Linux host network traffic monitoring ifstat
Ifstat is used in this monitoring program. Installation Method reference:
Http://man.linuxde.net/ifstat
1. Download
Http://gael.roualland.free.fr/ifstat/ (Official Website) wget http://gael.roualland.free.fr/ifstat/ifstat-1.1.tar.gz
From: http://man.linuxde.net/ifstat
You can also download the file in a browser and use secureCRT to upload the file;
2. Installation
Tar -xzv1_stat-1.1.tar.gz, configure, make, and make install
3. write scripts
- [Root @ localhost tools] # cat nic. sh
- #! /Bin/bash
- Start (){
- /Opt/tools/ifstat_install/bin/ifstat-I eth1-t>/opt/tools/nic. log &
- While [1-eq 1]
- Do
- Date + % F \ % T>/opt/tools/nic. log
- Sleep 86400
- Done
- }
- Stop (){
- # If stay here, kill ifstat, sleep not execute.
- # Echo 'Kill nic. sh :'
- # Ps-ef | grep nic | grep-v grep | awk '{print $2}' | while read pid1
- # Do
- # Kill-9 $ pid1
- # Echo $ pid1
- # Done
- Echo 'Kill ifstat :'
- Ps-ef | grep ifstat | grep-v grep | awk '{print $2}' | while read pid2
- Do
- Kill-9 $ pid2
- Echo $ pid2
- Done
- Echo 'Kill sleep :'
- Ps-ef | grep sleep | grep-v grep | awk '{print $2}' | while read pid3
- Do
- Kill-9 $ pid3
- Echo $ pid3
- Done
- Echo 'Kill nic. sh :'
- Ps-ef | grep nic | grep-v grep | awk '{print $2}' | while read pid1
- Do
- Kill-9 $ pid1
- Echo $ pid1
- Done
- }
- Case $1 in
- Start)
- Start
- ;;
- Stop)
- Stop
- ;;
- *)
- Printf 'Please input start | stop! \ N'
- Exit 1
- ;;
- Esac
- # Select process:
- # Ps-ef | awk '/nic/|/ifstat/|/sleep/{print }'
- [Root @ localhost tools] #./nic. sh start &
Run the following three times to view the process:
- [Mcbadm @ loophole-scan ~] $ Ps-ef | awk '/nic/|/ifstat/|/sleep/{print }'
- Mcbadm 13472 12803 0 00:00:00 pts/1/bin/bash./nic. sh start
- Mcbadm 13473 13472 0 00:00:00 pts/1/opt/proxy_security/ifstat_install/bin/ifstat-I eth0-t
- Mcbadm 13475 13472 0 00:00:00 pts/1 sleep 8640
- Mcbadm 13476 12803 0 00:00:00 pts/1/bin/bash./nic. sh start
- Mcbadm 13477 13476 0 00:00:00 pts/1/opt/proxy_security/ifstat_install/bin/ifstat-I eth0-t
- Mcbadm 13479 13476 0 00:00:00 pts/1 sleep 8640
- Mcbadm 13480 12803 0 00:00:00 pts/1/bin/bash./nic. sh start
- Mcbadm 13481 13480 0 00:00:00 pts/1/opt/proxy_security/ifstat_install/bin/ifstat-I eth0-t
- Mcbadm 13483 13480 0 00:00:00 pts/1 sleep 8640
- Mcbadm 13485 12803 0 00:00:00 pts/1 awk/nic/|/ifstat/|/sleep/{print}
- [Mcbadm @ loophole-scan ~] $
I don't know why. I need to execute two stop operations to shut down all processes. Otherwise, there will be several sleep processes. The parent process IDs of these sleep processes are the same as those of ifstat.
# One day is 86400 seconds, because the default ifstat-t can only display the hour, minute, and second, but cannot display the date, because I want to see the specific time, so that's the case.
Then, you can regularly analyze the nic. log File to view the traffic of the nic.
You can also write while for kill: # ps-ef | grep nic | grep-v grep | awk '{print $2}' | xargs-I kill-9 {}
There is a strange phenomenon: When I write the kill nic statement in front, the stop statement can only execute the kill nic statement block, and the next two kill ifstat and kill sleep cannot be executed, if the kill nic is deleted, the last two can be normally executed. After the pid is printed, it is found that if the kill nic is put in front, two invalid PIDs are output, finally, you can put the kill nic behind kill ifstat and kill sleep.