1

I wanted to monitor my server network send and receive rate using iftop. This is what works for me:

iftop -t -s 1 -n -N | grep 'Total send and receive rate: ' | awk '{print $8}'

Mac address and Ips are included in the result, something like this:

interface: eth0
IP address is: 192.254.78.90
MAC address is: 00:26:9e:b5:81:de
14.7Mb

I only need the last line. So I created a script:

iftop -t -s 1 -n -N >> result.txt
cat result.txt | grep 'Total send and receive rate: ' | awk '{print $8}'

When I use this in command line it works fine and give me only the last line which is "14.7Mb" while using it as a .sh script still includes the MAC address and Ip.

Any idea how can resolve? I think there should be a better solution using sed ?

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
Amin
  • 151
  • 1
  • 2
  • 9
  • With which user do you execute the commandline and the script? Can you add the version of iftop and the specification of your system? – Hastur Nov 17 '15 at 07:41
  • Be wary of result.txt growing too much and clogging your server resources (size, I/O, CPU). You do not need to do the cat, you can do: iftop ... | tee result.txt | grep ... . I am not also seeing there a tail for the last line. – Rui F Ribeiro Nov 17 '15 at 08:02

2 Answers2

2
  1. The interface name and MAC address are being printed to stderr, so they're not being piped into grep. You can get rid of stderr by redirecting it to /dev/null
iftop -t -s 1 -n -N 2>/dev/null
  1. You're using awk, so you don't need grep as well.
iftop -t -s 1 -n -N 2>/dev/null | awk '/send and receive/ {print $8}'
cas
  • 1
  • 7
  • 119
  • 185
  • Please take head iftop needs to run as root. I would run it with sudo and not as the root user. Or alternatively use ifconfig to calculate the instant speed, as it runs as normal user and is less taxing on resources. – Rui F Ribeiro Nov 17 '15 at 08:18
  • Actually your answer is correct, is just that I have the tendency of suggesting alternative solutions. +1 too – Rui F Ribeiro Nov 17 '15 at 08:50
  • 1
    I know it's correct. I test things before I post an answer. It answered the OP's question as he asked it. Your answer answered the questions he didn't but should have asked - 'is this a *good* method?' and 'is there a better way?' IMO these are often far more valuable answers. – cas Nov 17 '15 at 08:52
  • Is not that the problem we all techies have? We center too much on the specifics of how to do it and not how to solve the bigger problem at hand. As I say often here to my partner in crime, techies often lose too many arguments because they center the discussions on the technicalities and not the problem at hand. (sorry for the constant edits, english is not my mother tongue) – Rui F Ribeiro Nov 17 '15 at 09:07
  • This is exactly what I wanted. Any idea how can I remove the "Mb" from the result? iftop -t -s 1 -n -N 2>/dev/null | awk '/send and receive/ {print $8}' – Amin Nov 18 '15 at 08:23
  • `iftop -t -s 1 -n -N 2>/dev/null | awk '/send and receive/ {gsub(/[^0-9]?b$/,"",$8) ; print $8}'` – cas Nov 18 '15 at 10:03
2

iftop listens for the last 40s of traffic if just called once, or when called without options listens for the period that is up. The polling it does while running does not reflect the true usage of the server over time.

Sniffing traffic with iftop also places a burden on the system, which can be more or less significant depending on the volume of traffic, as network data has to be fed to and processed by the pcap API.

While a great tool for debugging network issues, and specifically be aware of particular flows of transit, it is not a so great tool for the long term usage.

For traffic or bandwidth, I suggest using SNMP in a more professional environment, or for simpler usage ifconfig.

I would detail so much more, however I have found a previous post that talks about monitoring traffic and speed in more detail than I was thinking.

How do I process ifconfig output to determine my link speed?

As a final detail, nothing against iftop IF you understand it

1) is just measuring the instant speed each time you are running the script (each 5 minutes?)

2) should not be used in systems with high load

Community
  • 1
Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
  • 1- When you use iftop, only the last column shows the average bw rate for the last 40 sec. – Amin Nov 18 '15 at 08:06
  • Yes, Amin, I agree and I know it. The point is that they do not show the real usage over time. – Rui F Ribeiro Nov 18 '15 at 08:08
  • 2- This was the only way I could use PRTG to monitor a centos 6.x server network speed rate without SNMP. Actually I use "ssh script" sensor. Do you know any better way to retrieve only the current network rate in SSH? – Amin Nov 18 '15 at 08:10
  • I use SNMP+Cacti+Nagios. PRTG also talks SNMP, and at the end of the day SNMP is not so difficult to setup. There is a better way in scripting, which is to store ifconfig data in each call, and calculate the time passed and do the math. – Rui F Ribeiro Nov 18 '15 at 08:41
  • Btw, SNMP can also give you memory, disks, usage of CPU,... – Rui F Ribeiro Nov 18 '15 at 08:48
  • Including disk and memory is tempting. Do you have any screenshot? also any tut? – Amin Nov 18 '15 at 09:11
  • Have a look http://www.cacti.net/screenshots.php – Rui F Ribeiro Nov 18 '15 at 09:29
  • and at this, which imo is better than cacti http://www.observium.org . For SNMP, this http://help.logicmonitor.com/monitoring-with-logicmonitor/linux-hosts/configuring-snmp-and-ntp-on-a-linux-host/setting-up-snmp-on-debianubuntu/ – Rui F Ribeiro Nov 18 '15 at 09:30
  • For Nagios monitoring stuff better use NRPE as it has pretty much everything builtin including remote script execution. The penalty of running iftop once in a few minutes is negligible at best. Installing an SNMP agent is redundant in my opinion. – JustAGuy Aug 06 '17 at 10:37
  • @gilfalko SNMP is an huge boon in wide scale enterprise setups. Whilst there might be others ways of getting traffic stats without snmp over long stretchs of time, iftop should not be one of them; the point of the answer is that iftop *samples* momentarily the traffic and does not get the full picture over time. – Rui F Ribeiro Aug 06 '17 at 10:43