mrverrall · February 16, 2018 13:07
diff --git a/pf_active_clients b/pf_active_clients
 #!/bin/bash

 : << =cut

 =head1 NAME

 Packetfence Clients

 =head1 AUTHOR

 Contributed by Paul Verrall 

 =head1 LICENSE

 GPLv2

 =cut

 if [ -x  $MUNIN_LIBDIR/plugins/plugin.sh ]
 then
 . $MUNIN_LIBDIR/plugins/plugin.sh
 fi

 if [ "$1" = "autoconf" ]; then
        echo no
        exit 0
 fi

 if [ "$1" = "config" ]; then

        echo "graph_title packetfence active clients"
        echo 'graph_vlabel clients'
        echo 'graph_args --base 1000 --lower-limit 0' 
        echo "graph_category Packetfence"

        PF_IPSETS=$(ipset list -n | fgrep pfsession_Reg_)

        for ipset in $PF_IPSETS
        do
            snet=${ipset##pfsession_Reg_}
            echo "$snet""_active.label $snet""_active"
            echo "$snet.draw AREA"
        done

        exit 0
 fi

 PF_IPSETS=$(ipset list -n | fgrep pfsession_Reg_)
 TCP_TIMEOUT=$(sysctl -n net.netfilter.nf_conntrack_tcp_timeout_established)
 ACTIVE_AGE=600
 ACTIVE_MIN_AGE=$(( $TCP_TIMEOUT - $ACTIVE_AGE ))

 LOCAL_IPS=$(mktemp)
 IPSET_CLIENT_IPS=$(mktemp)

 # Pop local IPs in a file for easy filtering with grep
 for ip in $(hostname -I)
 do
    echo "$ip" >> "$LOCAL_IPS"
 done

 for ipset in $PF_IPSETS;
 do
    # output list of set client ips for this set to file for easy greppage
    ipset list "$ipset"  | awk -F , '/^[0-9]/ {print $1}' > "$IPSET_CLIENT_IPS"
    if [ -s "$IPSET_CLIENT_IPS" ]
    then
        echo -n "${ipset##pfsession_Reg_}_active.value "
        
        # list of assured established tcp connections 
        # | remove local sorces and destinations 
        # | remove aged connections i.e only those active within $ACTIVE_AGE seconds
        # | include only pf clients in this ipset
        # | sort | unique | count remaining lines
        
        conntrack -L -u assured -p tcp --state ESTABLISHED 2>/dev/null \
            | fgrep -v -f "$LOCAL_IPS" \
            | awk -v t="$ACTIVE_MIN_AGE" '$3 > t {print $0}' \
            | fgrep -o -f "$IPSET_CLIENT_IPS" \
            | sort | uniq | wc -l
     fi
 done

 rm $LOCAL_IPS $IPSET_CLIENT_IPS
 exit 0
	#!/bin/bash

	: << =cut

	=head1 NAME

	Packetfence Clients

	=head1 AUTHOR

	Contributed by Paul Verrall

	=head1 LICENSE

	GPLv2

	=cut

	if [ -x $MUNIN_LIBDIR/plugins/plugin.sh ]
	then
	. $MUNIN_LIBDIR/plugins/plugin.sh
	fi

	if [ "$1" = "autoconf" ]; then
	echo no
	exit 0
	fi

	if [ "$1" = "config" ]; then

	echo "graph_title packetfence active clients"
	echo 'graph_vlabel clients'
	echo 'graph_args --base 1000 --lower-limit 0'
	echo "graph_category Packetfence"

	PF_IPSETS=$(ipset list -n \| fgrep pfsession_Reg_)

	for ipset in $PF_IPSETS
	do
	snet=${ipset##pfsession_Reg_}
	echo "$snet""_active.label $snet""_active"
	echo "$snet.draw AREA"
	done

	exit 0
	fi

	PF_IPSETS=$(ipset list -n \| fgrep pfsession_Reg_)
	TCP_TIMEOUT=$(sysctl -n net.netfilter.nf_conntrack_tcp_timeout_established)
	ACTIVE_AGE=600
	ACTIVE_MIN_AGE=$(( $TCP_TIMEOUT - $ACTIVE_AGE ))

	LOCAL_IPS=$(mktemp)
	IPSET_CLIENT_IPS=$(mktemp)

	# Pop local IPs in a file for easy filtering with grep
	for ip in $(hostname -I)
	do
	echo "$ip" >> "$LOCAL_IPS"
	done

	for ipset in $PF_IPSETS;
	do
	# output list of set client ips for this set to file for easy greppage
	ipset list "$ipset" \| awk -F , '/^[0-9]/ {print $1}' > "$IPSET_CLIENT_IPS"
	if [ -s "$IPSET_CLIENT_IPS" ]
	then
	echo -n "${ipset##pfsession_Reg_}_active.value "

	# list of assured established tcp connections
	# \| remove local sorces and destinations
	# \| remove aged connections i.e only those active within $ACTIVE_AGE seconds
	# \| include only pf clients in this ipset
	# \| sort \| unique \| count remaining lines

	conntrack -L -u assured -p tcp --state ESTABLISHED 2>/dev/null \
	\| fgrep -v -f "$LOCAL_IPS" \
	\| awk -v t="$ACTIVE_MIN_AGE" '$3 > t {print $0}' \
	\| fgrep -o -f "$IPSET_CLIENT_IPS" \
	\| sort \| uniq \| wc -l
	fi
	done

	rm $LOCAL_IPS $IPSET_CLIENT_IPS
	exit 0