[Snort-users] CPU utilization tool

Brandon Gillespie brandon at ...3618...
Fri Jan 25 09:32:09 EST 2002


Attached is a script I cobbled together to display system utilization
on the console, when the shell is logged out--similar to what an NFR
system would show.  This is distilled information mainly for when we
tour people around.  It is written for FreeBSD.
-------------- next part --------------
#!/usr/bin/perl

## For FreeBSD

use Data::Dumper;

do "/snort/nids.pl";
do "/snort/$my_name/showload.conf";

$NL = "\r\n";
$elog = "/tmp/showload.err";
chomp($hostname=`hostname`);


##########################################################################
## exec
$last = {'tstamp' => time()};
for (;;) {
    @who = `/usr/bin/who`;
    if (!grep(/ttyv0/, @who)) {
        open(OUT, ">>$outfile");
        $last = &doit(OUT, $last);
        close(OUT);
#    } else {
#        $last = &doit(STDOUT, $last);
    }
    
    sleep($interval);
}

sub elog {
    my ($msg) = @_;
    open(ELOG, ">>$elog");
    print(ELOG "[" . localtime() . "] $msg$NL");
    close(ELOG);
};

sub doit {
    my ($out, $last) = @_;

    @stat = grep(!/^(Name|lo0)\s+/, split(/\n/, `/usr/bin/netstat -i`));

    my $curr = {'tstamp' => time()};
    for $net (@{$nets->[0]}) {
        $if = $nets->[1]->{$net};
        ($if,$mtu,$nwork,$addr,$ipkts,$ierrs,$opkts,$oerrs,$coll) =
            split(/\s+/, (grep(/^$if/, @stat))[0]);
        $curr->{$if} = [$ipkts,$ierrs,$coll];
    }

    @top = split(/\n/, `top -b -d2`);
    
    $E = "\033[";
    
    ##########################################################################
    ## chew
    
    $cpu = (grep(/^CPU states: /, @top))[0];
    $cpu =~ s/^CPU states: //;
    %cpu = &splitdict($cpu, "%");
    
    @mem = (grep(/^Mem: /, @top));
    $mem = $mem[$#mem];
    $mem =~ s/^Mem:\s+//;
    %mem = &splitdict($mem, "[MK]");

    @swap = (grep(/^Swap: /, @top));
    $swap = $swap[$#swap];
    $swap =~ s/^Swap:\s+//;
    %swap = &splitdict($swap, "[MK]");

    @load = (grep(/^last pid: /, @top));
    $loadstr = $load[$#load];
    $loadstr =~ /load averages:\s+([0-9.]+),\s+([\d.]+),\s+([\d.]+)/;
    $loadstr = "$1, $2, $3";
    $load = $1;
    $load /= $ncpus;
    $load *= 100;
    
    ##########################################################################
    ## print
    print($out "${E}H${E}2J${E}1m");
    print($out "===> Network Intrusion Detection System Status${E}0m$NL");
    print($out "     [" . localtime() . "] on ${E}36m$hostname${E}0m$NL$NL");

    printf($out "%32s: ", "Run Queue Load");
    cprint($out, sprintf("%d%%", $load), &ppctcolor($load));
    print $out " ($loadstr)";
    print $out $NL;
    
    printf($out "%32s: ", "CPU Utilization");
    $util= (100-$cpu{'idle'});
    cprint($out, $util . "%", &ppctcolor($util));
    print $out " of $cpus$NL";
    &bargraph($out, $util);
    
    printf($out "%32s: ", "Memory Used");
    $used  = ($memtot-$mem{'inact'});
    $pused = (($used / $memtot) * 100);
    cprint($out, sprintf("%0.2f MB (%0.1f%%)", $used, $pused), &ppctcolor($pused));
    printf($out ", %0.2f MB Available$NL", $memtot);
    &bargraph($out, $pused);
    
    printf($out "%32s: ", "Swap Used");
    $used  = ($swap{'total'}-$swap{'free'});
    if ($used) {
        $pused = (($used / $swap{'used'}) * 100);
    } else {
        $pused = 0;
    }
    cprint($out, sprintf("%0.2f MB (%0.1f%%)", $used, $pused), &ppctcolor($pused));
    printf($out ", %0.2f MB Available$NL", $swap{'total'});
    &bargraph($out, $pused);
    
    for $nic (keys(%$last)) {
        $nic eq 'tstamp' && next;
        printf($out "%32s: ", "Network traffic on $nic");
        #[$ipkts,$ierrs,$coll];
        $lnic = $last->{$nic};
        $cnic = $curr->{$nic};
        $newpkts = $cnic->[0] - $lnic->[0];
        $newerrs = $cnic->[1] - $lnic->[1];
        $newcoll = $cnic->[2] - $lnic->[2];
        $difft = time() - $last->{'tstamp'};
        cprint($out, sprintf("%0.2f", $newpkts / $difft), 35);
        print $out " packets / sec ($cnic->[0] total)$NL";
        cprint($out, sprintf("%34s%0.2f", "", $newerrs / $difft), 35);
        print $out " errors / sec ($cnic->[1] total)$NL";
        cprint($out, sprintf("%34s%0.2f", "", $newcoll / $difft), 35);
        print $out " collisions / sec ($cnic->[2] total)$NL";
    }

    return $curr;
}

##########################################################################
## subs
sub splitdict {
    my ($s,$d) = @_;

    my %d= ();
    for (split(/,\s+/, $s)) {;
        if ($_ !~ /([\d.]+$d) ([a-z]+)/i) {
            print STDERR "ERROR Parsing line: $_$NL";
        }
        my $tok = lc $2;
        $d{$tok} = $1;
    }
    return %d;
}
# 30=black
# 31=red
# 32=green
# 33=yellow
# 34=blue
# 35=magenta
# 36=cyan
# 37=white

sub cprint {
    my ($out, $s, $c) = @_;
    print $out "${E}1m${E}${c}m$s${E}0m";
}

sub ppctcolor {
    my ($pct) = @_;
    $c = 32;
    if ($pct > 90) {
        $c = 31;
    } elsif ($pct > 70) {
        $c = 33;
    }
    return $c;
}

sub bargraph {
    my ($out, $pct) = @_;
    $c = &ppctcolor($pct);
    $bar=int($pct * 0.78);
    $left=78-$bar;
    
    print($out "[");
    cprint($out, (">" x $bar), $c);
    print($out ("." x $left) . "]$NL");
}



More information about the Snort-users mailing list