host'=>'localhost', 'user'=>'CHANGE_ME', 'pass'=>'CHANGE_ME', 'name'=>'CHANGE_ME' );
  Note:
  To view more advanced options for debugging and testing, execute ipfw2mysql.pl with the '-h' switch.
  
  
• Create a cronjob to run the ipfw2mysql.pl perl script daily - the following should be sufficient in /etc/crontab:
  55 23 * * * root /home/munk/bin/perl/ipfw_stats/ipfw2mysql.pl -q
  
  
• reboot system or just run /usr/local/etc/rc.d/.000.ipfw.sh start

If all went well you should be able to run 'ipfw show' and view a list of all the counter rules created by the IPFWstats rc shell script:

[12:34:49] root@users /web/ipfwstats.munk.me.uk# ipfw show 00001 317 26671 count ip from any to 1.2.3.4 uid munk 00001 0 0 count ip from any to 1.2.3.4 uid otheruser ...

Your system is now setup to count traffic on a per-user basis using IPFWstats.

To view the statistics in a web browser, use the IPFWstats PHP frontend - if you require the PHP scripts let me know and I'll tarball them up.