pfStat sur FreeBSD

Dans ce guide, nous allons voir l’installation de l’outil de statistiques pfStat, qui permet d’avoir des informations sur les paquets filtrés par le firewall pf (Packet Filter) de chez OpenBSD.

Installation de pfstat

Une fois de plus, nous installons l’outil depuis les sources :

$ cd /usr/ports/sysutils/pfstat/
$ make install clean

A l’issue de cette installation, deux programmes sont disponibles :

pfstatd : permet la collecte des statistiques du Firewall pour interrogation depuis un hôte distant
pfstat : permet la collecte directe des statistiques, pour génération de graphes

Nous allons utiliser pfstat pour générer directement les graphes sur la machines

Configuration de pfStat

Le fichier de configuration de pfstat est créé dans /usr/loca/etc/pfstat.conf. Il contient 3 sections :

les graphes visualisant la bande passante
les graphes sur les paquets bloqués / acceptés
les graphes sur les compteurs de PF

########################################################################
# $Id : pfstat.conf, v1.0 2011/09/01 Ikare Exp $
# (c) Ikare - NeotechIII
# Generte Graphs for evenstar Webserver PF
#######################################################################
 
## ======================================
## ==== SECTION 1 - BANDE PASSANTE
## ======================================
 
collect 1 = interface "bge0" pass bytes in ipv4 diff
collect 2 = interface "bge0" pass bytes out ipv4 diff
collect 3 = global states entries
 
image "/opt/www/pfstat/images/bandwidth-day.jpg" {
from 1 days to now
width 980 height 500
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
 
image "/opt/www/pfstat/images/bandwidth-week.jpg" {
from 1 weeks to now
width 980 height 500
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" entries" color 192 192 0
}
 
image "/opt/www/pfstat/images/bandwidth-month.jpg" {
from 1 months to now
width 980 height 500
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
 
image "/opt/www/pfstat/images//bandwidth-year.jpg" {
from 1 years to now
width 980 height 500
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
## ======================================
## ==== SECTION 1 - FIREWALL
## ======================================
 
collect 4 = interface "bge0" pass packets in ipv4 diff
collect 5 = interface "bge0" pass packets out ipv4 diff
collect 6 = interface "bge0" block packets in ipv4 diff
collect 7 = interface "bge0" block packets out ipv4 diff
 
image "/opt/www/pfstat/images/pfstat_bge0_packets_day.jpg" {
from 1 days to now
width 980 height 300
left
graph 4 "SDSL pass in" "packets/s" color 0 192 0 filled,
graph 5 "SDSL pass out" "packets/s" color 0 0 255
right
graph 6 "ADSL block in" "packets/s" color 255 0 0,
graph 7 "ADSl block out" "packets/s" color 192 192 0
 
}
 
image "/opt/www/pfstat/images/pfstat_bge0_packets_week.jpg" {
from 1 weeks to now
width 980 height 300
left
graph 4 "SDSl pass in" "packets/s" color 0 192 0 filled,
graph 5 "SDSl pass out" "packets/s" color 0 0 255
right
graph 6 "ADSl block in" "packets/s" color 255 0 0,
graph 7 "ADSl block out" "packets/s" color 192 192 0
 
}
image "/opt/www/pfstat/images/pfstat_bge0_packets_month.jpg" {
from 1 months to now
width 980 height 300
left
graph 4 "SDSl pass in" "packets/s" color 0 192 0 filled,
graph 5 "SDSl pass out" "packets/s" color 0 0 255
right
graph 6 "ADSl block in" "packets/s" color 255 0 0,
graph 7 "ADSl block out" "packets/s" color 192 192 0
 
}
image "/opt/www/pfstat/images/pfstat_bge0_packets_year.jpg" {
from 1 years to now
width 980 height 300
left
graph 4 "SDSl pass in" "packets/s" color 0 192 0 filled,
graph 5 "SDSl pass out" "packets/s" color 0 0 255
right
graph 6 "ADSl block in" "packets/s" color 255 0 0,
graph 7 "ADSl block out" "packets/s" color 192 192 0
 
}
 
## ======================================
## ==== SECTION 3 - COMPTEURS
## ======================================
 
collect 15 = global counters match diff
collect 16 = global counters bad-offset diff
collect 17 = global counters fragment diff
collect 18 = global counters short diff
collect 19 = global counters normalize diff
collect 20 = global counters memory diff
collect 21 = global counters bad-timestamp diff
collect 22 = global counters congestion diff
collect 23 = global counters ip-option diff
collect 24 = global counters proto-cksum diff
collect 25 = global counters state-mismatch diff
collect 26 = global counters state-insert diff
collect 27 = global counters state-limit diff
collect 28 = global counters src-limit diff
collect 29 = global counters synproxy diff
 
image "/opt/www/pfstat/images/counters-day.jpg" {
from 1 days to now
width 980 height 500
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
# others are usually all zero here
right
graph 15 "match" "/s" color 0 192 0
}
 
image "/opt/www/pfstat/images/counters-week.jpg" {
from 1 weeks to now
width 980 height 500
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
# others are usually all zero here
right
graph 15 "match" "/s" color 0 192 0
}
 
image "/opt/www/pfstat/images/counters-month.jpg" {
from 1 months to now
width 980 height 500
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
# others are usually all zero here
right
graph 15 "match" "/s" color 0 192 0
}
 
image "/opt/www/pfstat/images/counters-year.jpg" {
from 1 years to now
width 980 height 500
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
# others are usually all zero here
right
graph 15 "match" "/s" color 0 192 0
}

Ce fichier de configuration va donc générer des images dans le répertoire /opt/www/pfstat/images, répertoire accessible par Apache.

Automatisation de la génération

Un petit crontab :

#PFSTAT -&gt;collect pflog data
* * * * * /usr/local/bin/pfstat -q -d /var/db/pfstat.db
 
#PFSTAT -&gt; clear data from 30 days
25 3 * * * /usr/local/bin/pfstat -t 30 -d /var/db/pfstat.db
 
#PFSTAT -&gt; generate graphs DAILY
55 23 * * * /usr/local/bin/pfstat -p -d /var/db/pfstat.db

Visualisation des graphes via le Web

Ajoutons un petit alias dans la configuration d’Apache :

Alias /pfstat /opt/www/pfstat
DocumentRoot "/opt/www/pfstat"
 
DirectoryIndex index.html
Order deny,allow
Allow from all
Satisfy Any

Créons la page de présentation des statistiques /opt/www/pfstat/index.html

<?xml version="1.0" encoding="iso-8859-15"?>
<!DOCTYPE html
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>Statistiques du Firewall du serveur </title>
  </head>
  <body>
 
<h1>Bande passante sur bge0 - Interface WAN SDSL</h1>
<h2>Jour</h2>
<img src="images/bandwidth-day.jpg" alt="" />
<h2>Semaine</h2>
<img src="images/bandwidth-month.jpg" alt="" />
<h2>Mois</h2>
<img src="images/bandwidth-week.jpg" alt="" />
<h2>Ann\\xe9e</h2>
<img src="images/bandwidth-year.jpg" alt="" />
<h1>Packets sur bge0</h1>
<h2>Jour</h2>
<img src="images/pfstat_bge0_packets_day.jpg" alt="" />
<h2>Semaine</h2>
<img src="images/pfstat_bge0_packets_month.jpg" alt="" />
<h2>Mois</h2>
<img src="images/pfstat_bge0_packets_week.jpg" alt="" />
<h2>Ann\\xe9e</h2>
<img src="images/pfstat_bge0_packets_year.jpg" alt="" />
<h1>Compteurs sur bge0</h1>
<h2>Jour</h2>
<img src="images/counters-day.jpg" alt="" />
<h2>Semaine</h2>
<img src="images/counters-month.jpg" alt="" />
<h2>Mois</h2>
<img src="images/counters-week.jpg" alt="" />
<h2>Annee</h2>
 
  </body>
</html>