Home / server / Questions / 375567
Accepted
Poma
Asked: 2012-04-01 11:41:04 +0800 CST

How to optimize munin fw_conntrack script

  • 772

I have a server with about 65k connections in ip_conntrack. How can I optimize munin script that counts various types of connections (default fw_conntrack script):

cat /proc/net/ip_conntrack | awk '
BEGIN {
    STATE["ESTABLISHED"]=STATE["FIN_WAIT"]=STATE["TIME_WAIT"]=0;
    TOTAL=ASSURED=NOREPLY=STATE["SYN_SENT"]=STATE["UDP"]=0; 
}
/^tcp/ { STATE[$4]++; }
/^udp/ { STATE["UDP"]++; }
/ASSURED/ { ASSURED++; }
{
  TOTAL++;
}
END {
    print "established.value " STATE["ESTABLISHED"];
    print "fin_wait.value " STATE["FIN_WAIT"];
    print "time_wait.value " STATE["TIME_WAIT"];
    print "syn_sent.value " STATE["SYN_SENT"];
    print "udp.value " STATE["UDP"];
    print "assured.value " ASSURED;
    print "total.value " TOTAL;
}'

Currently it takes about 30 sec to execute.

linux ubuntu iptables munin

1 Answers

  1. Best Answer

    Replace cat /proc/net/ip_conntrack with conntrack -L. It's more efficient with large number of connections.

    Example:

    root@utemp:~# time conntrack -L | wc -l
conntrack v0.9.14 (conntrack-tools): 16855 flow entries have been shown.
16855

real    0m0.099s
user    0m0.068s
sys     0m0.036s

root@utemp:~# time cat /proc/net/ip_conntrack | wc -l
16634

real    0m0.270s
user    0m0.008s
sys     0m0.264s
    • 2