Re: Options for graphing pf rule matches

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Brian Keefer

Subject: Re: Options for graphing pf rule matches

Date: Monday, February 15, 2010 - 7:57 pm

On Feb 15, 2010, at 3:29 PM, Jason Dixon wrote:

quoted text> On Mon, Feb 15, 2010 at 03:00:59PM -0800, Brian Keefer wrote:
>> Hello,
>>
>> I'm wondering what other folks are using to graph pf data beyond what is
>> provided by pfstat.  The aggregate values are useful and I'd also like to
>> setup graphs of particular services, particular tables, etc.  Is there a
way
quoted text>> for pfstat to graph labeled traffic that I have overlooked?
>
> There are lots of different ways to graph network data on pf firewalls.
> I don't know that any (besides pfstat) are specifically designed for pf,
> but it's not hard to retrofit them.

Are there any tools that have built-in support to query pf label counters?  Is
there a MIB for pf? I'm guessing the answer to both is no, so I'd have to
write a custom script to call pfctl -sl and parse it, then dump that into RRD
or some such.  Is there a better approach?

quoted text>> I also looked briefly at NetFlow support, but as near as I can tell that's
>> only for established flows, or am I wrong?
>
> If by "established" you mean finished, then yes.  pfstat(4) exports
> expired states into NetFlow datagrams.  NetFlow is very handy for
> looking at specific traffic events (or representative traffic of a large
> event) but is not useful for trending or regression analysis.
>

I see.  That doesn't sound like what I'm trying to do.

--
bk

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Options for graphing pf rule matches, Brian Keefer, (Mon Feb 15, 4:00 pm)

Re: Options for graphing pf rule matches, Jason Dixon, (Mon Feb 15, 4:29 pm)

Re: Options for graphing pf rule matches, Brian Keefer, (Mon Feb 15, 7:57 pm)

Re: Options for graphing pf rule matches, Jason Dixon, (Mon Feb 15, 8:05 pm)

Navigation

Popular discussions


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set

Colocation donated by:

Syndicate