 减小字体
 增大字体
摘要:給阿骁兄的賀禮二: DNS 流量統計~超強版
其實也稱不上超強版,不過一般人可能較不會往這邊想而以... :mrgreen:
透過修改 bind 的 source code, 利用 rndc 從遠端直接抓出
dns 的query/response 次數,再利用 mrtg 或 rrdtool 來繪圖而以
(註:rndc 不懂的人自己去看,非本處主題)
這是我做的 bind-9.3.0 的 patch file, 有興趣的可拿去看看,如果懂程式
的話,你就會知道不同的版本如何改,如果不懂的話,你就將就用囉!
[code:1:f7a85c68b4]diff -cr bind-9.3.0/bin/named/query.c bind-9.3.0_abel/bin/named/query.c
*** bind-9.3.0/bin/named/query.c Wed Jun 30 22:13:05 2004
--- bind-9.3.0_abel/bin/named/query.c Wed Oct 13 00:45:07 2004
***************
*** 95,100 ****
--- 95,103 ----
static void
query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype);
+ static int querycount=0;
+ static int replycount=0;
+
/*
* Increment query statistics counters.
*/
***************
*** 112,121 ****
--- 115,132 ----
zonestats[counter]++;
}
}
+ int get_query_count(void) {
+ return(querycount);
+ }
+
+ int get_reply_count(void) {
+ return(replycount);
+ }
static void
query_send(ns_client_t *client) {
dns_statscounter_t counter;
+ replycount++;
if (client->message->rcode == dns_rcode_noerror) {
if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER])) {
if (client->query.isreferral) {
***************
*** 3447,3453 ****
query_error(client, result);
return;
}
!
if (ns_g_server->log_queries)
log_query(client);
--- 3458,3464 ----
query_error(client, result);
return;
}
! querycount++;
if (ns_g_server->log_queries)
log_query(client);
diff -cr bind-9.3.0/bin/named/server.c bind-9.3.0_abel/bin/named/server.c
*** bind-9.3.0/bin/named/server.c Fri Jun 18 12:39:48 2004
--- bind-9.3.0_abel/bin/named/server.c Wed Oct 13 00:47:47 2004
***************
*** 3998,4003 ****
--- 3998,4005 ----
n = snprintf((char *)isc_buffer_used(text),
isc_buffer_availablelength(text),
"number of zones: %u\n"
+ "number of query: %u\n"
+ "number of reply: %u\n"
"debug level: %d\n"
"xfers running: %u\n"
"xfers deferred: %u\n"
***************
*** 4006,4012 ****
"recursive clients: %d/%d\n"
"tcp clients: %d/%d\n"
"server is up and running",
! zonecount, ns_g_debuglevel, xferrunning, xferdeferred,
soaqueries, server->log_queries ? "ON" : "OFF",
server->recursionquota.used, server->recursionquota.max,
server->tcpquota.used, server->tcpquota.max);
--- 4008,4014 ----
"recursive clients: %d/%d\n"
"tcp clients: %d/%d\n"
"server is up and running",
! zonecount, get_query_count(), get_reply_count(),ns_g_debuglevel, xferrunning, xferdeferred,
soaqueries, server->log_queries ? "ON" : "OFF",
server->recursionquota.used, server->recursionquota.max,
server->tcpquota.used, server->tcpquota.max);[/code:1:f7a85c68b4]
[b:f7a85c68b4]註:Patch 動作請自己做, patch -p1 < this_patch_file,本檔僅適合 9.3.0,沒空每版都寫出來[/b:f7a85c68b4]
以上的程式僅是在做 rdnc -s IP_addr status 時,可以帶出如下內容:
[root@log SIP]# rndc -s 211.72.210.251 status
[code:1:f7a85c68b4]number of zones: 1
number of query: 157
number of reply: 153
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running[/code:1:f7a85c68b4]
看到沒有,跟你的有什麼不同, 多了
[b:f7a85c68b4]number of query: 157
number of reply: 153[/b:f7a85c68b4]
兩欄,也就是我們加上去的,好了,你每一台機器都做了這樣的 patch 後
並做相同的 rndc.conf 的設定,就可以利用 rndc -s Server_IP status 取
得這樣的結果了,我們可以驗證看看數字到底對不對:
[code:1:f7a85c68b4]
#rndc -s Server_IP stats
# cat /var/named/named.stats
success 137
referral 0
nxrrset 6
nxdomain 10
recursion 142
failure 4
[/code:1:f7a85c68b4]
上面數字 success+nxrrset+nxdomain+failure=157 表示 dns 收到了
157 查詢,其中有 142 次做 recursion
不計算 failure 即為成功的查詢次數, 所以為 153
故程式的結果沒有問題 !!
我再寫一個小程式來做字串處理:
[code:1:f7a85c68b4]
#!/usr/bin/perl
open(II,"/usr/local/sbin/rndc -s $ARGV[0] status|");
while (<II>) {
chomp;
split(/: /,$_);
print "$_[1]\n" if ($_[0] eq 'number of query' or $_[0] eq 'number of reply');
}
close(II);
[/code:1:f7a85c68b4]
Ex:filename 為 dns_flow.pl
|
设为首页
加入收藏
联系我们
站内广告
相关技术