如何優化 munin fw_conntrack 腳本

我有一個在 ip_conntrack 中有大約 65k 連接的伺服器。如何優化計算各種類型連接的 munin 腳本（預設fw_conntrack腳本）：

cat /proc/net/ip_conntrack | awk '
BEGIN {
   STATE["ESTABLISHED"]=STATE["FIN_WAIT"]=STATE["TIME_WAIT"]=0;
   TOTAL=ASSURED=NOREPLY=STATE["SYN_SENT"]=STATE["UDP"]=0; 
}
/^tcp/ { STATE[$4]++; }
/^udp/ { STATE["UDP"]++; }
/ASSURED/ { ASSURED++; }
{
 TOTAL++;
}
END {
   print "established.value " STATE["ESTABLISHED"];
   print "fin_wait.value " STATE["FIN_WAIT"];
   print "time_wait.value " STATE["TIME_WAIT"];
   print "syn_sent.value " STATE["SYN_SENT"];
   print "udp.value " STATE["UDP"];
   print "assured.value " ASSURED;
   print "total.value " TOTAL;
}'

目前執行大約需要 30 秒。

替換cat /proc/net/ip_conntrack為conntrack -L。大量連接時效率更高。

例子：

root@utemp:~# time conntrack -L | wc -l
conntrack v0.9.14 (conntrack-tools): 16855 flow entries have been shown.
16855

real    0m0.099s
user    0m0.068s
sys     0m0.036s

root@utemp:~# time cat /proc/net/ip_conntrack | wc -l
16634

real    0m0.270s
user    0m0.008s
sys     0m0.264s

引用自：https://serverfault.com/questions/375567