Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/qkaiser/collectd-graphite-docker
Run mackerel/graphite docker container, install and configure collectd locally to monitor network.
https://github.com/qkaiser/collectd-graphite-docker
Last synced: 7 days ago
JSON representation
Run mackerel/graphite docker container, install and configure collectd locally to monitor network.
- Host: GitHub
- URL: https://github.com/qkaiser/collectd-graphite-docker
- Owner: qkaiser
- Created: 2014-12-03T09:06:10.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2015-01-27T09:48:26.000Z (almost 10 years ago)
- Last Synced: 2023-12-14T08:10:32.818Z (about 1 year ago)
- Language: Shell
- Size: 355 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Monitoring
========================This project purpose is to monitor network connectivity and availability of network services during penetration tests.
The idea is to have a workspace for each pentest that will have his own container, configuration files and logged data.
Dependencies
* [Docker](http://www.docker.io)
* [collectd](https://collectd.org) (custom build from https://github.com/qkaiser/collectd)### Commands
#### Init dependencies
```shell
$ ./grmwl init
```#### Create a new workspace
```shell
$ ./grmwl build new_project
```#### Launching the container
This will start the container from project `new_project` with collectd autoconfigured to monitor the `eth0` interface.
It's possible to provide a list of interfaces to monitor by providing them separated by a comma.```shell
$ ./grmwl start new_project eth0[,eth1,wlan0]
```#### Stopping the container
```shell
$ ./grmwl stop new_project
```#### Deleting the workspace
```shell
$ ./grmwl delete new_project
```#### List workspaces
```shell
$ ./grmwl list
[+] new_project - running
[+] old_project - stopped
```### Architecture
Information is gathered by the following process and sent to a graphite server running in a docker container.
* collectd daemon
* arpmonitoring script
* dnsmonitoring scriptThe docker container run a graphite server which receive data on port tcp/2003 and provide a web interface on port tcp/8000.
These services are port mapped by docker so you are able to access the web interface by directing your browser to http://localhost:8000/ and http://localhost:8000/dashboardThe configuration files are stored, per workspace, into `~/.grmwl` directory. The `log` directory contains the web server logs while `whisper` contains the actual data so it is persistent.
### Monitoring autoconfiguration
The `grmwl build` command take a workspace name and a network interface name to generate a collectd configuration file automagically. We configure collectd to provide the following :
* DNS traffic monitoring with dns plugin
* ICMP echo requests to default gateway (response time, droprate, stddev) with ping plugin
* dropped, errors, octets and packets transmitted over the line with netlink plugin
* device status (speed, duplex, autonegotiation, link status) with ethsys plugin
* curl icanhaszip.com every 30 seconds with curl plugin
* DNS request to default gateway every 10 seconds with dnsmonitoring script
* ARP ping requests to the default gateway with arpmonitoring script### Accessing the interface
Docker will create a port forwarding on port 8000 to the graphite web server. You can direct your browser to [http://localhost:8000/](http://localhost:8000) to access the main interface and [http://localhost:8000/dashboard](http://localhost:8000/dashboard) to access and manage your dashboards.