本监测方案是用ifstat。安装方法参考:
1、下载
(官网) wget ifstat-1.1.tar.gz
来自: 也可以通过浏览器下载,然后用secureCRT上传;
2、安装
tar -xzvf ifstat-1.1.tar.gz,configure、make、make install
3、编写脚本
-
[root@localhost tools]# cat nic.sh
-
#!/bin/bash
-
start(){
-
/opt/tools/ifstat_install/bin/ifstat -i eth1 -t >/opt/tools/nic.log &
-
while [ 1 -eq 1 ]
-
do
-
date +%F\ %T >>/opt/tools/nic.log
-
sleep 86400
-
done
-
}
-
-
stop(){
-
# if stay here,kill ifstat,sleep not execute.
-
#echo 'kill nic.sh:'
-
#ps -ef |grep nic |grep -v grep |awk '{print $2}' |while read pid1
-
#do
-
#kill -9 $pid1
-
#echo $pid1
-
#done
-
-
echo 'kill ifstat:'
-
ps -ef |grep ifstat |grep -v grep |awk '{print $2}' |while read pid2
-
do
-
kill -9 $pid2
-
echo $pid2
-
done
-
-
echo 'kill sleep:'
-
ps -ef |grep sleep |grep -v grep |awk '{print $2}' |while read pid3
-
do
-
kill -9 $pid3
-
echo $pid3
-
done
-
-
-
echo 'kill nic.sh:'
-
ps -ef |grep nic |grep -v grep |awk '{print $2}' |while read pid1
-
do
-
kill -9 $pid1
-
echo $pid1
-
done
-
}
-
case $1 in
-
start)
-
start
-
;;
-
stop)
-
stop
-
;;
-
*)
-
printf 'please input start|stop!\n'
-
exit 1
-
;;
-
esac
-
-
#select process:
-
#ps -ef |awk '/nic/||/ifstat/||/sleep/{print}'
-
[root@localhost tools]#./nic.sh start &
执行了三次,查看进程:
-
[mcbadm@loophole-scan ~]$ ps -ef |awk '/nic/||/ifstat/||/sleep/{print}'
-
mcbadm 13472 12803 0 15:08 pts/1 00:00:00 /bin/bash ./nic.sh start
-
mcbadm 13473 13472 0 15:08 pts/1 00:00:00 /opt/proxy_security/ifstat_install/bin/ifstat -i eth0 -t
-
mcbadm 13475 13472 0 15:08 pts/1 00:00:00 sleep 8640
-
mcbadm 13476 12803 0 15:08 pts/1 00:00:00 /bin/bash ./nic.sh start
-
mcbadm 13477 13476 0 15:08 pts/1 00:00:00 /opt/proxy_security/ifstat_install/bin/ifstat -i eth0 -t
-
mcbadm 13479 13476 0 15:08 pts/1 00:00:00 sleep 8640
-
mcbadm 13480 12803 0 15:08 pts/1 00:00:00 /bin/bash ./nic.sh start
-
mcbadm 13481 13480 0 15:08 pts/1 00:00:00 /opt/proxy_security/ifstat_install/bin/ifstat -i eth0 -t
-
mcbadm 13483 13480 0 15:08 pts/1 00:00:00 sleep 8640
-
mcbadm 13485 12803 0 15:08 pts/1 00:00:00 awk /nic/||/ifstat/||/sleep/{print}
-
[mcbadm@loophole-scan ~]$
不知道为啥,需要执行两次stop,才能关闭所有进程,不然会剩下几个sleep进程,这些sleep的父进程id与ifstat的一样。
#一天是86400秒,因为默认的ifstat -t 只能显示时、分、秒,不能显示日期,因为我想看到具体的时间所以就这么弄了。
然后定期可以去分析nic.log文件,查看该网卡的流量情况。
关于kill也可以写while的方式:#
ps -ef |grep nic |grep -v grep |awk '{print $2}' |xargs -i kill -9 {}
有一个很怪的现象:当我把kill nic的语句写在前面的时候,执行stop就只能执行kill nic的语句块,后面两个kill ifstat和kill sleep就无法执行,如果删除了kill nic,后面两个就可以正常执行,通过打印pid发现,kill nic放前面的话,输出的有两个无效的pid,最后选择把kill nic放到了kill ifstat和kill sleep后面就可以。
阅读(881) | 评论(0) | 转发(0) |