Archive for the 'perl' Category

How to monitor traffic at Cisco router using Linux (Netflow)

Date: November 25, 2010. Categories: applications, cisco, debian, distros, fedora, howtos, linux, perl and ubuntu. Comments

By default Cisco IOS doesn’t provide any traffic monitoring tools like iftop or iptraff available in Linux. While there are lots of proprietary solutions for this purpose including Cisco Netflow Collection, you are free to choose nfdump and nfsen open source software to monitor traffic of one or many Cisco routers and get detailed monitoring data through your Linux command line or as graphs at absolutely no cost.

Below is beginner’s guide that helps to quickly deploy netflow collector and visualizer under Linux and impress everybody by cute and descriptive graphs like these:

nfsen screen

It is highly recommended to look through Netflow basics to get brief understanding of how it works before configuring anything. For example, here is Cisco’s document that gives complete information about Netflow. In a few words to get started you should enable netflow exporting on Cisco router and point it to netflow collector running under Linux. Exported data will contain complete information about all packets the router has received/sent so nfdump and nfsen working under Linux will collect it and visualize to present you the graph like above example.

Cisco Router Setup

1. Enable flow export on ALL Cisco router’s interfaces that send and receive some traffic, here is an example:

Router1# configure terminal
Router1(config)#interface FastEthernet 0/0
Router1(config-if)#ip route-cache flow input
Router1(config-if)#interface FastEthernet 0/1
Router1(config-if)#ip route-cache flow input
...

2. Setup netflow export:

Router1# configure terminal
Router1(config)#ip flow-export source FastEthernet0/0
Router1(config)#ip flow-export source FastEthernet0/1
Router1(config)#ip flow-export version 5
Router1(config)#ip flow-export destination 1.1.1.1 23456

Where 1.1.1.1 is IP address of Linux host where you plan to collect and analyze netflow data. 23456 is port number of netflow collector running on Linux.

Linux Setup

1. Download and install nfdump.

cd /usr/src/
wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.2/nfdump-1.6.2.tar.gz/download
tar -xvzf nfdump-1.6.2.tar.gz
cd nfdump-1.6.2
./configure --prefix=/ --enable-nfprofile
make
make install

2. Download and install nfsen.

It requires web server with php module and RRD so make sure you have the corresponding packages installed. I hope you’re running httpd with php already so below are rrd/perl related packages installation hints only.

Fedora/Centos/Redhat users should type this:

yum install rrdtool rrdtool-devel rrdutils perl-rrdtool

Ubuntu/Debian:

aptitude install rrdtool librrd2-dev librrd-dev librrd4 librrds-perl librrdp-perl

If you run some exotic Linux distribution just install everything that is related to rrd + perl.

At last, nfsen installation:

cd /usr/src/
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.5/nfsen-1.3.5.tar.gz/download
tar -xvzf nfsen-1.3.5.tar.gz
cd nfsen-1.3.5
cp etc/nfsen-dist.conf etc/nfsen.conf

In order to continue you should edit file etc/nfsen.conf to specify where to install nfsen, web server’s username, its document root directory etc. That file is commented so there shouldn’t be serious problems with it.

One of the major sections of nfsen.conf is ‘Netflow sources’, it should contain exactly the same port number(s) you’ve configured Cisco with — recall ‘ip flow-export …’ line where we’ve specified port 23456. E.g.

%sources = (
    'Router1'    => { 'port' => '23456', 'col' => '#0000ff', 'type' => 'netflow' },
);

Now it’s time to finish the installation:

./install.pl etc/nfsen.conf

In case of success you’ll see corresponding notification after which you will have to start nfsen daemon to get the ball rolling:

/path/to/nfsen/bin/nfsen start

From this point nfdump started collecting netflow data exported by Cisco router and nfsen is hardly working to visualize it — just open web browser and go to http://linux_web_server/nfsen/nfsen.php to make sure. If you see empty graphs just wait for a while to let nfsen to collect enough data to visualize it.

That’s it!

Tiny perl script for UDP flooding

Date: April 10, 2008. Categories: perl and tips. Comments

Sometimes it is necessary to perform UDP flood towards some network device(s) in order to test its behavior in stress… Actually I am sure that every system administrator might use this small perl script for this purpose. Certainly there are many special programs for this but believe me that it is much more easier to do the following:

1. #touch > /tmp/flood.pl
2. #chmod +x /tmp/flood.pl
3. Copy the this code to /tmp/flood.pl:

4. Then /tmp/flood.pl 192.168.0.1 0 0 0, where 192.168.0.1 is IP you would like to flood with huge amount of UDP datagrams.

Thanks to Ivan Pepelnjak from http://ioshints.blogspot.com/.

Create Linux user with password

Date: September 19, 2007. Categories: linux, perl, shell and tips. Comments

linux-logo.jpgSometimes it’s necessary to create Linux user accounts in batch mode (fully automatic) but often newbies ask how to set password for a new user without entering it manually. Thanks to heaven command useradd can get password as an input parameter, but it should be encrypted.

In other words, to create Linux user account with password the following command will be useful:

useradd -m -p encryptedPass username

I know at least two ways to get password encrypted. The first one is to use perl crypt(); function:

perl -e 'print crypt("password_to_be_encrypted", "salt"),"\n"'

which will give you an output sa3tHJ3/KuYvI.

The second way (more simple) is to use command:

openssl passwd password_to_be_encrypted

CGI Perl scripts debugging (solve 500 Internal Server Error)

Date: August 17, 2007. Categories: linux, perl and tips. Comments

When you run your perl scripts in browser you would get “500 Internal Server Error” when something goes wrong. There would be several reasons of this but one thing to be done is to check if your perl script contains errors. To do it login to server you’re running perl script (I hope you use Linux ;] ) and execute command:

/usr/bin/perl -w /path/to/script.cgi

It will show debug information and it would be much easier to find and solve the problem.

Good luck!

You may also be interested in:
Access to sqlite3 database through perl (script example)

Access to sqlite3 database through perl (script example)

Date: August 14, 2007. Categories: linux and perl. 90 Comments

By publishing this post I try to help people who want to get access to popular and simple database engine sqlite through perl script. I use sqlite to store e-mails statistics at small mail server in order to retrieve information about users’ mail activity like average response time, sent and received messages and etc. There is perl script that is used to get this data per every user or get summary statistics. This script is to be run by web server (I use Apache) and has name index.cgi in my case.

Here is part of it:

#!/usr/bin/perl
use DBI;
print “Content-type: text/html\n\n”;
print “<html><head><title>perl and sqlite example script</title></head><body>”;
$dbh = DBI->connect( “dbi:SQLite:dbname=/tmp/mail_data.db”,”", “”, { RaiseError => 1, AutoCommit => 0 });

my $fst = $dbh->selectall_arrayref(“SELECT min(time_1),max(time_1) FROM mail_data”);
foreach my $row (@$fst) {
my ($fst_pr,$lst_pr) = @$row;
print “oldest entry in database: “.gmtime($fst_pr).” gmt<br>newest entry in database: “.gmtime($lst_pr);
}

print “</body>”;
print “</html>”;
$dbh->disconnect;

After you load this example through any web browser (please read your web server’s manual on how to allow cgi/perl script exec, for example here), script will read sqlite database that is located at /tmp/mail_data.db and display minimal and maximal values of field time_1 from mail_data table.

In order to run this script it’s necessary to install perl, sqlite3 and perl-DBI-SQLite cpan module.

You may also be interested in:
CGI Perl scripts debugging (solve 500 Internal Server Error)

Friendly Sites:Who is behind Linux Screw?
GeekyBits³ | Bash Cures Cancer | OMG! Ubuntu!
My SysAd Blog | Web Upd8
ZEPY | Linux config Wiki | Planet Sysadmin
a non-geek's linux notes | Linux Today
TuxArena: The arena of Tux | LinuxAlt.Com
 My name is Artem N. (artiomix AT gmail DOT com) and I'm Linux/Unix, Cisco systems engineer. The main idea of Linux Screw is to share relevant knowledge, skills and observations over The Web. Here you can find a lot of information related to different Linux distributions, FreeBSD, IOS as well as a other Open Source around staff. Read more ››