Linux Admin 简明教程
Linux Admin - Traffic Monitoring in CentOS
有几个第三方工具可以增强 CentOS 流量监控功能。在本教程中,我们重点关注 CentOS 主要分发版本库和 Fedora EPEL 版本库中打包的那些工具。
There are several third party tools that can add enhanced capabilities for CentOS traffic monitoring. In this tutorial, we will focus on those that are packaged in the main CentOS distribution repositories and the Fedora EPEL repository.
管理员(出于某种原因)有时只能使用 CentOS 主要版本库中的工具。讨论最多的实用程序旨在由有物理访问 shell 的管理员使用。当使用可访问的 Web GUI 进行流量监控时,使用如 ntop-ng 或 Nagios 之类的第三方实用程序是最佳选择(而不是从头重新创建此类设施)。
There will always be situations where an Administrator (for one reason or another) is left with only tools in the main CentOS repositories. Most utilities discussed are designed to be used by an Administrator with the shell of physical access. When traffic monitoring with an accessible web-gui, using third party utilities such as ntop-ng or Nagios is the best choice (versus re-creating such facilities from scratch).
如果您想进一步研究可配置的 Web GUI 解决方案,以下提供了几个链接,供您开始研究。
For further research on both configurable web-gui solutions, following are a few links to get started on research.
Traffic Monitoring for LAN / WAN Scenarios
Nagios
Nagios
Nagios 已存在了很长时间,因此,经过了全面测试。曾几何时它完全是免费的和开源的,但此后已发展成企业解决方案,采用付费许可证模式来满足企业级复杂性需求。因此,在计划任何集成 Nagios 的操作之前,请务必确保开源许可版本能够满足您的需求或按照企业预算进行规划。
Nagios has been around for a long time, therefore, it is both tried and tested. At one point it was all free and open-source, but has since advanced into an Enterprise solution with paid licensing models to support the need of Enterprise sophistication. Hence, before planning any rollouts with Nagios, make sure the open-source licensed versions will meet your needs or plan on spending with an Enterprise Budget in mind.
可以在 https://www.nagios.org 中找到大部分开源 Nagios 流量监视软件。
Most open-source Nagios traffic monitoring software can be found at − https://www.nagios.org
有关 Nagious 的历史总结,请访问官方 Nagios 历史页面 − https://www.nagios.org/about/history/
For a summarized history of Nagious, here is the official Nagios History page − https://www.nagios.org/about/history/
ntopng
ntopng
另一种非常棒的工具允许通过 Web GUI 监视带宽和流量,称为 ntopng。ntopng 类似于 Unix 实用程序 ntop,并且可以收集整个 LAN 或 WAN 的数据。通过提供一个用于管理、配置和绘制图表 Web GUI,使得整个 IT 部门都可以轻松使用它。
Another great tool allowing bandwidth and traffic monitoring via a web-gui is called ntopng. ntopng is similar to the Unix utility ntop, and can collect data for an entire LAN or WAN. Providing a web-gui for administration, configuration, and charting makes it easy to use for the entire IT Departments.
与 Nagious 类似,ntopng 同时提供了开源版本和付费企业版本。有关 ntopng 的更多信息,请访问网站: http://www.ntop.org/
Like Nagious, ntopng has both open-source and paid enterprise versions available. For more information about ntopng, please visit the website: http://www.ntop.org/
Install Fedora EPEL Repository ─ Extra Packages for Enterprise Linux
要访问流量监视所需的一些工具,我们需要配置 CentOS 系统使用 EPEL 存储库。
To access some of the needed tools for traffic monitoring, we will need to configure our CentOS system to use the EPEL Repository.
EPEL 存储库并非 CentOS 官方维护或支持的存储库。但是,一群 Fedora Core 志愿者维护该存储库,以解决 CentOS、Fedora Core 或红帽企业版 Linux 中未包含的、企业级 Linux 专业人员常用的软件包的问题。
The EPEL Repository is not officially maintained or supported by CentOS. However, it is maintained by a group of Fedora Core volunteers to address the packages commonly used by Enterprise Linux professionals not included in either CentOS, Fedora Core, or Red Hat Linux Enterprise.
Caution
Caution
请记住,EPEL 存储库并不是 CentOS 的官方存储库,可能会破坏生产服务器上使用常见依赖项进行兼容性和功能。谨记这一点,建议在关键系统部署之前,始终在运行相同服务且并非生产环境的服务器上进行测试。
Remember, the EPEL Repository is not official for CentOS and may break compatibility and functionality on production servers with common dependencies. With that in mind, it is advised to always test on a non-production server running the same services as production before deploying on a system critical box.
事实上,与 CentOS 的任何其他第三方存储库相比,使用 EHEL 存储库最大的优势在于我们可以确信二进制文件不受污染。从不可信来源使用存储库被认为是一种最佳实践。
Really, the biggest advantage of using the EHEL Repository over any other third party repository with CentOS is that we can be sure the binaries are not tainted. It is considered a best practice to not use the repositories from an untrusted source.
尽管如此,官方 EPEL 存储库在 CentOS 中非常常见,可通过 YUM 轻松进行安装。
With all that said, the official EPEL Repository is so common with CentOS that it can be easily installed via YUM.
[root@CentOS rdc]# yum -y install epel-release
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: repo1.dal.innoscale.net
* extras: repo1.dal.innoscale.net
* updates: mirror.hmc.edu
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-9 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
--{ condensed output }--安装完 EPEL 存储库后,我们会希望更新该存储库。
After installing the EPEL Repository, we will want to update it.
[root@CentOS rdc]# yum repolist
Loaded plugins: fastestmirror, langpacks
epel/x86_64/metalink
| 11 kB 00:00:00
epel
| 4.3 kB 00:00:00
(1/3): epel/x86_64/group_gz
| 170 kB 00:00:00
(2/3): epel/x86_64/updateinfo
| 753 kB 00:00:01
(3/3): epel/x86_64/primary_db
--{ condensed output }--此时,我们的 EPEL 存储库应已配置完毕并可以随时使用。让我们先安装 nload 来监视接口带宽。
At this point, our EPEL repository should be configured and ready to use. Let’s start by installing nload for interface bandwidth monitoring.
我们将在本教程中重点介绍的工具有:
The tools we will focus on in this tutorial are −
-
nload
-
ntop
-
ifstst
-
iftop
-
vnstat
-
net hogs
-
Wireshark
-
TCP Dump
-
Traceroute
这些都是 Linux 企业中用于监视流量的标准工具。每种工具从简单到高级都有使用情况,所以我们只会简要讨论 Wireshark 与 TCP Dump 等工具。
These are all standard for monitoring traffic in Linux Enterprises. The usage of each range from simple to advanced, so we will only briefly discuss tools such as Wireshark and TCP Dump.
Install and Use nload
随着我们的 EPEL 存储库在 CentOS 中得以安装和配置,我们现在应该可以安装和使用 nload 了。此实用程序旨在实时绘制每个接口的带宽。
With our EPEL Repositories installed and configured in CentOS, we now should be able to install and use nload. This utility is designed to chart bandwidth per interface in real-time.
与大多数其他基本安装类似,nload 是通过 YUM 软件包管理器安装的。
Like most other basic installs nload is installed via the YUM package manager.
[root@CentOS rdc]# yum -y install nload
Resolving Dependencies
--> Running transaction check
---> Package nload.x86_64 0:0.7.4-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================
===============================================================================
Package Arch
Version Repository Size
===============================================================================
===============================================================================
Installing:
nload x86_64
0.7.4-4.el7 epel 70 k
Transaction Summary
===============================================================================
===============================================================================
Install 1 Package
Total download size: 70 k
Installed size: 176 k
Downloading packages:
--{ condensed output }--现在我们已经安装了 nload,并且使用起来非常简单。
Now we have nload installed, and using it is pretty straight forward.
[root@CentOS rdc]# nload enp0s5nload 将实时监控指定接口。在本例中,Enp0s5 是一个以太网接口,它可以监控网络流量负载和总带宽使用情况。
nload will monitor the specified interface. In this case, enp0s5 an Ethernet interface, in real-time from the terminal for network traffic loads and total bandwidth usage.
如你所见,nload 将绘制出指定接口的传入和传出数据,并使用井号“#”提供数据的物理表示。
As seen, nload will chart both incoming and outgoing data from the specified interface, along with providing a physical representation of the data flow with hash marks "#".
截图描述的是正在加载一个简单网页,同时还有后台守护程序流量。
The depicted screenshot is of a simple webpage being loaded with some background daemon traffic.
nload 的常用命令行开关如下:
Common command line switches for nload are −
Command |
Action |
-a |
Time period |
-t |
Time update interval in milliseconds, the default is 500 |
-u |
Sets display of traffic measurement h |
-U |
Sets total in/out traffic measurement units same options as -u |
nload 的标准语法为:
The standard syntax for nload is −
nload [options] <interface>如果没有指定接口,nload 将自动获取第一个以太网接口。我们尝试使用兆字节测量总入/出数据,并以兆比特测量当前数据传输速度。
If no interface is specified, nload will automatically grab the first Ethernet interface. Let’s try measuring the total data in/out in Megabytes and current data-transfer speeds in Megabits.
[root@CentOS rdc]# nload -U M -u m
进入/离开当前接口的数据以每秒兆比特为单位测量,每个代表总入/出数据的“Ttl”行都以兆字节显示。
Data coming in/out the current interface is measured in megabits per second and each "Ttl" row, representing total data in/out is displayed in Megabytes.
nload 对于管理员来说非常有用,他们需要查看通过某个接口传递了多少数据,以及当前通过指定接口进入/离开的数据量。
nload is useful for an administrator to see how much data has passed through an interface and how much data is currently coming in/out a specified interface.
想在不关闭 nload 的情况下查看其他接口,只需使用左右箭头键即可。这将在系统上的所有可用接口之间循环。
To see other interfaces without closing nload, simply use the left/right arrow keys. This will cycle through all available interfaces on the system.
可以使用 -m 开关同时监控多个接口:
It is possible to monitor multiple interfaces simultaneously using the -m switch −
[root@CentOS rdc]# nload -u K -U M -m lo -m enp0s5同时监控两个接口(lo 和 enp0s5):
load monitoring two interfaces simultaneously (lo and enp0s5) −
