Web Site : http://robert.cheramy.net/ipfm/
Type : Bandwidth METER
Operating System : LINUX,FREEBSD,UNIX
IPFM is used for analyze the bandwidth by IP address and with some script you can create MRTG or RRDTOOL graphics
Dependancy LIBCAP or LIBPCAP buffer RING(Must be install before the installation of IPFM)
You must download the archive of the installationFile : http://robert.cheramy.net/ipfm/download.htm
The last stable version is : IPFMv0.11.5.
cd /home/user
When you have download the file :
wget http://robert.cheramy.net/ipfm/archive/ipfm-0.11.5.tgz
You must extract all files in a directory.tar -zxvf ifpm-version.tgzw
cd ipfm-version
cd ipfm-version
For a good installation of IPFM follow this instructions
./configure --exec-prefix=/usr --prefix= --sysconfdir=/etc/ipfm --mandir=/usr/local/man
make install
make install
Explication of installation options:
Configuration:
--cache-file=FILE cache test results in FILEHost type:
--help print this message
--no-create do not create output files
--quiet, --silent do not print `checking...' messages
--version print the version of autoconf that created configure Directory and file names:
--prefix=PREFIX install architecture-independent files in PREFIX [/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix]
--bindir=DIR user executables in DIR [EPREFIX/bin]
--sbindir=DIR system admin executables in DIR [EPREFIX/sbin]
--libexecdir=DIR program executables in DIR [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data in DIR [PREFIX/share]
--sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com]
--localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var]
--libdir=DIR object code libraries in DIR [EPREFIX/lib]
--includedir=DIR C header files in DIR [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc in DIR [/usr/include]
--infodir=DIR info documentation in DIR [PREFIX/info]
--mandir=DIR man documentation in DIR [PREFIX/man]
--srcdir=DIR find the sources in DIR [configure dir or ..]
--program-prefix=PREFIX prepend PREFIX to installed program names
--program-suffix=SUFFIX append SUFFIX to installed program names
--program-transform-name=PROGRAM run sed PROGRAM on installed program names
--build=BUILD configure for building on BUILD [BUILD=HOST]Features and packages:
--host=HOST configure for HOST [guessed]
--target=TARGET configure for TARGET [TARGET=HOST]
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--x-includes=DIR X include files are in DIR
--x-libraries=DIR X library files are in DIR
Configuration OPTIONS:
GLOBAL VARIABLES For the definition of FILE only for one interfaceNETWORK DEVICE
Syntax : DEVICE < device-name >
You have a instance of ipfm for one device.
Time Coordinates
Syntax : [UTC|local]
NEW LOG
Syntax : NEWLOG
This creates a new log entry and you can define new local variables.
LOCAL VARIABLES
HOSTS TO LOG
ipfm logs only specified hosts or networks.
Syntax: LOG [[NONE|FROM|TO|BOTH] < host >] [[NOT] WITH < host >]
NONE do not log anything from or to this < host >
FROM do log packets from this < host >
TO do log packets to this < host >
BOTH (default) do log packets from and to this < host >
< host > :
x.x.x.x : an IP.
x.x.x.x/x.x.x.x : a NETWORK.
WITH specifies if the packet is ignored (NOT WITH) or logged (WITH).
Examples :
LOG 192.168.10.0/255.255.255.0 NOT WITH 192.168.10.1
log any packets from or to hosts in subnet 192.168.10.0/255.255.255.0, except packets involving host 192.168.10.1 .
LOG WITH 192.168.10.23
log any packets in relation with host 192.168.10.23
LOG
log everything.
OUTPUT TIME DELAY
Syntax: DUMP EVERY < time > [AFTER < time >]
< time > is composed of :
< number > second(s)
< number > minute(s)
< number > hour(s)
< number > day(s)
Default DUMP time is 24 hours
Default AFTER time is 0 seconds
Examples:
DUMP EVERY 30 minutes
dump the stats every 30 minutes at x:00 and x:30.
DUMP EVERY 1 hour AFTER 7 minutes
dump the stats every hour, at 0:07, 1:07, 2:07.
DUMP EVERY 1 day AFTER 14 hours
dump data every day, at 14:00:00 UTC (for France localtime (during the summer), at 16:00:00 +0200)
CLEARING STATS
You may want to clear your statistics sometimes, or after each dump.
Syntax : CLEAR [ ALWAYS | NEVER | EVERY [AFTER ] ]
< time > is composed of :
< number > second(s)
< number > minute(s)
< number > hour(s)
< number > day(s)
Default CLEAR mode is ALWAYS. Default AFTER time is 0 seconds. Note that both time values MUST be a multiple of the DUMP delay. Also, this line MUST come after the DUMP line.
Examples
CLEAR ALWAYS
clear the stats after every DUMP.
CLEAR NEVER
never clear the stats, which means you are doing incremental statistics.
CLEAR EVERY 30 minutes
clear the stats every 30 minutes at x:00 and x:30. Note that if your DUMP line had an AFTER value such as 3 minutes, this rule will clear the stats at x:03 and x:33.
CLEAR EVERY 1 hour AFTER 10 minutes
clear the stats every hour, at 0:10, 1:10, 2:10, and so on. Note that if your DUMP line had an AFTER value such as 3 minutes, this rule will clear the stats at 0:13, 1:13, 2:13 and so on.
LOG FILENAME
Every delay, ipfm writes its output into a file, which name is specified by the rule FILENAME
Syntax: FILENAME < filemask >
< filemask >
complet filename
Default FILENAME is /usr/local/var/log/ipfm/%d-%b.%H-%M
NOTE : The file will be overwritten without any check.
REVERSE DNS
You can activate or deactivate reverse DNS in the output file.
WARNING : activating reverse DNS can delay a lot the production of the log file, due to DNS timeouts.
Syntax : [RESOLVE|NORESOLVE]
Default is NORESOLVE
SORT OUTPUT FILE
ipfm can sort output file depending on IN, OUT or TOTAL.
Syntax : SORT IN|OUT|TOTAL
Default is to sort nothing. Please note that this option could delay a bit the production of the log file.
SET PROMISCUOUS MODE
Syntax [NO]PROMISC
Default is PROMISC
APPEND OR REPLACE LOG FILES
You can choose to append the output to an existing logfile or to replace the old file by a new one.
Syntax : APPEND|REPLACE
Default is REPLACE
Example :
#-----------------------------------------------------
#IPFM configuration FILE FOR ETH0
#-----------------------------------------------------
DEVICE eth1
#---------------- Range ------------------
NEWLOG
log BOTH 192.168.2.15/255.255.255.255
log BOTH 192.168.3.0/255.255.255.0
DUMP EVERY 5 minutes
FILENAME "/usr/local/IPFM/IPFM-R/log/eth1/ipfm-5m-range.log"
SORT TOTAL
#IPFM configuration FILE FOR ETH0
#-----------------------------------------------------
DEVICE eth1
#---------------- Range ------------------
NEWLOG
log BOTH 192.168.2.15/255.255.255.255
log BOTH 192.168.3.0/255.255.255.0
DUMP EVERY 5 minutes
FILENAME "/usr/local/IPFM/IPFM-R/log/eth1/ipfm-5m-range.log"
SORT TOTAL
#---------------- Range 2------------------
NEWLOG
log BOTH 192.168.4.15/255.255.255.255
log BOTH 192.168.5.0/255.255.255.0
DUMP EVERY 5 minutes
FILENAME "/usr/local/IPFM/IPFM-R/log/eth1/ipfm-5m-range2.log"
SORT TOTAL
Result in /usr/local/IPFM/IPFM-R/log/eth1/ipfm-5m-range.log :
# IPFMv0.11.5 2005/03/14 13:40:00 (local time) -- dump every 0d00:05:00 -- listening on eth1
# Host In (bytes) Out (bytes) Total (bytes)
192.168.2.15 30572777 97130029 127702806
192.168.3.200 943428 9286621 18720906
192.168.3.2 36237 872226 1234602
192.168.3.127 421592 121475 543067
192.168.3.253 13398 14479 27877
192.168.3.75240 0 240
192.168.3.54
192.168.3.55
# end of dump 2005/03/14 13:40:00
ipfm [-c config-file ][--config config-file ] [-h][--help] [-n][--nodaemon] [-p pid-file ][--pid pid-file ]
-c config-file, --config config-file "config-file specifies an alternate configuration file to use. By default, /usr/local/etc/ipfm.conf is used."
-n, --nodaemon "does not run as a daemon"
-h, --help "displays an help message on standard output and exit"
-p pid-file,--pid pid-file
SIGNAL IMPACT
SigHUP : This causes ipfm to dump (and clear) its data tables in the log file (see ipfm.conf(8) ), close pcap descriptor, reload configu ration file and restart.
SigTERM : This causes ipfm to dump (and clear) its data tables in the log file (see ipfm.conf(8) ) and exit.
SigKILL : This causes ipfm to exit.
SigINT (ctrl-c) : This causes ipfm to exit after having dumped and cleared its buffers.
SigUSR1 :This causes ipfm to dump its data tables in the log file without exiting or clearing them.
EXAMPLE :
/usr/sbin/ipfm -c /usr/local/ipfm/ipfm.conf -p /usr/local/ipfm/pid/ipfm.pid
#!/usr/bin/php
<?php
echo "file analyse $argv[1]";
if(!$fichier=fopen($argv[1],"r"))
echo "<p>open failed</p> $argv[1] $fichier \n";
else
{
echo $date=date("Y-m-d G:i:s")."\n";
$hostin=$hostout=0;
while(!feof($fichier))
{
$count++;
if(count!=1)
{
$texte=fgets($fichier);
if($texte[0]!="#"&& $texte!="")
{
list ($ip, $in, $out,$valeur) = split (" +", $texte);
$hostin+=$in;
$hostout+=$out;
}
}
}
fclose($fichier);
echo $hostin."\n";
echo $hostout."\n";
//conversion in bit format
$inb=$hostin*8;
$outb=$hostout*8;
echo $inb."\n";
echo $outb."\n";
echo ($inb/300)."in bits / s \n";
echo ($outb/300)."in bits / s \n";
}
?>
United States : 
Unknown Browser
