2012年10月31日 星期三

NTOP dump data 以多種格式匯出統計資料,使用PHP計算超流量主機


 NTOP 3  “DUMP DATA”的功能可以將統計資料轉換, PHP、XML、TXT、Perl、Python格式,選擇你會用的格式,在 利用WGET排程下載檔案, 基本上也不用再做什麼加工動作,就可以拿來用每天計算,一天一個檔案,一個月目錄,當然匯入MySQL也OK。

#wget -O ntop-20121031-2350.php "http://127.0.0.1:3000/dumpData.html?language=php&view=short"


$ntopHash = array(
'192.168.1.1' => array(
        'hostSymIpAddress' => 'xxx.ntop.org',
        'pktSent' => '1031',
        'pktRcvd' => '922',
  ...
        'icmpRcvd' => '0',
),
...

由NTOP頁面手動下載:

檔案內容:


PHP 計算總流量超過4G的主機列表





<?php
date_default_timezone_set("Asia/Taipei");

$max=4096000000;
$ntopLogPath="/samba/Report/phpntop";
$filelist=read_dir($ntopLogPath);
rsort($filelist);

if (isset($_GET['list']))
{ $logfile=$_GET['list']; }
else
{ $logfile=$filelist[0]; }
if (file_exists( $ntopLogPath."/".$logfile))
{ include $ntopLogPath."/".$logfile; }
else
{ $ntopHash=''; }

echo "<script src='sorttable.js'></script>" ;
echo "<style type='text/css'>\n";
echo "<!-- \n";
echo "a { \n";
echo " text-decoration: none; \n";
echo "} \n";
echo "--> \n";
echo "</style> \n";

echo "<TABLE>\n ";
echo " <TR>\n";
echo " <TD VALIGN='TOP'>\n";
echo "<TABLE>\n ";
echo " <TR><TD>File List</TD></TR>";
for ($i=0; $i<count($filelist); $i++)
{
echo " <TR onMouseOver=\"this.bgColor = '#F9B7FF'\" onMouseOut =\"this.bgColor = '#FFFFFF'\">\n";
echo "<TD><A HREF='ntop.php?list=".$filelist[$i]."'>
<FONT COLOR='#0000FF'>".substr($filelist[$i],0,-4)."</FONT></A></TD></TR>\n";
}
echo "</TABLE>\n ";
echo " </TD>\n";


echo " <TD VALIGN='TOP'>\n";

$ip=@array_keys($ntopHash);
#http://ntop.example.com/report/Report-201202/ntop-daily/
#$downLoadPath="http://ntop.example.com/report/Report-".date("Ym",time())."/ntop-daily/";
$downLoadPath="http://ntop.example.com/report/Report-".substr($logfile,5,6)."/ntop-daily/";
echo "Date : ".substr($logfile,0,-4);
echo "<A HREF='$downLoadPath'><FONT COLOR='#0000FF'> DownLoad File</FONT></A><BR />\n";
#echo "Total IP:".count($ip);
echo "<HR />\n";
echo "Traffic >4G :";
echo "<TABLE border='1' style='border-collapse:collapse;' borderColor='black' class='sortable'>\n";
echo " <TR>\n";
echo " <TD>IP</TD>\n";
echo " <TD>Total</TD>\n";
echo " <TD>Send</TD>\n";
echo " <TD>Rcvd</TD>\n";
echo " <TD>tcpBytesSent</TD>\n";
echo " <TD>tcpBytesRcvd</TD>\n";
echo " <TD>udpBytesSent</TD>\n";
echo " <TD>udpBytesRcvd</TD>\n";
echo " </TR>\n";

for ($i=0; $i<(count($ip)); $i++)
{
$key=$ip[$i];
$total=$ntopHash[$key]['bytesSent']+$ntopHash[$key]['bytesRcvd'];
if ($total>$max)
{
echo " <TR onMouseOver=\"this.bgColor = '#3BB9FF'\" onMouseOut =\"this.bgColor = '#FFFFFF'\">\n";
echo " <TD>".$ntopHash[$key]['hostResolvedName']."</TD>\n ";
echo " <TD align='right'>".formatBytes($total)."</TD>\n";
echo " <TD align='right'>".formatBytes($ntopHash[$key]['bytesSent'])."</TD>\n";
echo " <TD align='right'>".formatBytes($ntopHash[$key]['bytesRcvd'])."</TD>\n";
echo " <TD align='right'>".formatBytes($ntopHash[$key]['tcpBytesSent'])."</TD>\n";
echo " <TD align='right'>".formatBytes($ntopHash[$key]['tcpBytesRcvd'])."</TD>\n";
echo " <TD align='right'>".formatBytes($ntopHash[$key]['udpBytesSent'])."</TD>\n";
echo " <TD align='right'>".formatBytes($ntopHash[$key]['udpBytesRcvd'])."</TD>\n";
echo " </TR>\n";
}
}
echo "</TABLE>\n";

echo " </TD>\n";
echo " </TR>\n";
echo "</TABLE>\n";
###########################################################
function formatBytes($size, $precision = 2)
{
if ($size==null)
return "0";
$base = log($size) / log(1024);
$suffixes = array('', 'k', 'M', 'G', 'T');

return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
}
function read_dir($dir, $array = array())
{
$dh = opendir($dir);
$files = array();
while (($file = readdir($dh)) !== false) {
$flag = false;
if($file !== '.' && $file !== '..' && !in_array($file, $array)) {
$files[] = $file;
}
}
return $files;
}
?>

Extreme XOS run pyton scripts

XOS run python scripts v15.7 or high 將交換器上的 IP & MAC 往syslog 丟, 簡單將IP資料保留下 ## 編緝Scripts # vi ip2syslog.py #!/usr/bin/python # ...