Might as well version that, too

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

1 files changed, 65 insertions, 0 deletions

diff --git a/openbsd/loadmon.sh b/openbsd/loadmon.sh
new file mode 100755
index 0000000..a212c18
--- /dev/null
+++ b/openbsd/loadmon.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+MINLOAD=6
+NPKTS=1000
+IF=sis0
+ADDR=91.121.146.101
+
+TCPDUMP=/usr/sbin/tcpdump
+FSTAT=/usr/bin/fstat
+
+LOAD=$(uptime | sed -n 's/.*ages: \([^\.]*\)\..*/\1/p')
+
+if [ ${LOAD} -lt ${MINLOAD} -a "${1}" != '-f' ]; then
+	#echo "Load not high enough..." >&2
+	exit 0
+fi
+
+PIDFILE="/var/run/$(basename $0).pid"
+if [ -e "${PIDFILE}" ]; then
+	if kill -0 $(cat  "${PIDFILE}"); then
+		echo "${0} already running $(cat  "${PIDFILE}")" >&2
+		exit 0
+	fi
+fi
+echo $$ > ${PIDFILE}
+
+PROCESSES=$(ps axww -O pcpu,pmem,nice,time,uid,user,gid,group  | sed 1d | sort -k 2,3 -r)
+
+TIMESTAMP=$(date +%Y-%m-%d_%H:%M:%S)
+DUMPFILE=/tmp/dump-${TIMESTAMP}.pcap
+
+echo "Capturing to ${DUMPFILE}..." >&2
+tcpdump -i ${IF} -c ${NPKTS} -w ${DUMPFILE} ip and tcp >&2
+
+# 01:34:19.329994 white-dwarf.narf.ssji.net.23195 > cluster014.ovh.net.www: F 0:0(0) ack 4294967083 win 2048 <nop,nop,timestamp 3594572061 19> (DF)
+FLOWS="$(${TCPDUMP} -r ${DUMPFILE} src ${ADDR} | cut -f 2,4 -d' ' | sort | uniq -c | sort -n -r)"
+
+SRCPORTS="$(echo "${FLOWS}" | sed -n 's/^.*[0-9][0-9]*.*\.\([^ ]*\) .*/\1/p' | uniq)" # don't want to sort here
+
+echo "Identifying sources..." >&2
+FSTAT_OUT=""
+for PORT in $SRCPORTS; do
+	LOCALFSTAT_OUT="$(${FSTAT} | grep "internet.*:$PORT")"
+	PIDS="$(echo "${LOCALFSTAT_OUT}" | awk '{ print $3 }' | sort -nu)"
+	for PID in $PIDS; do
+		LOCALFSTAT_OUT="${LOCALFSTAT_OUT}
+
+### lsof for PID $PID
+$(${FSTAT} -p "${PID}")"
+	done
+
+	FSTAT_OUT="${FSTAT_OUT}
+
+## lsof for port ${PORT}
+${LOCALFSTAT_OUT}"
+done
+
+echo "# Processes"
+echo "${PROCESSES}"
+echo "# Packets"
+echo "${FLOWS}"
+echo "# Source ports"
+echo "${SRCPORTS}"
+echo "${FSTAT_OUT}"
+
+rm ${PIDFILE}