How to graph IP traffic totals using ipac-mg & mrtg

As of 21st December 2002 this is under test.
If it works, I'll upload updated docs and example config files. All comments are welcome.

Introduction:
You may already use mrtg to graph traffic trends on your network, but mrtg does not provide a method to graph traffic totals like ipac-ng does.

Although ipac-ng includes graphing capability you may use mrtg to collect and graph a wide variety of other data. For the sake of consistency, you may prefer to graph everthing using mrtg alone.

It is difficult to run two traffic monitors on same host (see man fetchipac BUGS) but here is one way to do this easily using ipac-ng and mrtg.

Quick Start:

Download and install ipac-ng and configure using normal defaults. First make sure that ipac-ng is working correctly, then install and configure mrtg.

You do not need to run snmp with mrtg - ipac-ng can supply all traffic data to mrtg using the ipcaacount script (included in ipac-ng contrib); Your mrtg configuration file is configured same as normal but use "ipaccount" script to collect traffic data instead of using snmp. Instead of using snmp, the mrtg config file specifies "ipaccount" as a "target" script to obtain mrtg traffic data.

With the setup explained here, you should call mrtg from cron instead of as daemon (unless you know how and why :).

The traffic data is stored twice; Both in normal mrtg log file(s) _and_ in ipac-ng log file(s).

The "ipaccount" script calls "ipacsum" (part of ipac-ng) to collect traffic data from ipac-ng log files (so that mrtg does not reset the iptables data back to zero when reading traffic statistics - read the ipac-ng "fetchipac" manual for further information).

Using the above method, you can use ipac-ng data _and_ mrtg data at same time on the same host.

Getting Started:
Warning: Please modify the paths in the following example(s) to suit your own installation preferences!

Install ipac-ng and mrtg packages and add "/usr/local/sbin/fetchipac -S" to the end of your "rc.firewall" (or similar) script (ipac-ng will not affect any other firewall rules that you have created).

Edit your /etc/ipac-ng/ipac.conf and /etc/ipac-ng/rules.conf files Depends on version of ipac-ng). Make sure you understand "chain" names. The "chain" names will be used as filters in the ipaccount "regular expressions" (regexps). Select your "chain" names carefully so that they are simple and unambiguous.

Edit your mrtg.conf file0. In the mrtg "target" field, enter the full path to "ipaccount", the time interval and the regexp to identify the name of the rule(s) that mrtg will use to create graph. For example, "/usr/local/sbin/ipaccount 15m all" - means "get data from any chain that contains the regexp 'all' for last 15 minutes '15m'" The 15m time can be whatever time you like, but must be the same period that MRTG is run - in this example, mrtg is called every 15 minutes from crontab. Note that mrtg stores data in minimum 5 minute blocks, so there's not much point in logging data at any more than once per 5 minutes.

Here is an example of what you may enter in crontab (crontab -e):
```
	# Save data to ipac log + mrtg log every 15 mins.
	*/15 * * * * /usr/local/bin/ipac-2-mrtg
```
"ipac-2-mrtg" is a simple shell script (see example below).
Test your results by manually calling this MRTG string from command line. You should see two or more (up to 4) numbers (read about mrtg logfile format): The first line is total incoming traffic (in bytes), and second line is outgoing traffic (bytes). To understand what "total" really means, you must read the manuals for fetchipac and ipacsum included with ipac-ng!

After your cron job has been running for at least 15 minutes, look at your mrtg graphs and log files. If you have any problems, then use the following command line options to see if the results are "sensible", and read the ipac-ng and mrtg manuals and reference documents.

Troubleshooting from command line:

To make sure ipaccount + mrtg.conf are working correctly:
```
       /usr/local/sbin/ipaccount 15m all
```
To make sure that ipac-ng and mrtg agree about traffic data:
```
      /usr/local/sbin/ipacsum -s 15m -f all
```

Configuration Hints:

You probably want to use "growright and "absolute" in mrtg.cfg

The mrtg "absolute" and "gauge" options are mutually exclusive!!!

Make sure that ipaccount is saving data in bytes (not bits, Kilobytes or Megabytes... unless you know why and how!)

An example mrtg.cfg file.

An example ipac.conf file.

An example ipac-rules.conf file.

An example ipaccount script.

An example ipac-2-mrtg script.

Download ipac-2-mrtg contribs in .zip archive (6k filesize).

Other mrtg traffic totalling utils:

A php traffic calculator

The mrtg_total IP traffic tool.

ipac/ipac-ng authors:
Moritz Both <moritz@daniben.de> and Al Zaharov <kaiser13@mail2000.ru>

ipac-ng home:
http://sourceforge.net/projects/ipac-ng

mrtg home:
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

This document:
original: Tim Yunaev <tim@lviv.gu.net> 2000
modified: Roger Buck <saas@users.sf.net> December 2002