Welcome to Proweb (UK) Ltd, click the logo to return to our home page Proweb (UK) Ltd, talking your language
home products & services eshop support contact
terms & conditions  | latest news | sitemap | search  
Support
total
internet
solutions
for business		Welcome to Proweb (UK) Ltd
 
Click to select Network/Server Status Network/Server Status
Click to select Security Threats Security Threats
Click to select Connectivity Connectivity
Click to select Email Configuration Email Configuration
Click to select Web based Email Web based Email
Click to select FTP Service FTP Service
Click to select Mail Forms Mail Forms
Click to select CGI Wrap CGI Wrap
Click to select Jargon Buster Jargon Buster
Click to select New User Information New User Information
Click to select Domain Name WHOIS Domain Name WHOIS
Click to select Sender Policy Framework Sender Policy Framework
Click to select Contact Us Contact Us
Click to select Back to Home page Back to Home page

ZeroShell Stats Logging Howto

This document aims to be a quick and dirty guide to setting up QOS statistics logging to a MySql server and traffic graph generation from a ZeroShell firewall. The solution is in no way elegant or mature and was designed to fulfil an urgent need to view QOS stats in as near real time as possible with the added benefit of offering a flexible usage history report generation capability.

The database currently stores an incrementing daily record of bandwidth and usage by class and a seven day history of usage by class at 1 minute intervals although the stats are gathered from the firewall and updated on the page every 15 seconds. The historical graph is also refreshed at 1 minute intervals. You can also click on each element of the bar graph to display the history graph for that particular rule. Usage graphs reset at midnight.

Due to the use of DHTML text transformations, the page is only IE friendly (for now).


Terms of Use

The obligatory legal guff before moving on to the fun stuff.

The document is provided for information only and is in no way affiliated with the owner of ZeroShell, Fulvio Ricciardi.

In no event shall the initial developers or copyright holders be liable for any damages whatsoever, including - but not restricted to - lost revenue or profits or other direct, indirect, special, incidental or consequential damages, even if they have been advised of the possibility of such damages, except to the extent invariable law, if any, provides otherwise.

No Warranty

The Software and this document is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Requirements

You will need a host machine on which to run the php stats query script, host the bandwidth graph php pages and MySql database plus of course, have a working ZeroShell firewall.

SSH Access - LiveCD

Firstly, we need to grant password free SSH access to the ZeroShell firewall. This solution is not pretty and the author would be grateful for any improvements although that said, it does work rather well :-)

SSH to you ZeroShell firewall and login as "admin" then drop to a shell "S".

In the "/Database" directory, create a directory called "startup".

Copy "/etc/ssh/sshd_config" to "/Database/startup/sshd_config".

Edit "/Database/startup/sshd_config" and comment out "AllowUsers admin", then uncomment "#AuthorizedKeysFile .ssh/authorized_keys" and save the file eg. 
# AllowUsers admin
AuthorizedKeysFile .ssh/authorized_keys
On your stats collector machine:
Run "ssh-keygen -t rsa" to generate a public / private key pair, in "/root/.ssh/id_rsa"
DO NOT ENTER A PASSPHRASE

Copy the contents of "/root/.ssh/id_rsa.pub" using your fav editor to the ZeroShell "/Database/startup/.ssh/authorized_keys" file (you will need to create the /root/.ssh directory).

Create a startup script, "/Database/startup/rc.local", chmod 755 it and paste in the following (modify YOUR_ROOT_PASSWORD below)

#!/bin/sh
/bin/cp /Database/startup/sshd_config /etc/ssh/sshd_config
/bin/cp -Rp /Database/startup/.ssh /root/.ssh
echo "root:YOUR_ROOT_PASSWORD" | /usr/sbin/chpasswd
/sbin/service sshd restart
Login to your ZeroShell web admin and navigate to "Setup", then "Startup"

Enable the startup configuration and add "/Database/startup/rc.local" to the startup script and save it.

Reboot your ZeroShell firewall.

You should now be able to SSH in as "root" with the password set above and drop to a shell prompt.

Check that an SSH connection from your stats collector box to your ZeroShell firewall returns a "root@ZS root>" without prompting for a password eg.

ssh -i /root/.ssh/id_dsa root@ZEROSHELL_IP

The Get Qos Script

The get_qos script is a cutdown version of Fulvio Ricciardi's "qos_statistics" script for which I hope he doesn't mind.

Create the file "/Database/startup/get_qos" and paste in the following script (also available in the download archive), then chmod 755 get_qos
#!/bin/sh
. /etc/kerbynet.conf
RELOAD="$1"
INTERFACE="$2"
IDIR="$REGISTER/system/net/interfaces"
cd $IDIR
INTERFACE=`ls`
echo `/bin/date +%Y:%m:%d:%H:%M:%S`
for I in $INTERFACE ; do
  QDIR="$IDIR/$I/QoS"
  if [ "`cat $IDIR/$I/QoS/Enabled 2>/dev/null`" == yes ] ; then
    MAX="`cat $QDIR/Max 2>/dev/null`"
    MAXUNIT="`cat $QDIR/MaxUnit 2>/dev/null`"
    GUARANTEED="`cat $QDIR/Guaranteed 2>/dev/null`"
    GUARANTEEDUNIT="`cat $QDIR/GuaranteedUnit 2>/dev/null`"
    if [ "$GUARANTEEDUNIT" == "Mbit/s" ] ; then
      GK=`echo $GUARANTEED | awk '{print $0 * 1024}'`
    else
      GK="$GUARANTEED"
    fi
    SENT="`$SCRIPTS/qos_getstat $I`"
    echo "$I::$SENT:0:0"
    CDIR="$QDIR/Class"
    cd $CDIR
    CLASSES="`ls`"
    for C in $CLASSES ; do
      if [ "`$SCRIPTS/qos_ison $I $C`" == yes ] ; then
        MAX="`$SCRIPTS/qos_getbw "$I" "$C" Max F`"
        GUARANTEED="`$SCRIPTS/qos_getbw "$I" "$C" Guaranteed F`"
        if [ -z "$MAX" ] ; then
          MAX="0"
        fi
        if [ -z "$GUARANTEED" ] ; then
          GUARANTEED="0"
        fi
        SENT="`$SCRIPTS/qos_getstat $I $C`"
        echo "$I:$C:$SENT:$MAX:$GUARANTEED"
      fi
    done
   fi
done

The PHP Scripts & MySql Tables

Download the zip file containing the PHP scripts and MySql table structures: HERE

Create the MySql "zeroshell_stats" database and setup the tables from the included zeroshell_stats.sql script.

Add a MySql username and password and grant select, insert, update and delete privileges.

Copy the scripts to a web directory although "zeroshell_getqos.php" is self contained and can reside outside the web directory if required.

Edit "zeroshell_getqos.php" and "mysql.inc" and update MySql username as password, also update "Your ZS Gateway 1 IP Address" to the correct ip address and check the location of the php binary.

You can optionally add a second "Gateway 2 IP Address" should you have a failover gateway configured.

Run "./zeroshell_getqos.php" to check for sql errors and ssh connectivity issues and if all ok, add a cron job at one minute intervals eg.

*/1 * * * * root /path/to/zeroshell_getqos.php > /tmp/qos.log

You will also require JpGrpah which can be downloaded from: http://www.aditus.nu/jpgraph and should be copied to a sub directory of the web scripts directory as per the "graph.php" includes path. (Note: you will also need to set "memory_limit = 256M" in php.ini to avoid out of memory issues as the graph has up to 5760 data values to plot)

Finally, I hope this proves to be some use to somebody and many thanks to Fulvio Ricciardi for writing ZeroShell and making this all possible (BOW).

© 2008 Proweb (UK) Ltd. Richard Drage
Registered office: 18 Mansfield Road, Daybrook, Nottingham NG5 6AA. Registered in England No: 3162345 & 3570381